Live
- Nepal witnesses alarming rise in suicide rate, reveals latest police data
- Power demand in India declines for 1st time in 15 months, hydro gains steam
- Haryana polls: AAP releases second list of nine candidates
- BRS Praises Telangana High Court's Decision on Disqualification of Defected MLAs
- Don’t mislead Indian Muslims: Rijiju rips into Zakir Naik over calls to reject Waqf Bill
- 'Waiting for my arrest', NCP (SP)'s Anil Deshmukh dares Devendra Fadnavis
- Will train 5,000 cyber commandos to combat cybercrime: Amit Shah
- Removal of boats that hit Prakasam Barrage begins
- RG Kar financial scam: Court rejects CBI's plea to virtually present Sandip Ghosh for hearing
- Ananya Panday shines in golden saree
CERT-In Warns Google Chrome Desktop Users of Critical Vulnerability
CERT-In warns Google Chrome desktop users of critical vulnerabilities; immediate browser updates are crucial to prevent potential attacks.
The Indian Computer Emergency Response Team (CERT-In) has issued an urgent high-risk alert for Google Chrome users on desktop systems. According to the government’s cybersecurity organization, several vulnerabilities have been discovered in Chrome's code, posing a significant threat to users. If exploited, these flaws could allow remote attackers to execute arbitrary code, potentially taking control of affected systems. CERT-In strongly advises all Chrome users to update their browsers immediately to safeguard their devices.
Details of the Vulnerabilities
CERT-In’s recent advisory (CIVN-2024-0231) has flagged multiple security issues within Google Chrome that could jeopardize user safety. The most alarming risk is that remote attackers could exploit these vulnerabilities to execute arbitrary code. This could allow them to take over an affected device, access sensitive information, install malicious software, or even shut down the system entirely.
What’s Causing the Risk?
The identified vulnerabilities stem from two main issues within Google Chrome’s codebase:
1. Uninitialized Use: This vulnerability occurs when a variable in the program is used before being assigned a specific value. Such a flaw can lead to unpredictable program behaviour, which attackers can manipulate to alter the program’s operations.
2. Insufficient Data Validation in Dawn: Dawn is a WebGPU implementation used by Chrome for rendering graphics. In this case, insufficient data validation means that Chrome doesn’t thoroughly check the data it processes. This oversight could allow unauthorized code to be executed when the browser encounters specially crafted input.
These combined vulnerabilities provide an opportunity for attackers to create malicious requests that, when processed by Chrome, could lead to the execution of arbitrary code on a user’s machine.
Affected Software Versions
The vulnerabilities impact the following versions of Google Chrome:
- For Windows and macOS: Versions before 127.0.6533.88/89
- For Linux: Versions before 127.0.6533.88
Users running these versions are particularly vulnerable and are urged to update their browsers immediately to prevent potential exploitation.
