The agency also said that cyber attackers could exploit these vulnerabilities by persuading a victim to visit a specially crafted website.

Indian Government Alerts Chrome Users to Potential Security Threat

Adarsh V.KSeptember 29, 23 Google, Google chrome

India’s cyber agency has issued a high-risk warning to Google Chrome users in the country, saying users must update their Chrome browser immediately. According to India’s Computer Emergency Response Team (CERT-In), several vulnerabilities have been reported in Google Chrome that could allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial of service mode on the targeted system.

“Google Chrome has multiple vulnerabilities due to WebP’s Heap buffer overflow bug; Improper implementation in custom tabs, prompts, feed, intent, picture-in-picture and interstitials; Inadequate policy enforcement in downloads and autofill,” CERT-In said in the report.

The agency also said cyber attackers could exploit these vulnerabilities by persuading a victim to visit a specially crafted website. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial of service state on the targeted system.

Here is a list of Chrome software affected by the issue

– Google Chrome (Extended Stable Channel) version older than 116.0.5845.188 (for Mac and Linux)

– Older versions of Google Chrome (Extended Stable Channel) 116.0.5845.187 (Windows)

– Google Chrome for Desktop versions older than 117.0.5938.62 (for Mac and Linux)

– Google Chrome for Desktop versions older than 117.0.5938.62/.63 (Windows)

“The CVE-2023-4863 vulnerability is being exploited in the wild. Users are encouraged to patch vulnerable devices immediately,” the agency said. In terms of software, users are advised to update their Chrome browser immediately.

According to CERT-In, Google has already released an update and security patch that includes fixes and solutions to these security issues.

“The stable and extended stable channels have been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will be released in the coming days/weeks. A full list of changes for this build is available in the log.

The extended stable channel has been updated to 116.0.5845.188 for Windows and 116.0.5845.187 for Mac, which will be rolled out in the coming days/weeks,” Google wrote in a blopost.