Indian CERT-In Warns Google Chrome Users: Update Browser Immediately

Update: 2024-05-23 12:33 IST

The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk alert for Google Chrome users, urging immediate action to mitigate potential security threats. According to CERT-In's recent vulnerability note, CIVN-2024-0170, several critical security flaws have been identified in Google's browser, which, if exploited by hackers, could allow them to gain complete control of a user's device.

CERT-In has identified the following major vulnerabilities:

1. Heap Buffer Overflow in ANGLE and Dawn: This occurs when a program writes more data to a memory area than it has allocated. It can lead to program crashes or allow attackers to inject and execute malicious code.

2. Use After Free in Scheduling: This vulnerability happens when a program frees a piece of memory but later tries to use it. This can also result in crashes or unauthorized code execution.

3. Type Confusion in V8: This arises from a mismatch between the expected and actual data types. Exploiting this can enable attackers to bypass security restrictions or inject malicious code.

Successful exploitation of these vulnerabilities could enable cyber attackers to take complete control of the affected device. Potential consequences include theft of sensitive data, installation of malware, or launching further attacks on other systems.

Affected Versions

CERT-In has noted that these vulnerabilities affect Chrome versions prior to 125.0.6422.76/.77 for Windows and Mac and prior to 125.0.6422.76 for Linux.

Safety Measures

To safeguard against these threats, CERT-In strongly advises users to update their Google Chrome browser to the latest version—125.0.6422.76/.77 for Windows and Mac and 125.0.6422.76 for Linux. Google has already released patches to address these vulnerabilities, so updating your browser is crucial.

In addition to updating Chrome, users should consider the following precautions to enhance their browser security:

1. Enable Automatic Updates: Ensure that automatic updates are enabled so that Google Chrome can receive and apply security patches promptly, minimizing the window of opportunity for attackers.

2. Use Security Extensions: Utilize extensions that enhance browser security by enforcing secure connections, blocking unwanted content, and controlling script execution.

3. Regularly Clear Browsing Data: Clearing cookies, cache, and history can help mitigate risks from compromised websites and persistent tracking.

4. Avoid Suspicious Links and Attachments: Be cautious of clicking on unknown links or downloading attachments from unfamiliar sources. Phishing is a standard method for exploiting browser vulnerabilities by directing users to malicious sites.

5. Review and Disable Unnecessary Plugins: Evaluate and disable unnecessary browser plugins or extensions. Attackers can exploit plugins to gain system access, so reducing the number of active plugins can decrease security risks.

Users can significantly enhance their browser security and protect their devices from potential threats by following these steps. Given the critical nature of these vulnerabilities, immediate action is essential to safeguard against possible cyber-attacks.

Tags:    

Similar News