The government agency CERT-IN has issued yet another high-severity warning for Google Chrome users in India. Notably, the Computer Emergency Response Team (CERT-In) is an agency of the Ministry of Electronics and Information Technology (MeitY). It works towards addressing and managing cybersecurity threats in the country and warning Indian citizens against possible hacking or phishing. It is not the first time the agency has issued a high-severity warning against the Google Chrome browser. Let’s look at the vulnerabilities pointed out by CERT-In in several versions of the popular web browser.
Indian Government Issues High-Severity Warning Against Chrome Browser
Indian cybersecurity agency MeitY, CERT-In, has issued another high-severity warning for Google Chrome users in the country. According to the circular or vulnerability note dated August 9, several versions of Google Chrome are plagued with critical vulnerabilities that make users prone to cyber-attacks. CERT-In has listed Google Chrome versions prior to 115.0.5790.170 for Linux and Mac and 115.0.5790.170/.171 for Windows as the affected versions. The list of vulnerabilities found in these versions is below.
- CVE-2023-4068
- CVE-2023-4070
- CVE-2023-4071
- CVE-2023-4072
- CVE-2023-4073
- CVE-2023-4074
- CVE-2023-4075
- CVE-2023-4076
- CVE-2023-4077
- CVE-2023-4078
According to the agency, these vulnerabilities allow cybercriminals to carry out arbitrary code, bypass security restrictions, and cause a denial-of-service condition on the computer. When an attacker executes arbitrary code, they can run any command on the target computer and trigger code already on the box to invoke a program or DLL.
Bypassing security restrictions is self-explanatory; the hacker can bypass any firewall or security program installed on the target system and access sensitive information like personal and banking details. Lastly, the denial-of-service or DoS attack is a severe attack that allows hackers to make the system and data inaccessible to the user.
The vulnerabilities listed by CERT-IN have been attributed to factors like use-after-free scenarios in various prompts, untrusted Web Payments API, SwiftShader, Vulkan, Video, WebRTC, etc. CERT-In also attributes heap buffer overflow in Video and integer overflow in PDF to these vulnerabilities. Needless to say, these vulnerabilities are pretty severe and can allow a remote hacker to lure unsuspecting individuals into visiting malicious websites.
How to Protect Against Google Chrome Vulnerabilities?
Thankfully Google has already rolled out the latest version of Google Chrome to address these vulnerabilities listed by CERT-In. If you have not already updated to the latest version, now is the best time to do so. CERT-In issues multiple Chrome vulnerability notes, which makes sense considering it’s one of the most popular browsers worldwide. Staying on the latest version is best to protect the system against malicious attacks.
