In a recent security advisory, the Indian Computer Emergency Response Team (CERT-In) has issued a warning concerning Google Chrome users. The alert, labelled as CERT-In Vulnerability Note CIVN-2023-0295 and dated October 11, 2023, highlights a series of critical vulnerabilities that pose a significant threat to the security and performance of devices utilising Google Chrome.
The security notice provides detailed information about the "High" severity vulnerabilities discovered in Google Chrome. These vulnerabilities encompass "Use after free" weaknesses within Site Isolation, Blink History, and Cast, as well as improper implementations in various Chrome functions, including Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input. Additionally, a heap buffer overflow vulnerability has been identified in the handling of PDF files.
CERT-In has cautioned that these identified vulnerabilities are exploitable by remote attackers through the transmission of carefully crafted requests to the targeted system. Such exploitation could result in a range of detrimental consequences, including circumventing security measures, executing unauthorised code, exposing sensitive data, and causing denial-of-service (DoS) disruptions on the targeted system. In simpler terms, this warning underscores the real danger of attackers capitalising on these vulnerabilities to gain control over devices, which is a grave concern for users.
Impacted Devices
The following Google Chrome versions are affected by these 'High' vulnerabilities: - Google Chrome versions earlier than 118.0.5993.70/.71 for Windows - Google Chrome versions earlier than 118.0.5993.70 for Mac and Linux
How to protect your device
CERT-In strongly recommends immediate system updates. Google has promptly responded to this advisory by releasing updates to address the vulnerabilities. To update Chrome, follow these steps: 1. Open Chrome. 2. Click on "More" (represented by three dots). 3. Select "Help" and then "About Google Chrome." 4. If an update is available, Chrome will commence the download automatically. 5. Once the update is downloaded, click "Relaunch" to apply it.
For updating Chrome on your Android mobile device or tablet, visit the Play Store and update the Chrome app.
In the meantime, to assist users in safeguarding their devices against malware and bot threats, the Indian government, through CERT-In, is providing free tools for malware removal. These tools include: - eScan CERT-IN Bot Removal: Available on the Google Play Store - M-Kavach 2: Developed by C-DAC Hyderabad - Free Bot Removal Tool: Accessible at csk.gov.in
Users can access these free malware detection and removal tools through the Cyber Swachhta Kendra portal, which offers valuable information and resources for securing their systems and devices.
Also Read Google Chrome users weware! Govt issues serious warning