Google Chrome Users at High Risk of Hacking; How to Safe
India's cybersecurity agency, CERT-In, has issued a high-risk alert for desktop users of Google Chrome, citing multiple vulnerabilities that could expose users to hacking risks. If exploited, these vulnerabilities could enable remote attackers to execute arbitrary code on targeted systems, posing significant security threats to users' privacy and data integrity. To safeguard against potential cyberattacks, users are strongly advised to promptly update their browsers and implement essential safety precautions.
Understanding the Risks:
CERT-In identifies several critical vulnerabilities in Google Chrome, including:
1. Object Corruption in V8 and WebAssembly: Leading to unexpected behaviour or code execution.
2. Use-After-Free in V8, Downloads, and QUIC: Resulting in data corruption, crashes, or arbitrary code execution.
3. Inappropriate Implementation in Autofill, Extension, Network, and Prompts: This could potentially lead to data leakage or unexpected behavior.
4. Out-of-Bounds Read in Fonts: Causing data corruption or potential execution of arbitrary code.
5. Insufficient Policy Enforcement in Site Isolation and WebUI: Paving the way for security breaches.
6. Insufficient Data Validation in Browser Switcher and Downloads: Allowing malicious data to bypass security checks.
Potential Risks:
- Remote Code Execution: Attackers could exploit vulnerabilities to gain complete control over the user's computer, enabling data theft, malware installation, or system damage.
- Denial-of-Service (DoS): Attackers could crash the Chrome browser or the entire system, rendering it unusable.
Affected Software:
Google Chrome versions prior to 124.0.6367.60 for Windows and Mac are susceptible to these vulnerabilities.
Protective Measures:
- Update Google Chrome: To mitigate risks, immediately update Chrome to version 124.0.6367.60 or later via the browser settings.
- Exercise Caution Online: Avoid visiting suspicious websites or clicking on unknown links, particularly in emails or messages.
- Enable Pop-Up Blocker: Activate pop-up blockers to prevent malicious sites from opening new windows or tabs.
- Clear Cache and Browsing Data: Regularly clear cache and browsing data to remove potentially harmful content.
- Monitor for Unusual Activity: Watch for any signs of abnormal system behaviour, such as unexpected pop-ups or crashes.
- Use Strong Passwords: Secure accounts and devices with robust, unique passwords to enhance overall security.
- Employ Security Suite: Consider utilizing comprehensive security suites with firewall and antivirus protection to combat malware and other threats effectively.