The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert for users of Google Chrome on desktop systems, stressing the immediate need for updates due to critical vulnerabilities. This advisory, detailed in CERT-In's latest Vulnerability Note CIVN-2024-0274, highlights significant security flaws in Google Chrome that, if exploited, could severely compromise user safety.
The vulnerabilities affect versions of Google Chrome prior to 128.0.6613.113/.114 for Windows, 128.0.6613.113/.114 for Mac, and 128.0.6613.113 for Linux. These issues have been classified as high severity, indicating that they present a serious risk if exploited by malicious actors. The core of the vulnerabilities lies in problems related to type confusion and heap buffer overflow. Type confusion occurs when a program mishandles or misallocates a resource with the incorrect type, potentially leading to arbitrary code execution. This form of attack allows cybercriminals to execute unauthorized commands on the victim’s system. Heap buffer overflow happens when more data is written to or read from a buffer than it can accommodate. This overflow can result in data corruption, program crashes, or the execution of malicious code.
CERT-In's alert warns that these vulnerabilities could be exploited by attackers sending specially crafted requests to the targeted systems. Successful exploitation might lead to a denial-of-service (DoS) condition, causing the system to become unresponsive. In a worse-case scenario, attackers could execute arbitrary code, allowing them to install malware, access sensitive information, or take full control of the device without the user’s knowledge or consent. Considering the extensive use of Google Chrome for various tasks—both personal and professional—the potential impact of these vulnerabilities is considerable.
To address these risks, CERT-In has recommended that all Google Chrome users update their browsers to the latest version. Google has already released patches to fix these vulnerabilities, with updated versions being 128.0.6613.113/.114 for Windows and Mac, and 128.0.6613.113 for Linux. Updating to these versions will not only resolve the specific vulnerabilities but also offer protection against other potential security threats.
Updating Google Chrome is a straightforward process. Begin by opening Google Chrome on your desktop computer. Navigate to the three vertical dots located in the upper right corner of the browser to access the menu. From there, select “Help” and then click on “About Google Chrome.” The browser will automatically check for updates and install the latest version if one is available. After the update is complete, click “Relaunch” to finalize the installation.
In addition to updating manually, users are encouraged to enable automatic updates. This feature ensures that your browser receives the latest security patches automatically, without requiring you to take any action. Enabling automatic updates provides an added layer of protection against newly discovered vulnerabilities.
By staying current with updates, users can effectively protect their systems from potential exploits and maintain a higher level of cybersecurity.
