In a recent security advisory, the Indian Computer Emergency Response Team (CERT-In) has issued a warning concerning Google Chrome users. The alert which was labelled as CERT-In Vulnerability Note CIVN-2023-0295 and was dated October 11, 2023, highlights a series of critical vulnerabilities that pose a significant threat to the security and performance of devices utilizing Google Chrome.
The security notice provides detailed information about the "High" severity vulnerabilities which has been recently discovered in Google Chrome. These vulnerabilities encompass "Use after free" weaknesses within Site Isolation, Blink History, and Cast, as well as improper implementations in various Chrome functions, which include Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input. In addition to this, a heap buffer overflow vulnerability has also been identified in the handling of PDF files.
CERT-In has cautioned that these identified vulnerabilities are exploitable by remote attackers through the transmission of carefully crafted requests to the targeted system. Such exploitation results in a range of detrimental consequences, which may include circumventing security measures, executing unauthorized code, exposing sensitive data, and causing denial-of-service (DoS) disruptions on the targeted system. Meaning to say that this warning underscores the real danger of attackers capitalizing on these vulnerabilities to gain control over devices, which is a grave concern for the users.
Impacted Devices
The following Google Chrome versions are affected by these 'High' vulnerabilities: - Google Chrome versions earlier than 118.0.5993.70/.71 for Windows - Google Chrome versions earlier than 118.0.5993.70 for Mac and Linux
How To Protect Your Device
CERT-In strongly recommends immediate system updates. Google has promptly responded to this advisory by releasing updates to address the vulnerabilities.
To update Chrome, users need to follow these steps:
1. Open Chrome.
2. Click on "More" (represented by three dots).
3. Select "Help" and then "About Google Chrome."
4. If an update is available, Chrome will commence the download automatically.
5. Once the update is downloaded, click "Relaunch" to apply it.
For updating Chrome on Android mobile device or tablet, users need to visit their Play Store and update the Chrome app. Also, to assist users in safeguarding their devices against malware and bot threats, the Indian government, through CERT-In, is providing free tools for malware removal. These tools include:
eScan CERT-IN Bot Removal: Available on the Google Play Store.
M-Kavach 2: Developed by C-DAC Hyderabad - Free Bot Removal Tool: Accessible at csk.gov.in.
Users can access these free malware detection and removal tools through the Cyber Swachhta Kendra portal, which also offers valuable information and resources for securing their systems and devices.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)