Google Chrome users should immediately update to version 88, as the update fixes a vulnerability that is being actively exploited.

Google has a policy of not disclosing too much detail about security issues until the majority of users have updated:

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Nonetheless, the update includes a fix for a heap buffer overflows in the V8 JavaScript engine. The most worrisome detail is that the vulnerability is already being exploited:

Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Even if automatic updates are enabled, users should manually update as soon as possible to make sure there’s not unnecessary gaps in their security.