Google has released the Chrome 88.0.4324.150 version for Windows, Mac and Linux, which contains a fix for a security vulnerability that is being actively exploited in the wild.
Tracked as CVE-2021-21148, the flaw is described as a heap-based overflow issue in V8 JavaScript engine in Google Chrome. A remote hacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Google did not disclose the details about the nature of the attacks where this vulnerability was used, who might have been behind them, or what victims were targeted.
Windows, Mac, and Linux desktop users can upgrade to Chrome 88 by going to Settings -> Help -> About Google Chrome.
In October and in November last year, Google had patched a bunch of zero days affecting its Chrome browser, including CVE-2020-15999 (a memory corruption bug in the FreeType font rendering library, CVE-2020-16009 (a heap buffer overflow in Freetype), CVE-2020-16010 (a flaw in user interface component in Chrome for Android), CVE-2020-16013 (a bug in V8), and CVE-2020-16017 (a use-after-free issue in within the site isolation component in Google Chrome).