 "CERT-In issues high severity warning for Google Chrome on desktop: Details")
The Indian Computer Emergency Response Team (CERT-In) has issued a warning for people who use Google Chrome on Windows, Mac and Linux. CERT-In, in an advisory, warned users regarding a vulnerability in Chrome that can allow a remote user to execute arbitrary code on systems. CERT-In has issued a ‘High’ severity warning for this vulnerability.
Affected Chrome versions
- Google Chrome versions prior to 142.0.7444.59 for Linux
- Google Chrome versions prior to 142.0.7444.59/60 for Windows and Mac
- Google Chrome versions prior to 142.0.7444.60 for Mac
What’s the alert about?
CERT-In in a blog stated, “Multiple vulnerabilities exist in Google Chrome due Type Confusion in V8, Inappropriate implementation in V8, Extensions, App-Bound Encryption, Autofill; Object lifecycle issue in Media, Race in V8, Storage; Incorrect security UI in Omnibox, Fullscreen UI, SplitView; Policy bypass in Extensions, Use after free in PageInfo, Ozone and Out of bounds read in V8, WeXR. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.”
In simpler words, the aforementioned is a list of vulnerabilities found in Google Chrome’s underlying systems (the V8 JavaScript engine, media handling, extensions, UI features like the address bar, etc). If you visit a malicious webpage put together by an attacker, then it can take advantage of one or more of these bugs. That page can trick the browser into doing things it shouldn’t — for example, running code the attacker supplies, showing fake or misleading information, or exposing data that’s supposed to stay private.
If any of these bugs are successfully exploited, the attacker could potentially run programs on your computer, get around Chrome’s security protections, impersonate sites or UI elements to fool you, or steal sensitive information from your browser. The practical result ranges from a hijacked browser session to more serious compromises of your device or personal data.
How to protect yourself from this?
The safest way for regular users to keep themselves protected against the aforementioned vulnerabilities is to keep Chrome updated. The US company has already released an update to bring security patches for these flaws.
Furthermore, it might be wise to avoid visiting unknown or suspicious links.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%