Indian Government Releases ‘High-Risk’ Security Alert for Google Chrome – Immediate Action Required
The Indian government’s Computer Emergency Response Team, or CERT-In, constantly sends out alerts that warn the masses about various vulnerabilities found in consumer products – be it Android or iOS, Mac or Windows. Now it’s back with a new warning that includes several “high-risk” vulnerabilities found in Google Chrome.
CVE-2024-1283 and CVE-2024-1284 are the Google Chrome vulnerabilities in question.
What is the risk?
Because they are risky vulnerabilities, they can be exploited by a remote attacker to “execute arbitrary code”, which is basically a Denial of Service (DoS) attack, and this in turn can be used to steal sensitive data on a target computer easily.
Additionally, CERT-In said: “These vulnerabilities exist in Google Chrome due to Use after free in Mojo and Heap buffer overflow in Skia. A remote attacker could exploit these vulnerabilities by sending a specially crafted request to the target system.”
Who does it affect and how to stay safe?
These Google Chrome vulnerabilities can be found in both Google Chrome for Windows versions 122.0.6167.160/161 and older and Google Chrome for Mac and Linux versions 122.0.6167.160 and older.
For security, users must download the latest available software update for Google Chrome on any platform. Google has listed here the security fixes that come with the stable channel update.
In related news, CERT-In had also warned users last week about vulnerabilities that were also found in the Android operating system. These vulnerabilities affect Android versions 11, 12, 13, and 14 and are located in the frame, system, arm parts, and MediaTek components, Unisoc components, Qualcomm components, and Qualcomm-related components.