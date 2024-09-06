CERT-IN has issued a warning about vulnerabilities in Google Chrome that could allow remote attacks on systems. Users should update to version 128.0.6613.119 or later to mitigate risks. Caution is advised while browsing unfamiliar websites.

The Indian Computer Emergency Response Team (CERT-IN) has issued a critical warning for users of Google Chrome, alerting them to several newly identified vulnerabilities that pose a significant risk. According to CERT-IN, these vulnerabilities may be leveraged by remote attackers to gain illegal access to users' systems. Identified as CIVN-2024-0282, the flaws have been detected in Chrome versions earlier than 128.0.6613.119/.120 for Windows and macOS, and in versions prior to 128.0.6613.119 for Linux.

The identified issues, labeled under the CVE identifiers CVE-2024-8362 and CVE-2024-7970, are attributed to "use after free" bugs in the Web Audio component of Chrome. These flaws provide cybercriminals with an opportunity to infiltrate systems, potentially allowing them to execute arbitrary commands without user consent. Such access could result in attackers taking full control of the affected machine, enabling them to steal confidential data, install malware, or use the system to carry out additional cyberattacks.

CERT-IN emphasized the severity of the vulnerabilities, noting that attackers could exploit them by tricking users into visiting maliciously crafted websites. This type of attack, known as drive-by downloading, occurs when a user is directed to a compromised webpage, with no further user interaction required for the system to be compromised. As such, users are urged to be cautious about the websites they visit and the links they click, especially those from unfamiliar or suspicious sources.

In response, Google has already issued patches to address these flaws, and CERT-IN strongly recommends that users update their browsers to the latest version immediately.

The update to version 128.0.6613.119/.120 for Windows and macOS, and version 128.0.6613.119 for Linux, contains security enhancements that fix these vulnerabilities. Users can apply the update by navigating to "Help" > "About Google Chrome," where the browser will automatically download and install the latest version. Additionally, CERT-IN advises keeping antivirus software up-to-date, enabling automatic browser updates, and regularly backing up data to mitigate potential damage from any security breaches.

