The Indian Computer Emergency Response Team (CERT-In) has issued a critical high-risk warning concerning serious vulnerabilities found in Google Chrome for desktop systems. This alert comes as part of the government’s efforts to safeguard users from potential security breaches. According to the latest advisory, multiple vulnerabilities in Google Chrome could allow remote attackers to execute arbitrary code on affected systems. The urgency of the situation has led CERT-In to strongly recommend that users update their Chrome browsers without delay to mitigate these risks.
In its Vulnerability Note CIVN-2024-0231, CERT-In has outlined the specific issues that pose a substantial threat to user security. These vulnerabilities primarily stem from two notable problems within Google Chrome's codebase. The first is an issue known as "uninitialized use," which occurs when a variable is used before it has been assigned a specific value. This can lead to unpredictable behavior in the browser, potentially allowing attackers to exploit the flaw to manipulate the program's functions.
The second vulnerability involves "insufficient data validation in Dawn." Dawn is a WebGPU implementation that Chrome uses for rendering graphics. Inadequate validation of data processed by Dawn means that the browser does not properly check the information it handles. This shortcoming could result in unauthorized code execution when the browser encounters specially crafted input, creating an opportunity for attackers to execute arbitrary code on the user’s machine.
These vulnerabilities have been identified in specific versions of Google Chrome, particularly those prior to 127.0.6533.88/89 for Windows and macOS, and versions before 127.0.6533.88 for Linux. Users operating these versions are at high risk of attack and should act swiftly to protect their systems.
To safeguard against these threats, CERT-In recommends several actions. First, users should update their Google Chrome browsers to the latest version available. The stable channel versions 127.0.6533.88/89 for Windows and macOS, as well as 127.0.6533.88 for Linux, include critical patches that address these vulnerabilities. To perform an update, users should go to the browser menu, select "Help," and then "About Google Chrome." This process will prompt Chrome to automatically check for and install the necessary updates.
Additionally, enabling automatic updates is advised to ensure ongoing protection from future vulnerabilities. Automatic updates will ensure that the browser always has the latest security patches and minimizes the risk of exposure to newly discovered threats.
This advisory highlights the critical need for timely updates and vigilance in maintaining cybersecurity. By taking these precautionary steps, users can help protect themselves from potential exploits and ensure the security of their systems against these identified vulnerabilities.
Â
