Government Warns Google Chrome Users of ‘Highly Severe’ Vulnerabilities, Urges to Install Latest Update
Google Chrome on desktop is affected by multiple vulnerabilities that could allow hackers to gain access to sensitive information and bypass security restrictions, the government has warned users through a note released by the Indian Computer Emergency Response Team (CERT-In). The nodal agency for cybersecurity threats has advised Chrome users in the country to update the browser on their systems to avoid security issues. Google had acknowledged the loopholes existed within the Chrome browser and released its update.
CERT-In said in the vulnerability note that the vulnerabilities could allow attackers to remotely execute arbitrary code on the browser and even cause buffer overflow — an attempt to write more data to a fixed length block of memory to corrupt the software — on the targeted system.
The agency has given a ‘high’ severity rating to the issues impacting the Chrome browser. The vulnerabilities exist due to inappropriate implementation in elements including WebGL, Extensions API, Input, HTML Parser, Web Authentication, and iFrame, heap buffer overflow in WebGPU and Web UI Settings, out-of-bounds memory access in UI Shelf, insufficient data validation in Blink Editing, Trusted Types, and Dev Tools, and incorrect security interface in Downloads.
There were the Use-after-free flaws in elements including Vulkan, SwiftShader, Angle, Device API, Sharing, File System, API, Ozone, Browser Switcher, Bookmarks, Dev Tools, and File Manager and Type Confusion issue in V8 JavaScript engine, CERT-In explained in its note.
Google had acknowledged the issues that are now covered by the Indian agency in a blog post released last month. It also released the Chrome version 101.0.4951.41 for Windows, macOS, and Linux to patch the known issues. The update included a total of 29 security fixes.
CERT-In has urged Chrome users to install the latest version to patch the vulnerabilities that are in the public and could easily be exploited by an attacker.
Source link