INDIA: Google Chrome users are being cautioned to stay vigilant as the Indian Computer Emergency Response Team (CERT-In) has issued a security advisory highlighting vulnerabilities that could potentially compromise the security of devices running the popular web browser.
The CERT-In Vulnerability Note CIVN-2023-0295 report draws attention to several significant vulnerabilities, including a ‘Use after free’ weakness within Site Isolation, Cast, and Blink History. Furthermore, the report identifies malfunctions related to fullscreen, navigation, downloads, extensions, APIs, and other aspects of the Chrome browser.
Of particular concern is the report’s mention of a potential buffer overflow issue in PDF files, a common document format widely used on the internet.
The gravity of these vulnerabilities lies in their potential misuse by remote attackers through carefully crafted requests aimed at the targeted system. The consequences of such exploitation are serious and could include the execution of unauthorized code, leakage of sensitive data, denial-of-service attacks, and other disruptive activities.
Notably, the vulnerabilities impact Chrome versions released before 118.0.5993.70/71 for Windows and versions prior to 118.0.5993.70 for Mac and Linux. Users running older versions of the browser are at risk and must take immediate action to safeguard their devices.
To mitigate these risks and ensure the security of your devices, CERT-In recommends the following steps:
- Update Google Chrome: Google has acted promptly to address these vulnerabilities by releasing updates. To update your Chrome browser, follow these steps:
- Open Google Chrome.
- Click on the three-dot menu icon (More) located in the top-right corner of the browser.
- From the drop-down menu, select “Help.”
- Click on “About Google Chrome.”
- The browser will automatically check for available updates, and if any are found, it will initiate the download process.
- After the update is downloaded, click on “Relaunch” to apply the update and enhance your browser’s security.
For users on mobile devices, the update can be obtained through the Google Play Store.
This is not the first time CERT-In has issued such a warning. In a previous advisory last month, the agency revealed that multiple vulnerabilities were reported in Google Chrome, potentially enabling attackers to execute arbitrary code, bypass security restrictions, or disrupt the targeted system.
These vulnerabilities are attributed to issues such as heap buffer overflow in vp8 encoding in libvpx and use-after-free errors in Passwords and Extensions. According to CERT-In, remote attackers could exploit these vulnerabilities by executing specially crafted HTML pages.
To stay safe while using the internet, it is crucial to keep your browser and other software up to date. Additionally, being vigilant about security advisories from trusted sources like CERT-In is essential to safeguarding your digital presence. Cybersecurity is an ongoing process, and staying informed and proactive is key to maintaining online safety.
Also Read: Microsoft Defender Resolves Flagging Issue, Allowing Smooth Tor Browser Experience
