Government Alerts Google Chrome Users of Severe Security Flaws
Computer Emergency Response Team (CERT-In), an Indian cyber agency under the Ministry of Electronics and Information Technology, has issued a high-risk warning to Google Chrome users in India.
According to CERT-In, several vulnerabilities have been found in Google ChromeOS LTS that a remote attacker can exploit to cause a denial of service situation, elevation of privileges, and remote code execution on the target system.
“These vulnerabilities exist in Google ChromeOS LTS due to Use after free in Extensions, Heap buffer overflow in vp8 encoding in Ibvpx, out-of-bounds memory usage in FedC, flaws in AMD platforms, and issues in the Linux kernel,” the cyber office said .
A remote attacker can exploit these vulnerabilities by sending a specially crafted request to the target system.
Complete list of Google Chrome “vulnerabilities” reported by CERT-In.
– CVE-2023-2163
– CVE-2023-3777
– CVE-2023-4015
– CVE-2023-4208
– CVE-2023-4366
– CVE-2023-4622
– CVE-2023-4761
– CVE-2023-5187
– CVE-2023-5217
– CVE-2023-20593
– CVE-2023-40283
“Vulnerability CVE-2023-5217 is being exploited in the wild,” the agency said. The agency warned that successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial of service state, elevation of user privileges, and remote code execution on a targeted system.
Users are advised to update their Chrome browser immediately. Google has already released an update and security patch that contains fixes and solutions to these security issues.
“This update contains several security fixes, including: 1475798 High CVE-2023-5187 Use after free in Extensions, 1450784 Medium CVE-2023-4366 Use after free in Extensions, 1486441 High CVE-2023-5217 overflowencoveren in v8 in Heap libvpx and 1476403 High CVE-2023-4761 Exceeded memory usage in FedCM,” the US tech giant wrote in a blog post.
To update the Google Chrome browser: Click the three-dot menu in the upper left corner. Then select Help. Next, you need to click on About Google Chrome. Now Google Chrome automatically checks and installs updates. If your browser is up to date, you will see the message “Google Chrome has been updated”.