CERT-IN issues warning for Google Chrome users
The Ministry of Electronics and Information Technology’s Indian Computer Emergency Response Team (CERT-IN) has declared vulnerabilities associated with the popular web browser, Google Chrome. The Indian agency has classified the security gaps with a security rating, “High”, and a note adding onto it read, “Multiple vulnerabilities have been reported in Google Chrome which could allow an attacker to execute arbitrary code on the targeted system.” (via)
Cybercriminals are expected to attack target devices via these existing loopholes in versions of Google Chrome prior to 98.0.4758.80. The CERT-IN has suggested that these vulnerabilities exist due to – Use after free in Safe Browsing, Reader Mode, Web Search, Thumbnail Tab Strip, Screen Capture, Window Dialog, Payments, Extensions, Accessibility and Cast; Heap buffer overflow in ANGLE; Inappropriate implementation in Full-Screen Mode, Scroll, Extensions Platform, and Pointer Lock; Type Confusion in V8; Policy bypass in COOP and Out of bounds memory access in V8.
Google fixes Chrome vulnerabilities with an update
Google has rolled out updates to counter these issues and patches and bug fixes have been rolled out. The details of the bug fixes have been kept under wraps until a majority of the active Google Chrome users update their software to avail themselves of the upgraded security. Google has also announced that it would withhold the details in case third-party libraries continue to contain vulnerabilities and other projects depend on it.
Google Chrome users are advised to resort to updating their software on an urgent basis to protect their systems. The newer and updated versions – Chrome 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for macOS and Linux; these new versions get the latest fixes. The update has been rolled out as declared on February 1st and will gradually roll out to users.