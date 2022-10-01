In its latest advisory, the Indian Computer Emergency Response Team says that some Google Chrome versions on desktop are affected by multiple vulnerabilities.
National cyber agency CERT-In has issued a high severity warning for Google Chrome users. In its latest advisory, the Indian Computer Emergency Response Team says that some Google Chrome versions on desktop are affected by multiple vulnerabilities. These vulnerabilities can be exploited by a remote attacker to bypass security restriction, execute arbitrary code or cause denial or service conditions on the targeted system.
Which software versions are affected?
As per CERT-In, Google Chrome versions prior to 106.0.5249.61 for Mac/linux and 106.0.5249.61/62 for Windows are impacted. The advisory dated September 30, 2022 is marked with high severity ranking.
These vulnerabilities, the agency says, exist in Google Chrome for Desktop due to use-after-free in CSS, insufficient validation of untrusted input in developer tools, use-after-free in survey, use-after-free in media, insufficient policy enforcement in developer tools and use after free in assistant. Insufficient policy enforcement in custom tabs, use after free in import, insufficient validation of untrusted input in VPN, incorrect security UI in full screen, use after free in logging, type confusion in blink, insufficient
validation of untrusted input in safe browsing, insufficient validation of untrusted input in intents, use after free in chrome os notifications are other reasons of why these vulnerabilities exist in Chrome desktop.
Solution
Google has released Chrome 106 to the stable channel for Windows, Mac and Linux. This will roll out to users over the coming days/weeks. The tech giant says that Chrome 106.0.5249.61 (Mac/linux) and 106.0.5249.61/62 (Windows) contain a number of fixes and improvements. Google Chrome desktop users are advised to update to the latest version of the browser on their desktop and laptop.
CERT-In is a nodal agency that works under the aegis of the Ministry of Electronics and Information Technology. The agency is primarily responsible to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices across the country.
