India’s cybersecurity agency, CERT-In, has issued a high-risk warning for users of the Google Chrome browser, urging them to promptly update their systems due to multiple vulnerabilities. The advisory emphasizes the critical need for users to safeguard their sensitive data and protect against potential cyberattacks.
In a recent advisory note (CIVN-2024-0085), CERT-In highlighted the presence of several vulnerabilities in Google Chrome versions preceding 122.0.6261.11/2 for both Windows and Mac operating systems. These vulnerabilities are categorized as HIGH severity, signifying the substantial threat they pose to users’ security.
The identified vulnerabilities, as outlined in CERT-In’s Vulnerability Note CIVN-2024-0085, are situated in specific components of Google Chrome:
1. FedCM: Vulnerable to a “Use-after-free” error, allowing attackers to manipulate browser memory after its use, potentially leading to code execution.
2. V8: Google Chrome’s JavaScript engine, V8, exhibits vulnerabilities related to “Out of bounds memory access” and “inappropriate implementation,” potentially enabling attackers to inject malicious code or crash the browser.
Exploiting these vulnerabilities, malicious actors could send specially crafted webpages to users’ systems. When accessed, these pages could leverage Chrome’s vulnerabilities to execute arbitrary code or render the system inaccessible through a Denial of Service (DoS) attack.
The potential consequences of these vulnerabilities include:
1. Stealing Sensitive Data: Hackers could access and pilfer login credentials, financial information, and personal details stored or accessed through the browser.
2. Installing Malware: Upon gaining access, attackers may install malicious software capable of damaging the system, surreptitiously stealing data, or employing the computer for criminal activities.
3. Taking Control of the System: In the worst-case scenario, attackers might gain complete control of the user’s computer, rendering it unusable or exploiting it for further attacks on other systems.
Fortunately, Google has promptly responded to these security concerns by releasing updates to address the identified vulnerabilities. CERT-In strongly advises users to update their Google Chrome to the latest version provided by Google. Users can initiate the update process by opening the Chrome browser, clicking on the three vertical dots in the top right corner, navigating to “Settings,” selecting “About Chrome,” and allowing any available updates to download and install automatically. A browser restart is then recommended to apply the changes.
While updating Chrome is essential, users are encouraged to exercise caution online. Vigilance against clicking on suspicious links or downloading attachments from unknown sources is crucial, given the common use of phishing emails by attackers. Additionally, considering a robust security solution such as antivirus and anti-malware software can provide an extra layer of protection by identifying and blocking malicious websites and downloads.
