Google Patches Chrome, Removes Suspect Extension

With the shift to web-based computing, it is perhaps not surprising that hackers are increasingly exploiting web browsers. And there is no browser more popular than Chrome, the latest version of which has already suffered from a zero-day attack.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” Google’s Srinivas Sista writes in a new post to the Chrome Releases blog. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

Well, this one did: The exploit specifically targets Chrome 88, the latest stable version of the browser, forcing Google to reissue it. Those who already upgraded to Chrome 88 will be prompted to install an update, version 88.0.4324.150 for Windows, Mac, and Linux.

Google won’t disclose details of the vulnerability until “a majority of users are updated with a fix,” a courtesy it doesn’t provide to other platform makers, like Microsoft. But the vulnerability is described as a heap buffer overflow in Chrome’s V8 JavaScript engine.

Separately, Google has removed the Chrome extension The Great Suspender from its Chrome Web Store and is remotely uninstalling it from users’ computers because it’s been found to contain malware. This extension works like the new sleeping tabs feature in Edge 88; it suspended idle Chrome tabs so that the browser would suck up fewer resources. (The Great Suspender was also removed from the Edge Add-Ons site, as well, though it is of course now superfluous.)

Obviously, Chrome users should upgrade as soon as possible to the latest version. But if you’re concerned at all about Chrome, and you should be, since it tracks all your activities and sells that information to advertisers, this is a great time to upgrade to Microsoft Edge. Just saying.

Tagged with

Share post

Conversation 12 comments

  • yehuda

    05 February, 2021 - 9:30 am

    <p>As always @paul, love the snark paragraph to close it out and bring it home! 🙂 </p>

  • wright_is

    Premium Member
    05 February, 2021 - 9:37 am

    <p>Edge got a re-released update as well. Given the bug was in the V8 engine, it will affect Edge, Opera, Brave, Vivaldi and all other Chromium based browsers.</p><p>I'll be checking Brave on my home PC, when I get back from work.</p><p>This is a great time to upgrade to Firefox, which doesn't use the same JavaScript and rendering engines. ;-)</p>

    • Paul Thurrott

      Premium Member
      05 February, 2021 - 10:27 am

      This is probably the worst time ever to move to Firefox, which is a downgrade. 🙂

      • compunut

        Premium Member
        05 February, 2021 - 10:38 am

        <blockquote><em><a href="#611846">In reply to paul-thurrott:</a></em></blockquote><p><br></p><p>This is very subjective. I am replying to this in Firefox and have no plans to switch away (although Edge would currently be my backup option). Firefox may not do some things that other browsers do like PWAs, but it does other things not available on other browsers that I really care about.</p><p><br></p><p>One — it has extensions that handle vertical tabs. I know Edge is supposed to have this 'any day now', but it isn't there yet in stable.</p><p><br></p><p>Two — a 1st party plugin called Multi-Account Containers (and a companion 1st party extension for Facebook specifically) that allows me to choose a different profile for every tab. I have a tab open to my work Microsoft Outlook and another tab open to my personal Microsoft Outlook. This may be available for Edge, but wasn't the last time I looked.</p><p><br></p><p>It also does a great job of block trackers out of the box, although I have extensions installed that go even farther (uBlock Origin).</p><p><br></p><p>I understand that PWAs are important to some people, but I'm not aware of any other features that are missing from Firefox other than that.</p><p><br></p><p>Just my two cents…</p>

        • Paul Thurrott

          Premium Member
          06 February, 2021 - 9:22 am

          Feature? It’s not Chromium compatible and Mozilla/Firefox is dying as we speak.

          • wright_is

            Premium Member
            07 February, 2021 - 4:38 am

            <blockquote><em><a href="#612002">In reply to paul-thurrott:</a></em></blockquote><p>But this situation shows exactly why a monoculture is a bad idea. All browsers, except Firefox and Safari are affected by this bug. </p><p>Doing away with the different rendering engines and JS interpreters means that the whole Web is more vulnerable to attack. </p><p>One good zero day and you have the whole world at your mercy. If there is some variety, some will be unaffected and you have an alternative until your preferred browser is patched. </p>

          • compunut

            Premium Member
            08 February, 2021 - 10:11 am

            <blockquote><em><a href="#612002">In reply to paul-thurrott:</a></em></blockquote><p><br></p><p>I thought competition was good? Isn't the lack of a good competitor what allowed IE to make a mess of everything for years not so long ago?</p>

  • dftf

    05 February, 2021 - 11:45 am

    <p>It also makes me wonder how-secure some of the other rivals are…</p><p><br></p><p>After an update for Google Chrome on Android, it can often be a week-or-more before Brave or Vivaldi update to the same version of Chromium, which means you could be vulnerable on them whereas you wouldn't be on Google Chrome…</p>

  • mikegalos

    05 February, 2021 - 12:49 pm

    <p>Of course bad extensions, like bad apps (as opposed to applications) are what curated private stores are supposed to prevent.</p>

  • navarac

    06 February, 2021 - 7:49 am

    <p>Upgrading to Edge is not necessarily great. I use just one Windows machine, the rest are Linux or Chromebooks. Makes sense to use Chrome across the board, which I have been doing since 2008 without issue. I feel that Microsoft are also on the advert bandwagon anyway. As for Firefox, I reckon it is about dead in the water. Better to look at Brave or Vivaldi.</p>

    • Paul Thurrott

      Premium Member
      06 February, 2021 - 9:16 am

      The advertising and tracking overlords at Google commend you for your support.

      • navarac

        06 February, 2021 - 4:48 pm

        <blockquote><em><a href="#611994">In reply to paul-thurrott:</a></em></blockquote><p>LOL Paul – I appreciate your humour.</p>


Stay up to date with the latest tech news from!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 BWW Media Group