Google Chrome under attack via zero-day flaw — what to do now

Google Chrome
(Image credit: Big Tuna Online/Shutterstock)

Update your desktop Chrome browser, because doing so patches a zero-day flaw that's being actively exploited in the wild by undisclosed hackers. 

Google's official Chrome blog says only that the vulnerability, given the catalog number CVE-2021-21166, is an "object lifecycle issue in audio" with "high" severity and that Google "is aware of reports" that the flaw is being exploited. 

Google's general policy is to not release too many details about vulnerabilities before patches can be widely deployed. This one is considered a zero-day flaw because it was exploited before Chrome was aware the flaw existed.

To update Chrome on Windows and Mac, you often need to just close and then relaunch the browser. But to be sure, click the Settings icon (it looks like three vertical dots) in the top right of the browser window. 

In the resulting pop-out menu, slide your cursor down to Help, then slide over and click "About Google Chrome" in the fly-out menu that appears.

Chrome will open a new tab notifying you whether your browser build is up to date. If it isn't, Chrome will download the update automatically, then prompt you to relaunch the browser. You want to end up on version 89.0.4389.72.

Linux distributions generally update the Chrome browser through routine updates covering all installed software.

The discovery of this vulnerability is credited to Alison Huffman of the Microsoft browser vulnerability research team. Huffman is credited with finding two other flaws patched in this week's Chrome update, which patches a total of 47 flaws.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
and image of the Google Chrome logo on a laptop
Billions of Chrome users at risk from new browser-hijacking Syncjacking attack — how to stay safe
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
and image of the Google Chrome logo on a laptop
Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know
Latest in Browsers
Google Chrome on Android
How to stop your personal data from appearing in Google searches
Opera Air
I just tested the world’s first mindful browser — it’s calmly convinced me to ditch Google Chrome
A photo of the Google Chrome logo on a white background, displayed on the screen of a large MacBook Pro which is situated on a table with green foliage behind.
Google Chrome just got three new modes — and it's a game changer for performance
Google Calendar app on iPhone
Google Calendar just got the dark mode we’ve been waiting for — here’s how to activate it
Image of an Apple MacBook with a Google Chrome logo on the display
This new Google Chrome upgrade made me say 'whoa' out loud — and it's a game changer
Two Opera Browser Days attendees standing in front of a screen displaying the Opera logo
How Opera is challenging Google by putting privacy first
Latest in News
iPhone 17 Pro render
iPhone 17 Pro Max leak claims it’s ready for production — and seems to confirm its new design
Cristin Milioti in "Black Mirror" season 7 coming to Netflix
‘Black Mirror’ season 7 trailer teases some of the darkest episodes yet — here’s when you can stream it
Google Gemini vs GPT 4o
ChatGPT just got a massive update that lets you replace Gemini on your Android phone
Ray-Ban Meta Smart Glasses
I love my Ray-Ban Meta smart glasses — but Zuckerberg's plan to create Oakley's my Dad would wear is kind of cringe
Nvidia GeForce RTX 5070 Ti
I'm worried about the latest Nvidia RTX 5060 price leak — but one thing could change my mind
iPhone 16e review.
iPhone 16e is facing Bluetooth problems — here's what's going on