The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for Google Chrome users. This government agency operates under the Ministry of Electronics and Information Technology.Â
In a recent advisory, CERT-In highlighted critical vulnerabilities within Google Chrome, prompting an urgent call for users to promptly update their web browsers. CERT-In’s warning notes that “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to bypass security restrictions, execute arbitrary code, disclose sensitive information, and cause denial of Service (DoS) conditions on the targeted system.” These vulnerabilities present a significant risk to user data and the security of systems.
The vulnerabilities identified by CERT-In affect users who are using Google Chrome versions prior to 116.0.5845.96/.97 for Windows and Google Chrome versions prior to 116.0.5845.96 for Mac and Linux. Users using these versions are particularly vulnerable to potential exploitation of these security flaws.
The government body explains that these vulnerabilities exist due to issues like “use after free” in areas such as offline mode, device interactions, network communications, audio functions, DNS, and extensions. There are also problems with implementation in features like fullscreen mode, app launchers, color management, autofill, web sharing, and permission prompts. Additionally, there are concerns with type confusion and out-of-bounds memory access in the V8 engine, along with heap buffer overflow in components like ANGLE, Skia, and Mojom IDL. Inadequate validation of untrusted inputs in XML and insufficient policy enforcement in the Extensions API are also part of the problem.
The advisory provides a list of vulnerabilities identified:
CVE-2023-2312
CVE-2023-4349
CVE-2023-4350
CVE-2023-4351
CVE-2023-4352
CVE-2023-4353
CVE-2023-4354
CVE-2023-4355
CVE-2023-4356
CVE-2023-4357
CVE-2023-4358
CVE-2023-4359
CVE-2023-4360
CVE-2023-4361
CVE-2023-4362
CVE-2023-4363
CVE-2023-4364
CVE-2023-4365
CVE-2023-4366
CVE-2023-4367
CVE-2023-4368
CERT-In recommends users to update their Google Chrome browsers immediately in response to these concerning security issues. Fortunately, Google has already released the latest Chrome update to address these vulnerabilities. To ensure system safety, users are advised to follow these steps:
Access Settings: Open Google Chrome and click on the three vertical dots in the upper right-hand corner to access the menu.
Select “About Chrome”: Scroll down the menu and click on “About Chrome.”
Check for Updates: Chrome will automatically check for updates. If a new update is available, it will start downloading.
Install the Update: Once the update is downloaded, follow the on-screen prompts to complete the installation process.
The Mint News App to get Daily Market Updates & Live Business News.
Updated: 22 Aug 2023, 01:10 PM IST