Google Chrome users need to remain vigilant, as the Indian Computer Emergency Response Team (CERT-In) has recently issued a critical warning. The government agency, in its CERT-In Vulnerability Note CIVN-2023-0295, pointed out significant vulnerabilities that could jeopardize the performance and security of devices running Google Chrome.
According to the security alert from CERT-In, these vulnerabilities encompass various issues, including a ‘Use after free’ weakness within Site Isolation, Cast, and Blink History. Additionally, problems with fullscreen mode, navigation, downloads, extensions, and API functionality have been identified. The report also emphasizes the presence of a buffer overflow vulnerability in PDF files.
The key concern is that these vulnerabilities could be exploited by remote attackers through carefully crafted requests sent to the targeted system. The consequences of such exploitation can be severe, ranging from executing unauthorized code and leaking sensitive data to initiating denial-of-service attacks and causing significant disruptions.
Notably, Chrome versions prior to 118.0.5993.70/71 for Windows and versions before 118.0.5993.70 for Mac and Linux have been found vulnerable to these threats.
To safeguard your devices, it is crucial to take the following steps:
- Immediate Updates: CERT-In strongly recommends updating systems using the Chrome browser without delay. Google has already released updates to address these vulnerabilities. To update your Google Chrome, follow these steps:
- Open Chrome
- Click on “More” (three vertical dots in the upper-right corner)
- Select “Help”
- Click on “About Google Chrome”
- Chrome will check for updates; if available, the browser will start updating
- After the update is downloaded, click on “Relaunch” to apply the changes
- Mobile users can update their Chrome browsers by visiting the Google PlayStore.
This timely action is essential to protect your devices and data from potential security threats.
It is worth mentioning that CERT-In previously issued a similar warning last month, highlighting multiple vulnerabilities in Google Chrome that could allow attackers to execute arbitrary code, bypass security restrictions, or trigger denial-of-service conditions on the targeted system.
“These vulnerabilities exist in Google Chrome due to a heap buffer overflow in vp8 encoding in libvpx and a use-after-free error in Passwords and Extensions. A remote attacker could exploit these vulnerabilities by executing a specially crafted HTML page,” stated CERT-In in a release.
In a world where online security is paramount, staying informed and promptly updating your software can make a significant difference in protecting your digital life. Stay secure, stay updated!