Government of India Warns Google Chrome and ChromeOS Users of Severe Vulnerabilities

CERT-In has pointed out several vulnerabilities in ChromeBooks and Google Chrome browser.

  • CERT-In has notified MeitY about multiple security vulnerabilities in Chrome and ChromeOS.
  • These vulnerabilities can help a cybercriminal gain privileged and unauthorized access to an affected device.
  • Google has already released patches for the affected Chrome versions and updates for Chromebooks.

The Indian Computer Emergency Response Team (CERT-In) has issued security warnings for Google Chrome and Chromebook users in India. The entity that operates under the Ministry of Electronics and Information Technology (MeitY) has informed users about several vulnerabilities found in the ChromeOS and Chrome browsers. The government watchdog agency has updated its official website with Vulnerability Note CIVN-2023-0343 and CIVN-2023-0342 listing out the vulnerabilities and affected versions. The website suggests users update their browsers and Chromebooks to the latest updates to prevent any mishaps.

Google Chrome and Chromebooks Affected by Severe Vulnerabilities

As mentioned before, CERT-In has issued security warnings for both Chromebook and Google Chrome users in India. These vulnerabilities have been classified as High Severity ratings because of the nature of vulnerabilities. According to the Vulnerability Note CIVN-2023-0343 and CIVN-2023-0342, these security vulnerabilities can be exploited by hackers to execute malicious code or programs and gain privileged access to the victim’s system to bypass all security protection systems on the exposed device.

CERT-In has listed multiple ChromeOS and Chrome versions on its website. According to the security note, the vulnerabilities are associated with the use-after-free flaw in the Web Audio component of Google Chrome and ChromeOS. Below is the list of vulnerable software versions released by CERT-In.

  • Google ChromeOS LTS channel version prior to 114.0.5735.339 (Platform version 15437.76.0)
  • Google Chrome versions prior to 119.0.6045.123 for Linus and Mac.
  • Google Chrome versions prior to 119.0.6045.123/.124 for Windows.

CERT-In has also posted the list of the vulnerabilities as shown below.

ChromeOS: CVE-2023-5472, CVE-2023-35688, CVE-2023-21401, CVE-2023-21263 and CVE-2023-38545, CVE-2023-5481, CVE-2023-5474

Chrome: CVE-2023-5996

What Are The Risks Posed by These Vulnerabilities?

According to the CERT-In security notes, these vulnerabilities are caused by use after free in profiles, inappropriate implementation in downloads, a heap buffer overflow in PDF, and issues in Linux Kernel. These vulnerabilities can be used by attackers to force a victim to visit a specially crafted request on the targeted system. Cybercriminals can then execute arbitrary code or cause denial-of-service (DoS) conditions and bypass security on the affected system.

Google Has Already Rolled Out Security Patches for Affected Versions

Fortunately, Google has already acknowledged these vulnerabilities and rolled out patches for Chrome and ChromeOS. CERT-In encourages users to update to the latest version to prevent any mishap caused by miscreants.