The Narendra Modi government has issued a high-risk warning to Google Chrome desktop users of remote hackers getting access to the system and executing malicious operations. The Indian Computer Emergency Response Team (CERT-IN) has issued the advisory with a high severity rating on September 16 against multiple vulnerabilities reported in the web browser.
CERT-IN cautioned in the vulnerability note, “Multiple vulnerabilities have been reported in Google Chrome for Desktop.” It added the flaws “could be exploited by a remote attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”
CERT-IN is a statutory body under the Information Technology (Amendment) Act of 2008. This nodal agency under the Ministry of Electronics and Information Technology looks after computer security incidents, reports on susceptibilities and advocates powerful IT security practices throughout the country. It reports bugs and cybersecurity threats, including hacking and phishing attacks.
Which versions are affected and why?
CERT-IN has stated that the vulnerabilities are found on the desktop version of Google Chrome. The software running on updates prior to 105.0.5195.125 is said to be impacted.
As per the report, these flaws exist in Google Chrome for Desktop because of Use-after-free (arising from the operation of dynamic memory allocation) in PDF and Frames. Along with this, the vulnerabilities also stem due to Out-of-bounds write in Storage, Heap buffer overflow in Internals and Insufficient validation of untrusted input in DevTools.
How would it influence the system ?
Using these vulnerabilities, the agency warns, a remote attacker could direct the users to malicious websites. It will give access of the system to the attacker, bypassing the security restrictions in place in the device. A remote hacker then could execute arbitrary code and launch a denial of service attack, making the system inaccessible to the original user.
Users should upgrade to the latest stable channel update available for Google Chrome desktop browser.