CERT-In Issues 'High' Severity Warning for Google Chrome Users; Urgent Update Required
CERT-In, India's national agency for computer security incidents, has issued a 'High' severity warning for Google Chrome users in the country. The warning issued a few days back alerts users to vulnerabilities in Google Chrome versions prior to 122.0.6261.111/.112 for Windows and Mac and 122.0.6261.111 and earlier for Linux systems.
The identified vulnerabilities, outlined in the "CIVN-2024-0085" version, could enable remote attackers to execute arbitrary code and compromise systems with Denial of Service (DoS) conditions. These vulnerabilities stem from flaws in the FedCM and V8 components.
The vulnerability note said, "Multiple vulnerabilities have been reported in Google Chrome, which could be exploited by a remote attacker to execute arbitrary code or cause a Denial of Service (DoS) condition on the targeted system."
Specifically, the "Use-after-free error" in FedCM allows manipulation of memory to execute arbitrary code, while vulnerabilities in the Javascript V8 engine involve "Out of bounds memory access and inappropriate implementation." Exploiting these flaws could enable attackers to deploy specially crafted web pages to compromise targeted systems.
"Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS) condition on the targeted system," Put plainly, attackers could potentially steal data, crash the browser, or gain control of the system, even installing malware.
Fortunately, a solution is available through an update. Users are urged to update their browsers immediately. To do so, click the three-dot icon at the top right of the browser, select 'Help,' then navigate to the 'About Google Chrome' section. Chrome will automatically check for updates, ensuring users have the latest security patches installed.