Google Chrome Desktop users on these versions have high-risk hacking threat
High-risk threat to Google Chrome desktop users as remote hackers can gain access to systems, execute malicious operations, CERT-IN warns.
The central cybersecurity agency has issued a warning to Google Chrome desktop users about a high-risk threat posed by remote hackers gaining access to systems and executing malicious operations.
On Friday, the Indian Computer Emergency Response Team (CERT-IN) published an advisory on its official website, classifying it as a high-severity threat due to various vulnerabilities identified in the web browser.
CERT-IN, a nodal agency under the Ministry of Electronics and Information Technology, highlighted in the vulnerability note, "Multiple vulnerabilities have been reported in Google Chrome for Desktop." It further explained that these vulnerabilities “could be exploited by a remote attacker to bypass security restrictions, execute arbitrary code, or cause denial of service conditions on the targeted system.”
Which versions are affected and why?
CERT-IN specified that these vulnerabilities exist only in the desktop version of Google Chrome web browser, specifically in versions prior to 117.0.5938.132 (for Windows, Mac, and Linux).
The flaws include a heap buffer overflow in vp8 encoding in libvpx and a use-after-free error in Passwords and Extensions.
A remote attacker could exploit these vulnerabilities by executing a specially crafted HTML page, according to CERT-IN.
How would it influence the system?
Using these vulnerabilities, the agency warned that a remote attacker could redirect users to malicious websites, gaining access to the system and bypassing security protocols. This would enable the remote hacker to execute arbitrary code and launch a denial of service attack, rendering the system unavailable to the legitimate user.
The agency advises users to update their systems to the latest stable channel update available for the Google Chrome desktop browser.
The Information Technology (Amendment) Act of 2008 designates CERT-IN as a statutory body responsible for tracking computer security incidents, reporting vulnerabilities, and advocating robust IT security practices throughout the country. It also alerts users to flaws and cybersecurity threats such as hacking and phishing.