Google rolled out Chrome version 86.0.4240.198 on Wednesday in response to two zero-day vulnerabilities discovered in the wild — the fourth and fifth security flaws discovered in the browser in the last three weeks alone.
Although Google has not made details about the attacks involving the zero-days public, the company was reportedly alerted to the vulnerabilities by anonymous sources on Monday and Wednesday. The first three zero-days, which were found on October 20 and November 2, were discovered internally by Google security researchers.
In the changelog for Chrome 86.0.4240.198, the security fixes are listed as an “inappropriate implementation in V8,” and a “use after free in site isolation” memory corruption bug.
Generally, zero-days are only exploited in a small number of selected targets, meaning there’s no immediate cause for panic if your browser hasn’t been updated in a while. Still, its recommended that users protect themselves by downloading Chrome 86.0.4240.198 when they can by “help” and then “about Google Chrome” on the browser’s main menu.