CERT-In issues high severity warning for Google Chrome on desktop: Details

CERT-In has issued a high-severity warning for desktop users of Google Chrome, citing multiple security flaws that could let hackers remotely execute malicious code

The Indian Computer Emergency Response Team (CERT-In) has issued a warning for people who use Google Chrome on Windows, Mac and Linux. CERT-In, in an advisory, warned users regarding a vulnerability in Chrome that can allow a remote user to execute arbitrary code on systems. CERT-In has issued a ‘High’ severity warning for this vulnerability.

Affected Chrome versions

• Google Chrome versions prior to 142.0.7444.59 for Linux
• Google Chrome versions prior to 142.0.7444.59/60 for Windows and Mac
• Google Chrome versions prior to 142.0.7444.60 for Mac

What’s the alert about?

CERT-In in a blog stated, “Multiple vulnerabilities exist in Google Chrome due Type Confusion in V8, Inappropriate implementation in V8, Extensions, App-Bound Encryption, Autofill; Object lifecycle issue in Media, Race in V8, Storage; Incorrect security UI in Omnibox, Fullscreen UI, SplitView; Policy bypass in Extensions, Use after free in PageInfo, Ozone and Out of bounds read in V8, WeXR. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.”

 

 

In simpler words, the aforementioned is a list of vulnerabilities found in Google Chrome’s underlying systems (the V8 JavaScript engine, media handling, extensions, UI features like the address bar, etc). If you visit a malicious webpage put together by an attacker, then it can take advantage of one or more of these bugs. That page can trick the browser into doing things it shouldn’t — for example, running code the attacker supplies, showing fake or misleading information, or exposing data that’s supposed to stay private.

 

If any of these bugs are successfully exploited, the attacker could potentially run programs on your computer, get around Chrome’s security protections, impersonate sites or UI elements to fool you, or steal sensitive information from your browser. The practical result ranges from a hijacked browser session to more serious compromises of your device or personal data.

How to protect yourself from this?

The safest way for regular users to keep themselves protected against the aforementioned vulnerabilities is to keep Chrome updated. The US company has already released an update to bring security patches for these flaws.

 

Furthermore, it might be wise to avoid visiting unknown or suspicious links.