The government has warned users about multiple vulnerabilities on the Google Chrome desktop application that could enable hackers to gain access to sensitive information and bypass security restrictions.
In a note released by the Indian Computer Emergency Response Team (CERT-In), the nodal agency for cybersecurity threats, the government has urged Chrome users to update their browsers to avoid security breaches. Google also acknowledged the loopholes within the browser and released an update.
CERT-In said in the note that the vulnerabilities allowed attackers to remotely execute arbitrary code on the browser and cause buffer overflow on the targeted system. Buffer overflow is an attempt to write more data to a fixed length memory block to corrupt the software.
“A vulnerability has been reported in Google Chrome, which could allow a remote attacker to execute arbitrary code on the targeted system,” CERT-In warned in its advisory.
| OnePlus 10R 150W first impressions: All charged up and raring to go
“What’s worrying is that the vulnerability is already exploited by hackers and Google Chrome users are highly recommended to update immediately.”
The agency assigned a ‘high’ severity rating to the security issues.
“This vulnerability exists in Google Chrome due to a type confusion error within the V8 JavaScript engine component in Google Chrome. A remote attacker could exploit this vulnerability by sending a specially crafted webpage, trigger type confusion error and execute arbitrary code on the targeted system. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code and take control of the targeted system,” CERT-In explained.
Google also acknowledged the issues covered by the Indian agency in a blog post last month. It released the Chrome version 101.0.4951.41 for macOS, Windows, and Linux with 29 security fixes.
| Sony BRAVIA X75K smart Android TV series launched in India; price starts at Rs 55,990
CERT-In had recently issued a similar advisory for users of Mozilla Firefox. It had found several security vulnerabilities that could be used to bypass security restrictions and conduct spoofing attacks, execute arbitrary code, and obtain sensitive information.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23270010/vpavic_220210_5030_0090.jpg)
