Wed. Jun 19th, 2024


In a recent advisory, the Computer Emergency Response Team (CERT-In) issued a high-severity warning regarding Google Chrome, a popular web browser used by millions worldwide. The warning pertains to the discovery of multiple vulnerabilities that could potentially compromise user data and system security. CERT-In, responsible for addressing and managing cybersecurity threats, has flagged these vulnerabilities as high-risk and is urging immediate action.
The threat
According to the CERT-In advisory, “Multiple vulnerabilities have been reported in Google Chrome that could allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition on the targeted system.” These vulnerabilities pose a significant risk to users and highlight the need for immediate attention to protect sensitive information and systems from potential exploitation.
The vulnerabilities identified by CERT-In stem from various sources, including a Heap buffer overflow error in WebP, inappropriate implementation in Custom Tabs, Prompts, Input, Intents, Picture in Picture, and Interstitials, as well as insufficient policy enforcement in Downloads and Autofill. Cyber attackers could exploit these vulnerabilities by convincing unsuspecting users to visit specially crafted websites designed to take advantage of these security flaws.
List of vulnerabilities
The vulnerabilities reported by CERT-In are assigned the following Common Vulnerabilities and Exposures (CVE) identifiers:
CVE-2023-4863 (Note: This vulnerability is actively being exploited in the wild.)
Affected Software Versions
Users of the following Google Chrome versions are potentially at risk:
Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.188 (for Mac and Linux)
Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.187 (for Windows)
Google Chrome for Desktop versions prior to 117.0.5938.62 (for Mac and Linux)
Google Chrome for Desktop versions prior to 117.0.5938.62/.63 (for Windows)
Protecting Your System
CERT-In strongly advises users to take immediate action to protect their systems and data. The recommended solution is to apply the appropriate updates as provided by the vendor.
To update Google Chrome and address these vulnerabilities, please visit the official Google Chrome Releases blog here and here. By keeping your browser up-to-date, you can ensure a safer online experience and reduce the risk of falling victim to potential cyberattacks.


Source link