CERT-In Flags Critical Vulnerabilities in Google Chrome; Immediate Update Recommended!
Summary:
India’s national cyber agency, the Computer Emergency Response Team (CERT-In), has issued a high-severity warning regarding multiple vulnerabilities discovered in the popular web browser, Google Chrome. These vulnerabilities could potentially allow remote attackers to execute arbitrary code, bypass security measures, and cause denial-of-service (DoS) conditions on targeted systems. Users are urged to update their browsers immediately to mitigate these risks.
Details:
- CERT-In’s Warning:
- CERT-In has highlighted “multiple vulnerabilities” in Google Chrome that could allow a remote attacker to execute arbitrary code and cause a denial of service condition on the targeted system.
- The vulnerabilities could potentially allow hackers to execute arbitrary code, gain unauthorized access to sensitive information, or cause DoS attacks.
- A remote attacker could exploit these vulnerabilities by sending a specially crafted request to the targeted system.
- The vulnerabilities have been identified in “Google Chrome versions prior to 118.0.5993.70/.71 for Windows” and “Google Chrome versions prior to 118.0.5993.70 for Mac and Linux.”
- Technical Details:
- The vulnerabilities encompass “Use after free” flaws in Site Isolation, Blink History, and Cast.
- Improper implementations have been found in various Chrome features such as Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input.
- A heap buffer overflow vulnerability has been identified in the handling of PDF files.
- These vulnerabilities can be exploited by remote attackers to bypass security restrictions, execute unauthorized code, reveal sensitive data, and cause DoS disruptions.
- Recommendations:
- CERT-In has advised users to “apply appropriate updates as mentioned by the vendor.”
- Users are urged to update their Google Chrome browser immediately.
- Google has already responded to the notice and released updates to fix the vulnerabilities.
- To update Chrome: Open Chrome > click More (three dots) > Click Help > About Google Chrome. If there is an update available, Chrome will start downloading it automatically. Once the update is downloaded, click relaunch to apply the update.
- For Android devices, users can update the Chrome app via the Playstore.
- Additional Support:
- To help users protect their devices from malware and bots, the Indian government, through CERT-In, is offering free tools to remove malware from devices. These tools include eScan CERT-IN Bot Removal (available on the Google Play Store), M-Kavach 2 (developed by C-DAC Hyderabad), and the Free Bot Removal Tool (available at csk.gov.in).
- Users can access these free malware detection tools through the Cyber Swachhta Kendra portal, which provides information and tools to secure systems/devices.
Sources: