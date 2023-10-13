CERT-In issues warning about vulnerabilities in Google Chrome that could lead to unauthorized code execution and data leakage

Google Chrome users need to stay vigilant, as the Indian Computer Emergency Response Team (CERT-In) has recently issued a warning for the users of the Google browser. The government agency in its alert namely CERT-In Vulnerability Note CIVN- 2023-0295 mentioned that a couple of significant vulnerabilities could pose threat to the performance of the devices running Google Chrome. {{^adFree}} {{/adFree}}

As per the security warning from CERT-In, these vulnerabilities include ‘Use after free’ weakness within Site Isolation, Cast and Blink History. Moreover, various malfunctions with fullscreen, navigation, downloads, extensions, API and others can be found. The report also highlights that a buffer overflow could be spotted in the PDF files.

The government agency has issued a warning which alerts users that these vulnerabilities can be easily misused by remote attackers through smartly transmitted requests to the targeted system. These exploitations can result in a series of serious consequences which includes executing unauthorized codes, leaking of sensitive data, denial-of-service attacks and major other disruptions. {{^adFree}} {{/adFree}}

It is noteworthy that Chrome versions before than 118.0.5993.70/71 for Windows and versions before than 118.0.5993.70 for Mac and Linus have been harmed by these vulnerabilities.

In order to protect your devices, the following steps must be taken:

As per CERT-In, it is suggested that the systems using Chrome browser must be updated immediately. Notably, Google has rolled out updates to address these vulnerabilities. To update your Google Chrome version, simply navigate to Chrome.> Tap on More>Choose the Help option and then click on ‘About Google Chrome.’ Then the browser will start updating in case there is any update available. After the update is downloaded, tap on relaunch. Moreover, smartphone users can update their browsers visiting the Google PlayStore. {{^adFree}} {{/adFree}}

To recall, CERT-In also issued a similar warning last month, which said that multiple vulnerabilities have been reported in Google Chrome which could allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition on the targeted system

“These vulnerabilities exist in Google Chrome due to heap buffer overflow in vp8 encoding in libvpx; use-after-free error in Passwords and Extensions. A remote attacker could exploit these vulnerabilities by executing a specially crafted HTML page," CERT-In said in a release.

