CERT-In Flags Critical Vulnerabilities in Google Chrome

CERT-In Flags Critical Vulnerabilities in Google Chrome; Immediate Update Recommended!

Summary:
India’s national cyber agency, the Computer Emergency Response Team (CERT-In), has issued a high-severity warning regarding multiple vulnerabilities discovered in the popular web browser, Google Chrome. These vulnerabilities could potentially allow remote attackers to execute arbitrary code, bypass security measures, and cause denial-of-service (DoS) conditions on targeted systems. Users are urged to update their browsers immediately to mitigate these risks.

Details:

1. CERT-In’s Warning:

• CERT-In has highlighted “multiple vulnerabilities” in Google Chrome that could allow a remote attacker to execute arbitrary code and cause a denial of service condition on the targeted system.
• The vulnerabilities could potentially allow hackers to execute arbitrary code, gain unauthorized access to sensitive information, or cause DoS attacks.
• A remote attacker could exploit these vulnerabilities by sending a specially crafted request to the targeted system.
• The vulnerabilities have been identified in “Google Chrome versions prior to 118.0.5993.70/.71 for Windows” and “Google Chrome versions prior to 118.0.5993.70 for Mac and Linux.”

1. Technical Details:

• The vulnerabilities encompass “Use after free” flaws in Site Isolation, Blink History, and Cast.
• Improper implementations have been found in various Chrome features such as Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input.
• A heap buffer overflow vulnerability has been identified in the handling of PDF files.
• These vulnerabilities can be exploited by remote attackers to bypass security restrictions, execute unauthorized code, reveal sensitive data, and cause DoS disruptions.

1. Recommendations:

• CERT-In has advised users to “apply appropriate updates as mentioned by the vendor.”
• Users are urged to update their Google Chrome browser immediately.
• Google has already responded to the notice and released updates to fix the vulnerabilities.
• To update Chrome: Open Chrome > click More (three dots) > Click Help > About Google Chrome. If there is an update available, Chrome will start downloading it automatically. Once the update is downloaded, click relaunch to apply the update.
• For Android devices, users can update the Chrome app via the Playstore.

1. Additional Support:

• To help users protect their devices from malware and bots, the Indian government, through CERT-In, is offering free tools to remove malware from devices. These tools include eScan CERT-IN Bot Removal (available on the Google Play Store), M-Kavach 2 (developed by C-DAC Hyderabad), and the Free Bot Removal Tool (available at csk.gov.in).
• Users can access these free malware detection tools through the Cyber Swachhta Kendra portal, which provides information and tools to secure systems/devices.

Sources:

• NDTV
• Greater Kashmir
• India Today