The Indian Computer Emergency Response Team (CERT-In), which comes under the IT Ministry, has warned users of multiple vulnerabilities in Google Chrome which could allow a remote attacker to execute arbitrary code on the targeted system.
Stating that the severity rating is 'high', CERT-In said that a remote attacker could exploit the vulnerabilities by sending specially crafted requests on the targeted system.
"These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, sign-in flow, Chrome OS shell; Heap buffer overflow in downloads, insufficient validation of untrusted input in intents, insufficient policy enforcement in cookies and inappropriate implementation in extensions API," the agency added.
This is not the first time that India's emergency response team is issuing such a warning to Chrome users. As recently as July 2022, CERT-In had put out a similar notice.
Earlier, it also advised users against vulnerabilities in Apple iOS, iPadOS and macOS. "This vulnerability exists in the Apple iOS, iPadOS and macOS due to out-of-bounds write in the Kernel and WebKit component. A remote attacker could exploit this vulnerability by enticing a victim to open a specially-crafted file," the agency said.
How to update Google browser to stay away from bugs
The thing is not all Google Chrome users are under threat. CERT-In said Google Chrome versions prior to 104.0.5112.101 are at risk. If you are running an old version of Google Chrome, it is advised to update the browser version on your system. Users have been directed to apply the necessary patches that are part of the upgrade.
Being the world’s number one browser, Chrome is also the biggest target, with countless threat actors racing to find new zero-day vulnerabilities. Less than two months ago, Google fixed one such vulnerability for the Windows version, that was allegedly being exploited in the wild.
The high-severity bug, tracked as CVE-2022-2294, is a heap-based buffer overflow weakness.
Updating Google Chrome is a simple exercise:
Log in to you Google Chrome browser
At the top right of the browser’s window find three-dot menu
Select Help, and go to About Google Chrome
If an update is available, you can click on the Update Google Chrome button
After updation, restart your browser
In case if you have enabled automatic update, you will find an indication near the three-dot menu that an update has been installed You just need to restart the browser.
