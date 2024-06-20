CERT-In has issued an urgent advisory regarding critical vulnerabilities discovered in Google Chrome for desktop. The Indian Computer Emergency Response Team (CERT-In), responsible for managing cybersecurity threats, has classified these vulnerabilities as high-risk and is urging immediate action from Chrome users to safeguard their systems from potential exploitation. {{^adFree}} {{/adFree}}

These vulnerabilities are detailed in CERT-In Vulnerability Note CIVN-2024-0193, affecting Google Chrome versions earlier than 126.0.6478.114/115 on Windows and Mac, and versions earlier than 126.0.6478.114 on Linux. The flaws in question pose significant dangers if not addressed promptly.

The vulnerabilities arise from several issues within the browser's code:

Type Confusion in V8: This issue occurs in Chrome's JavaScript engine, V8, leading to errors caused by type confusion. Inappropriate Bounds Memory Access in Dawn: Dawn, a graphics library used by Chrome, has flaws allowing access beyond allocated memory limits. Use After Free in Dawn: This involves the reuse of previously freed memory, resulting in unpredictable behavior and possible code execution. The risks associated with these vulnerabilities are substantial. A remote attacker could exploit these flaws by convincing a user to visit a specially crafted website. Once on this site, the vulnerabilities could be activated, permitting the attacker to execute arbitrary code on the victim's system. This could lead to various malicious outcomes, such as data theft, system compromise, and the spread of malware.

To mitigate these risks, CERT-In strongly advises users to take immediate actions. First, update Google Chrome to version 126.0.6478.114 or later, as Google has issued patches addressing these vulnerabilities; users can find the latest updates and detailed instructions on the official Google Chrome Releases blog. Second, enable automatic updates if this feature is not already activated, ensuring that the latest security patches are received promptly.

Lastly, exercise caution with unfamiliar links, as phishing attempts often use compelling or alarming messages to lure users into visiting malicious websites.

Given the critical nature of these vulnerabilities, it is imperative for all Google Chrome users to update their browsers without delay. Failure to do so could leave systems vulnerable to significant security threats, such as remote code execution and potential data breaches.

