- MeitY’s CERT-IN has issued a warning against vulnerabilities in the Google Chrome browser.
- The warning has been categorised to be ‘High’ in terms of severity level.
- Google has recommended updating to the latest version of Google Chrome after it rolled out fixes.
The Ministry of Electronics and Information Technology’s (MeitY) Indian Computer Emergency Response Team (CERT-IN) has announced that Google Chrome users might be on the radar for some probable cyber attacks given the weakness in the browser’s security. Google Chrome is the most popular browser in the world with a high daily active user base, which makes the CERT-IN’s warning an important one. The Indian agency cites probable cyber weaknesses inherent to some flaws in the browser’s security setup as well as some critical bugs that expose loopholes allowing attackers to execute an arbitrary code on a targeted device.
CERT-IN issues warning for Google Chrome users
The Ministry of Electronics and Information Technology’s Indian Computer Emergency Response Team (CERT-IN) has declared vulnerabilities associated with the popular web browser, Google Chrome. The Indian agency has classified the security gaps with a security rating, “High”, and a note adding onto it read, “Multiple vulnerabilities have been reported in Google Chrome which could allow an attacker to execute arbitrary code on the targeted system.” (via)
Cybercriminals are expected to attack target devices via these existing loopholes in versions of Google Chrome prior to 98.0.4758.80. The CERT-IN has suggested that these vulnerabilities exist due to – Use after free in Safe Browsing, Reader Mode, Web Search, Thumbnail Tab Strip, Screen Capture, Window Dialog, Payments, Extensions, Accessibility and Cast; Heap buffer overflow in ANGLE; Inappropriate implementation in Full-Screen Mode, Scroll, Extensions Platform, and Pointer Lock; Type Confusion in V8; Policy bypass in COOP and Out of bounds memory access in V8.
Google fixes Chrome vulnerabilities with an update
Google has rolled out updates to counter these issues and patches and bug fixes have been rolled out. The details of the bug fixes have been kept under wraps until a majority of the active Google Chrome users update their software to avail themselves of the upgraded security. Google has also announced that it would withhold the details in case third-party libraries continue to contain vulnerabilities and other projects depend on it.
Google Chrome users are advised to resort to updating their software on an urgent basis to protect their systems. The newer and updated versions – Chrome 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for macOS and Linux; these new versions get the latest fixes. The update has been rolled out as declared on February 1st and will gradually roll out to users.
