The Indian Government’s cybersecurity unit, CERT-In (Indian Computer Emergency Response Team), has recently issued a critical alert to Google Chrome users. In a detailed advisory note – CIVN-2024-0085, CERT-In outlines numerous security flaws detected in versions of Google Chrome prior to 122.0.6261.11/2 for Windows and Mac platforms. These flaws are classified with a HIGH severity rating, underscoring their potential to significantly compromise user security.
In the Vulnerability Note CIVN-2024-0085, CERT-In reveals several exploitable weaknesses in the Google Chrome browser that could allow unauthorized access to private and sensitive information, and potentially give attackers full control over affected systems.
Technical vulnerabilities identified include:
– FedCM: This component is susceptible to a “Use-after-free” vulnerability, where attackers could manipulate browser memory after its release, potentially leading to arbitrary code execution.
– V8: Google Chrome’s JavaScript engine has issues with “Out-of-bounds memory access” and “inappropriate implementation,” allowing attackers to insert malicious code or cause the browser to crash.
CERT-In warns that these vulnerabilities can be exploited through specially crafted webpages. If interacted with, these pages could allow attackers to execute various attacks, such as DoS (Denial of Service), arbitrary code execution, or even gain full control over the victim’s system.
– Theft of sensitive data stored in Chrome, such as personal, financial, and login information.
– Installation of malware, potentially resulting in data theft, system damage, or unauthorized use of the computer for criminal activities.
– Full system control by attackers, leading to data loss, backup corruption, and extensive system damage.
Fortunately, Google has responded to these threats by releasing security updates for Chrome. CERT-In advises all users to promptly update their browsers. To update Google Chrome:
- Open the Chrome browser.
- Click on the 3 vertical dots at the top right corner.
- Navigate to Settings.
- Select ‘About Chrome’.
- Download and install any available updates (the update may start automatically).
- Restart Chrome to apply the updates.