Modi govt warns Google Chrome users against hacking threat
CERT-IN has alerted that these flaws could be exploited by a remote attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.
The Narendra Modi government has warned Google Chrome desktop users of a high-risk threat against remote hackers getting entry to the system and implementing malicious operations.
On Friday, the Indian Computer Emergency Response Team (CERT-IN) has published the advisory on its official website, marking it a high severity rating as various vulnerabilities are exposed in the web browser.
CERT-IN, a nodal agency under the ministry of electronics and information technology, alerted in the vulnerability note, “Multiple vulnerabilities have been reported in Google Chrome for Desktop.” It included that these “could be exploited by a remote attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”
Information Technology (Amendment) Act of 2008 designates CERT-IN as a statutory body. This nodal agency tracks computer security incidents, reports on vulnerabilities, and advocates powerful IT safeguards throughout the country. It alerts users to flaws and cybersecurity dangers like hacking and phishing.
Which versions are affected and why?
CERT-IN has specified the susceptibilities are found only on the desktop version of Google Chrome web browser. The software running on updates earlier than 106.0.5249.61 for Mac/Linux and 106.0.5249.61/62 for Windows is said to be influenced.
As per the report, these flaws exist in Google Chrome for Desktop due to Use-after-free (arising from the operation of dynamic memory allocation) in the CSS, Survey, Assistant, Import and Media.
The insufficient verification of untrusted input in Developer Tools, VPN, Intents and Safe browsing, while lack of policy enforcement in Developer Tools, Custom Tabs, are also believed to raise these vulnerabilities.
ALSO READ: Do you regularly attend Zoom meets? This Centre advisory is meant for you
Apart from this, the vulnerabilities are also thought to stem because of incorrect security UI in Full Screen, Use-after-free in logging, Type confusion in Blink, and Use-after-free in ChromeOS Notifications.
How would it influence the system ?
Using these vulnerabilities, the agency warns, a remote attacker could command the users to malicious websites. It will give entry of the system to the attacker, circumventing the security protocols in place on the device. A remote hacker then could perform arbitrary code and introduce a denial of service attack, causing the system unavailable to the original user.
The solution
Users are advised by the agency to upgrade their system to the latest stable channel update available for Google Chrome desktop browser.