CERT-In Flags Critical Vulnerabilities in Google Chrome

CERT-In Flags Critical Vulnerabilities in Google Chrome; Immediate Update Recommended!

CERT-In Flags Critical Vulnerabilities in Google Chrome

Summary:
India’s national cyber agency, the Computer Emergency Response Team (CERT-In), has issued a high-severity warning regarding multiple vulnerabilities discovered in the popular web browser, Google Chrome. These vulnerabilities could potentially allow remote attackers to execute arbitrary code, bypass security measures, and cause denial-of-service (DoS) conditions on targeted systems. Users are urged to update their browsers immediately to mitigate these risks.

Details:

  1. CERT-In’s Warning:
  • CERT-In has highlighted “multiple vulnerabilities” in Google Chrome that could allow a remote attacker to execute arbitrary code and cause a denial of service condition on the targeted system.
  • The vulnerabilities could potentially allow hackers to execute arbitrary code, gain unauthorized access to sensitive information, or cause DoS attacks.
  • A remote attacker could exploit these vulnerabilities by sending a specially crafted request to the targeted system.
  • The vulnerabilities have been identified in “Google Chrome versions prior to 118.0.5993.70/.71 for Windows” and “Google Chrome versions prior to 118.0.5993.70 for Mac and Linux.”
  1. Technical Details:
  • The vulnerabilities encompass “Use after free” flaws in Site Isolation, Blink History, and Cast.
  • Improper implementations have been found in various Chrome features such as Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input.
  • A heap buffer overflow vulnerability has been identified in the handling of PDF files.
  • These vulnerabilities can be exploited by remote attackers to bypass security restrictions, execute unauthorized code, reveal sensitive data, and cause DoS disruptions.
CERT-In Flags Critical Vulnerabilities in Google Chrome
  1. Recommendations:
  • CERT-In has advised users to “apply appropriate updates as mentioned by the vendor.”
  • Users are urged to update their Google Chrome browser immediately.
  • Google has already responded to the notice and released updates to fix the vulnerabilities.
  • To update Chrome: Open Chrome > click More (three dots) > Click Help > About Google Chrome. If there is an update available, Chrome will start downloading it automatically. Once the update is downloaded, click relaunch to apply the update.
  • For Android devices, users can update the Chrome app via the Playstore.
  1. Additional Support:
  • To help users protect their devices from malware and bots, the Indian government, through CERT-In, is offering free tools to remove malware from devices. These tools include eScan CERT-IN Bot Removal (available on the Google Play Store), M-Kavach 2 (developed by C-DAC Hyderabad), and the Free Bot Removal Tool (available at csk.gov.in).
  • Users can access these free malware detection tools through the Cyber Swachhta Kendra portal, which provides information and tools to secure systems/devices.
CERT-In Flags Critical Vulnerabilities in Google Chrome

Sources: