With Google Chrome's auto-update feature, we usually don't have to worry about the latest version, but it's good to occasionally go to the menu in the upper right corner of the browser window and then in help, select "About Google Chrome " to check for the update and this is one of those days.
The version of Chrome 88 released now for Windows, Mac and Linux (88.0.4324.150) apparently only brings a fix for one problem, but this problem is no small one. According to a Google blog post, security researcher Mattias Buelens reported a vulnerability in Chrome's WebAssembly and JavaScript V8 engine that could allow an attacker to execute code on a victim's computer.
Google did not elaborate on the issue, tagged CVE-2021-21148, but said it is aware of reports that the bug has been actively exploited, so please update your browser now!
Google Chrome - Update your browser now
In a note, Google said that "Access to bug details and links may be kept restricted until most users are updated with a fix. We will also keep restrictions if the bug exists in a third-party library that other projects depend, but have not yet been fixed."
As a result, we don't know what exploit this ties to, ZDNet folks noted that the timing puts it close to revelations about a campaign by North Korean hackers that targeted security researchers, who may have relied on exploits from " day zero" in Chrome and also Internet Explorer.
Regardless of where or how the bug is being exploited, you will still want to update your browser (and keep an eye out for fixes for other potentially affected software, such as Chromium-based browsers).
A major fix released in 2019 required a reboot for the fix to work and there was a period some time ago when Google identified and fixed five more "zero-day" bugs that were being actively exploited.
