The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for Google Chrome users. This government agency operates under the Ministry of Electronics and Information Technology.

In a recent advisory, CERT-In highlighted critical vulnerabilities within Google Chrome, prompting an urgent call for users to promptly update their web browsers. CERT-In's warning notes that "Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to bypass security restrictions, execute arbitrary code, disclose sensitive information, and cause denial of Service (DoS) conditions on the targeted system." These vulnerabilities present a significant risk to user data and the security of systems.

The vulnerabilities identified by CERT-In affect users who are using Google Chrome versions prior to 116.0.5845.96/.97 for Windows and Google Chrome versions prior to 116.0.5845.96 for Mac and Linux. Users using these versions are particularly vulnerable to potential exploitation of these security flaws.

The government body explains that these vulnerabilities exist due to issues like "use after free" in areas such as offline mode, device interactions, network communications, audio functions, DNS, and extensions. There are also problems with implementation in features like fullscreen mode, app launchers, color management, autofill, web sharing, and permission prompts. Additionally, there are concerns with type confusion and out-of-bounds memory access in the V8 engine, along with heap buffer overflow in components like ANGLE, Skia, and Mojom IDL. Inadequate validation of untrusted inputs in XML and insufficient policy enforcement in the Extensions API are also part of the problem.

The advisory provides a list of vulnerabilities identified:

CVE-2023-2312

CVE-2023-4349

CVE-2023-4350

CVE-2023-4351

CVE-2023-4352

CVE-2023-4353

CVE-2023-4354

CVE-2023-4355

CVE-2023-4356

CVE-2023-4357

CVE-2023-4358

CVE-2023-4359

CVE-2023-4360

CVE-2023-4361

CVE-2023-4362

CVE-2023-4363

CVE-2023-4364

CVE-2023-4365

CVE-2023-4366

CVE-2023-4367

CVE-2023-4368

CERT-In recommends users to update their Google Chrome browsers immediately in response to these concerning security issues. Fortunately, Google has already released the latest Chrome update to address these vulnerabilities. To ensure system safety, users are advised to follow these steps:

Access Settings: Open Google Chrome and click on the three vertical dots in the upper right-hand corner to access the menu.

Select "About Chrome": Scroll down the menu and click on "About Chrome."

Check for Updates: Chrome will automatically check for updates. If a new update is available, it will start downloading.

Install the Update: Once the update is downloaded, follow the on-screen prompts to complete the installation process.