Government issues high severity warning, urging immediate download of Google Chrome update
The Indian Computer Emergency Response Team (CERT-In) has issued a serious warning about the vulnerabilities found in Google Chrome OS, advising users to promptly update their browsers. On February 8, 2024, CERT-In released a security note, identified as CIVN-2024-0031, emphasizing the considerable risks linked to Google Chrome OS versions prior to 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel. The government urges individuals to download the latest Google Chrome update, which will eliminate all existing vulnerabilities.
The nature of threats
CERT-In recognizes that remote attackers could exploit these vulnerabilities to execute arbitrary code, gain elevated privileges, bypass security restrictions, or cause a denial of service condition on the affected systems. The vulnerabilities are primarily due to two sources: a “use after free” bug in the side panel search feature and incomplete data validation in plugins, both of which can be exploited by attackers to compromise system integrity.
Mitigation measures
Remote attackers could exploit these vulnerabilities by tricking users into visiting specially crafted web pages that trigger the identified vulnerabilities upon access. To mitigate these risks, HT CERT-In recommends updating Google Chrome OS to version 114.0.5735.350 or later, as these updates contain patches that address identified vulnerabilities.
Recommended actions
In addition, users are advised to exercise caution when browsing the Internet, especially when encountering unknown or suspicious websites, and to avoid interacting with links from untrusted sources or unsolicited emails and messages. Implementing security best practices, such as using reputable anti-virus software, regularly updating software and applications, and implementing firewalls, can further improve defense mechanisms against potential threats.
At the same time, CERT-In is conducting a “Cyber Swachhta Fortnight” event from 1st to 15th. February 2024, which aims to protect cyberspace from botnets that threaten end-user systems. As part of this initiative, CERT-In has set up a ‘Cyber Swachhta Kendra’ (CSK) in collaboration with eScan, which provides the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops and smartphones. This toolkit empowers citizens to scan and clean their devices, protecting them from botnet infection and contributing to overall digital security efforts.