Update your Google Chrome now or face losing control of your computer! Govt issues advisory
Urgent Alert: Update Google Chrome Now! Government warns of computer takeover risk for unpatched users.
Highlights
- For users of Google Chrome, CERT-In has issued a high-security risk alert
- Certain versions of the Chrome browser have the vulnerability found
- For the impacted software, Google has already published an upgrade
In a recent advisory, India's Computer Emergency Response Team (CERT-In) issued a high-risk warning for users of Google Chrome, a popular web browser. The alert emphasises critical vulnerabilities identified in specific versions of the browser, posing a serious security risk. These vulnerabilities could potentially allow hackers to take control of users' computers or even crash them.
Identified vulnerabilities
CERT-In classifies the reported vulnerabilities as high-risk, encompassing a Heap buffer overflow error in WebP and inappropriate implementation in various components like Custom Tabs, Prompts, Input, Intents, Picture in Picture, and Interstitials.
Additionally, insufficient policy enforcement in Downloads and Autofill has been noted. These vulnerabilities, if exploited, could grant unauthorised access to the victim's system, allowing attackers to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.
Exploitation in the wild
Of particular concern is the identification of CVE-2023-4863, one of the vulnerabilities, being actively exploited in the wild. This implies that cybercriminals are currently taking advantage of this security flaw, making it imperative for Google Chrome users to take immediate action to safeguard their systems.
Affected software versions
The affected Chrome software includes Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.188 (for Mac and Linux), versions prior to 116.0.5845.187 (for Windows), Google Chrome for Desktop versions prior to 117.0.5938.62 (for Mac and Linux), and versions prior to 117.0.5938.62/.63 (for Windows).
How hackers can exploit the risk
To exploit these vulnerabilities, hackers may employ tactics such as tricking users into visiting malicious websites. This common method involves luring users to click on malicious links or visit compromised sites. Once the user accesses the malicious site, attackers can execute code, potentially gaining control of the user's system, evading security measures, or initiating a denial-of-service attack.
Protective measures
CERT-In underscores that Google has already released an update and security fix with patches for these security issues. Users are strongly urged to update their Chrome browser immediately. Additionally, CERT-In advises users to regularly update their browsers and other software to prevent similar risks in the future.
Given the severity of the identified vulnerabilities and the active exploitation in the wild, it is crucial for Google Chrome users to prioritise updating their browsers promptly. This proactive measure will mitigate the risks associated with potential cyber threats, ensuring a safer online experience.
