The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning regarding multiple vulnerabilities in Google Chrome, putting users at risk of data theft and system security compromise. These high-risk vulnerabilities need immediate attention, and users are strongly advised to update their Chrome browsers as a safeguard against potential attacks.
The CERT-In Alert: What You Need to Know
In a recent security advisory, CERT-In raised a red flag for Google Chrome users, marking the warning as CERT-In Vulnerability Note CIVN-2023-0295, issued on October 11, 2023. This warning underscores a series of high-severity vulnerabilities that can be exploited by malicious actors, posing threats to the security and performance of devices using Google Chrome.
Understanding the Vulnerabilities
The security note outlines specific “High” severity vulnerabilities detected in Google Chrome. These vulnerabilities encompass “Use after free” issues in Site Isolation, Blink History, and Cast, along with improper implementations in various Chrome features, including Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input. Additionally, a heap buffer overflow vulnerability has been discovered in the handling of PDF files.
Potential Consequences
CERT-In has issued a stern warning that these vulnerabilities could be exploited by remote attackers using carefully crafted requests to the target system. This exploitation could lead to severe consequences, including bypassing security restrictions, executing unauthorized code, exposing sensitive data, and causing denial-of-service (DoS) disruptions on the target system. In simple terms, this warning underscores the real threat of attackers exploiting these vulnerabilities to gain control over users’ devices, which is a cause for significant concern.
Affected Devices and How to Protect Them
Here is a list of Google Chrome versions affected by the ‘High’ vulnerabilities:
- Google Chrome versions prior to 118.0.5993.70/.71 for Windows
- Google Chrome versions prior to 118.0.5993.70 for Mac and Linux
To protect your device, CERT-In urges users to update their systems immediately. Google has already responded to the notice and released updates to rectify the vulnerabilities. To update Chrome:
- Open Chrome
- Click on “More” (three dots)
- Select “Help”
- Choose “About Google Chrome”
- If an update is available, Chrome will automatically initiate the download process. After downloading, click “Relaunch” to apply the update.
If you’re using Google Chrome on your Android device, visit the Play Store and update the Chrome app to ensure you’re running the latest secure version.
Additional Protection Measures
In the fight against malware and bot threats, the Indian government, through CERT-In, is providing free tools to remove malware from devices. These tools include:
- eScan CERT-IN Bot Removal: Available on the Google Play Store
- M-Kavach 2: Developed by C-DAC Hyderabad
- Free Bot Removal Tool: Available at csk.gov.in
Users can access these free malware detection tools via the Cyber Swachhta Kendra portal. This website offers information and tools to help users secure their systems and devices. Taking these precautions is vital in safeguarding your digital life and preventing vulnerabilities from being exploited.