In a recent development, the Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning concerning vulnerabilities detected in Google Chrome OS. The security alert, designated as CIVN-2024-0031 and released on February 8, 2024, emphasizes the critical nature of the risks associated with versions of Google Chrome OS preceding 114.0.5735.350 on the LTS channel.
CERT-In has pinpointed vulnerabilities in Google Chrome OS that could potentially be exploited by remote attackers, allowing them to execute arbitrary code, attain elevated privileges, circumvent security restrictions, or induce denial of service conditions on impacted systems. The root causes of these vulnerabilities lie in a "use after free" flaw within the Side Panel Search feature and inadequate data validation in extensions. These issues pose a significant threat to system integrity, making it imperative for users to address them promptly.
The security agency highlights that remote attackers can exploit these vulnerabilities by luring users to visit specially crafted web pages, activating the identified vulnerabilities upon access. To address these concerns, CERT-In strongly advises users to update their Google Chrome OS to version 114.0.5735.350 or later, as these updates include crucial patches addressing the identified vulnerabilities.
CERT-In's Recommended Actions:
In conjunction with the warning, CERT-In has initiated a "Cyber Swachhta Fortnight" from February 1 to 15, 2024, aimed at securing cyberspace from botnets, which pose a significant threat to end-user systems. As part of this campaign, CERT-In, in collaboration with eScan, has introduced the 'Cyber Swachhta Kendra' (CSK), providing the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops, and smartphones.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.