CERT-In issues high-severity warning for Google Chrome users on Windows, mac, and Linux due to multiple vulnerabilities allowing remote code execution. Users are urged to update their browsers.
Computer Emergency Response Team (CERT-In), the cyber security watchdog under the Ministry of Electronics and Information Technology (MeitY), has issued a high severity alert for Google Chrome users, affecting users on Windows, Mac and Linux operating systems.
According to CERT-In, Google Chrome for desktop has been found to have multiple vulnerabilities that could be exploited by a remote attacker to execute arbitrary code on the user's system. The cybersecurity agency said that these vulnerabilities exist in Google Chrome due to a number of reasons, including initialised and insufficient data usage in dawn and out of bounds read in WebTransport.
Giving reasons behind the vulnerabilities in an advisory dated August 7, CERT-In noted, “These vulnerabilities exist in Google Chrome for Desktop due to Uninitialized use in dawn; Out of bounds read in WebTransport and Insufficient data validation in dawn. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted request."
The vulnerability affects users of Google Chrome stable channel versions prior to 127.0.6533.88/89 on Windows, Mac and Google Chrome stable channel versions prior to 127.0.6533.88 on Linux.
What should a Google Chrome user do?
Thanks, CERT-In notes that appropriate updates that fix the above mentioned issues are available on the Google Chrome website.
Therefore, the cybersecurity agency urges users to update to the latest version of Google Chrome for desktop in order to stay safe.
Apple Safari and Google Chrome working on resolving critical security flaw:
Meanwhile, a recent but unrelated report by Forbes had stated that Apple and Google are working to resolve a critical security vulnerability that has been present in their web browsers for years. This vulnerability, related to the IP address 0.0.0.0, and is reportedly being exploited by cybercriminals to breach devices and steal user data.
According to a Forbes report, this security flaw could have existed for as long as 18 years, yet developers did not notice it until recently. Researchers from the Israeli cybersecurity firm Oligo uncovered the issue, which has been labeled a "zero-day vulnerability" due to the lack of prior awareness and immediate patching.
The exploit, dubbed the "0.0.0.0-day attack" by Oligo AI security researcher Avi Lumelsky, involves malicious websites potentially sending harmful requests through the 0.0.0.0 IP address. If a user inadvertently clicks on a malicious link, it could enable attackers to gain unauthorized access to sensitive information on their device.
Although this flaw primarily impacts individuals and organizations that host their own web servers, the potential scale of compromised systems is significant, and experts emphasize that this security issue should not be underestimated.
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.