Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The Indian government has once again released a high risk warning for Google Chrome users about critical vulnerabilities found in the browser, that could expose their systems to cyberattacks. According to a recent advisory issued by the Indian Computer Emergency Response Team CERT-In, multiple security vulnerabilities have been discovered in Google Chrome, which are posing a serious threat to users. These vulnerabilities, if exploited, could allow remote attackers to execute malicious code or crash the system.
The latest CERT-In Vulnerability Note – CIVN-2024-0311, issued on September 26, 2024 notes a series of vulnerabilities in Google Chrome. These issues have been categorised as high-severity due to their potential impact on users’ systems. CERT-In explains that these vulnerabilities are caused by flaws in Chrome’s JavaScript engine (V8) and inappropriate implementations, leading to serious security risks.
Hackers can exploit these vulnerabilities to execute arbitrary code on the target system. This means that a cyberattacker can potentially control the affected system, steal sensitive information, or install malicious software. In the worst-case scenario, an attacker could cause the Chrome browser to crash, leading to further exploitation.
According to CERT-In the identified flaws include:
Type Confusion in V8: This vulnerability occurs when a piece of code does not properly handle a variable, leading to unintended behaviour.
Use-after-free vulnerabilities: These arise when a program does not correctly clear memory after use, which can allow attackers to manipulate that memory for malicious purposes.
Inappropriate implementation: This flaw refers to improper handling of certain browser operations, leaving the browser open to remote code execution.
Here is the list of versions of Google Chrome which are affected by the vulnerabilities:
– Google Chrome versions prior to 129.0.6668.70/.71 for Windows and Mac
– Google Chrome versions prior to 129.0.6668.70 for Linux
CERT-In notes that these vulnerabilities affect all platforms, including Windows, macOS, and Linux, making it imperative for users to update their software as soon as possible. Also Google Chrome users who have not yet updated to the latest version are particularly at risk, as hackers could exploit these flaws before the users have applied the necessary patches.
To mitigate the risks associated with these vulnerabilities, CERT-In and Google are strongly recommending users to update their Chrome browser to the latest version. Google has already released an update that addresses these vulnerabilities in its Chrome browser. Ensure you are using Google Chrome version 129.0.6668.70 or later.
To check your version and update it:
Open Chrome > At the top right click on three dots > Click Help > About Google Chrome > Click Update Google Chrome.