CERT-In Urges Google Chrome Users to Immediately Update to the Latest Version for Protection Against Cyber Threats, Including Device Takeover and Software Crashes.
“In a recent alert issued by India’s Computer Emergency Response Team (CERT-In), a high-risk warning has been issued for users of the popular web browser, Google Chrome. The official government advisory highlights critical vulnerabilities present in certain versions of the browser that could potentially allow hackers to take control of your computer or crash it.
CERT-In, the government-approved organization responsible for cybersecurity threats, has classified the reported vulnerabilities as high-risk. These vulnerabilities encompass a Heap buffer overflow error in WebP, inappropriate implementations in various components such as Custom Tabs, Prompts, Input, Intents, Picture in Picture, and Interstitials, as well as insufficient policy enforcement in Downloads and Autofill. CERT-In notes that these vulnerabilities in Google Chrome could potentially be exploited by malicious actors to gain unauthorized access to the victim’s system. The latest vulnerability note states, “Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition on the targeted system.”
What has exacerbated the situation is the revelation that one of the vulnerabilities, identified as CVE-2023-4863, is already being exploited in the wild. This means that cybercriminals are actively taking advantage of this security flaw. Therefore, it is crucial for Google Chrome users to take immediate action to protect their systems.
Here is the complete list of affected software vulnerable to hackers:
Affected Chrome Software:
- Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.188 (for Mac and Linux)
- Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.187 (for Windows)
- Google Chrome for Desktop versions prior to 117.0.5938.62 (for Mac and Linux)
- Google Chrome for Desktop versions prior to 117.0.5938.62/.63 (for Windows)
How hackers can exploit the risk:
To exploit these vulnerabilities, a hacker could deceive a user into visiting a malicious website. This is a common tactic in many cyberattacks, where attackers entice users to click on malicious links or visit compromised websites. Once a user visits the malicious website, the attacker can execute malicious code, potentially taking control of the user’s system, bypassing security measures, or launching a denial-of-service attack.
Protection measures:
CERT-In emphasizes that Google has already released an update and security fix containing patches and solutions for these security issues.
For users of the affected software, it strongly urges immediate updating of their Chrome browser. Additionally, the cybersecurity organization advises users to keep their browser and other software updated to prevent similar risks in the future.
To update Google Chrome:
- Open your Chrome window.
- Click on the three-dot icon in the top right corner of Chrome.
- From the dropdown menu, select “Help.”
- Click on “About Google Chrome.”
- Finally, restart your browser to apply the update.
