CERT-In issues high-risk vulnerability warning to Google Chrome users
The Indian Computer Emergency Response Team (CERT-In) has sounded an alarm over high-risk vulnerabilities in Google Chrome. These security flaws, affecting desktop users, have been categorized as high-risk due to their potential for exploitation. The vulnerabilities are present in Google Chrome versions older than 126.0.6478.114/115 on Windows and Mac, and earlier than 126.0.6478.114 on Linux.
Vulnerabilities originate from browser's code
The security flaws stem from several problems within the browser's code, including Type Confusion in V8, Inappropriate Bounds Memory Access in Dawn, and Use After Free in Dawn. These problems can lead to errors caused by type confusion, access beyond allocated memory limits, possible code execution, and unpredictable behavior. A remote attacker might exploit these flaws by persuading a user to head to a specially crafted website.
CERT-In advises immediate update to mitigate risks
To counter these threats, CERT-In has advised users to update Google Chrome to version 126.0.6478.114 or later immediately, as Google has released patches addressing these vulnerabilities. Users can find the latest firmware and detailed instructions on the official Google Chrome Releases blog. In addition to updating their browsers, users are also advised to enable automatic updates if this facility is not already activated.
