CERT-In (Indian Computer Emergency Response Team), the Indian government's cybersecurity agency has reportedly issued a high-risk warning for Google Chrome users. CERT-In has highlighted multiple vulnerabilities present in Google Chrome versions which were launched, before 122.0.6261.11/2 for both Windows and Mac operating systems. The news surfaced in the latest advisory note - CIVN-2024-0085, as these vulnerabilities are marked as HIGH severity rating, which indicates the significant risk they pose to the users on the security front.
Vulnerability Note CIVN-2024-0085: Details
CERT-In's Vulnerability Note CIVN-2024-0085 states several vulnerabilities which were discovered within the Google Chrome browser, which can grant hackers access to confidential and sensitive data which could give complete control of your system.
Detailing on the technical side
As per the security note released by the Indian government, it was further revealed that these were flagged as vulnerabilities which could reside in specific components of Google Chrome, like:
FedCM- A component which is open to a "Use-after-free" error. This error enables the hackers to manipulate the memory of the browser post using it, and it will potentially lead to code execution.
V8 - It is the JavaScript engine of Google Chrome, which contains vulnerabilities in "Out-of-bounds memory access" and "inappropriate implementation." This error will enable the hackers to inject malicious code or crash the browser entirely.
As per the CERT-In, hackers can exploit these vulnerabilities by sending a specially crafted webpage to the user’s system. Once the user uses the malicious webpage, the vulnerabilities within Chrome could be leveraged by the cyber attackers for carrying out various forms of attacks, like rendering the system inaccessible through a DoS attack, executing arbitrary code,
In simple terms:
- If any device has been exploited by the hackers, these vulnerabilities could enable them to:
- Steal Sensitive Data like personal details, financial information, and credentials- which are stored on the Chrome browser.
- Install malware which could damage your system, steal data, or use your computer for any criminal act.
- Hackers could take control of your system, which could be equivalent to a worst-dream. They can steal all your backups, and data and nearly corrupt everything.
Google released an update for security
Although the risk is high, the best part is that Google has released its security updates for the Chrome browser to address these threatening vulnerabilities. Also, CERT-In has asked users to update their Google Chrome.
To update the Google Chrome browser, follow the steps below:
- Open Chrome browser
- Click on the three vertical dots which are on the top right corner
- Go to Settings
- Click on ‘About Chrome’.
- If there is any update available, then download and install (if it does not start automatically).
- Once done, you need to restart your Chrome browser to update changes
ALSO READ: Mark Zuckerberg calls Apple Vision Pro ‘Worse in most ways’: Know-why?