Central Authorities Highlight Major Security Concerns Within Google Chrome. What Are They?

The latest advisory from the Centre’s Computer Emergency Response Team (CERT-In) raises concerns regarding specific versions of the Google Chrome web browser. Highlighting critical security vulnerabilities, CERT-In’s warning note, labeled as CIVN-2024-0170, underscores the urgent need for users to update their browsers without delay.

The identified security flaws in Google Chrome are deemed of high severity due to their potential exploitation by remote attackers to gain full control over targeted devices. According to the report, these vulnerabilities enable attackers to execute arbitrary code, posing a significant threat to users’ data security and system integrity.

Key vulnerabilities outlined in the CERT-In report include:

1. Heap buffer overflow in ANGLE and Dawn: Occurs when excessive data is attempted to be written to a specific memory area, resulting in system crashes or the injection of malicious code by attackers.
2. Use after free in Scheduling: Arises when a program tries to utilize memory that has already been released, leading to unintended code execution or system crashes.
3. Type Confusion in V8: Arises when data is received in an incorrect format, enabling attackers to circumvent security measures or inject malicious code.

These vulnerabilities impact Chrome versions preceding 125.0.6422.76/.77 for Windows and Mac, and preceding 125.0.6422.76 for Linux.

Exploitation of these vulnerabilities could grant attackers control over victims’ computers, facilitating data theft, malware installation, or further cyberattacks.

To mitigate risks and safeguard against potential threats, CERT-In recommends the following measures:

1. Ensure automatic updates are enabled for Chrome to receive the latest security patches promptly.
2. Enhance browser security by installing extensions that block harmful content and enforce secure connections.
3. Regularly clear cookies, cache, and browsing history to minimize risks associated with compromised websites or tracking activities.
4. Exercise caution while browsing online, refrain from clicking on suspicious links, and avoid downloading files from unknown sources to prevent falling victim to phishing attacks.