The Indian Computer Emergency Response Team (CERT-In) has issued a high risk alert against multiple vulnerabilities identified in Google Chrome for desktop. The nodal agency to deal with cyber security incidents has urged Chrome users to take immediate action to protect their systems from potential exploits.

The identified vulnerabilities are documented under CERT-In Vulnerability Note CIVN-2024-0193 and affect Google Chrome versions prior to 126.0.6478.114/115 for Windows and Mac and versions prior to 126.0.6478.114 for Linux. According to CERT-In, these security flaws could pose significant risks to users if left unattended.

Affected software

Google Chrome versions prior to 126.0.6478.114/115 for Windows and Mac
Google Chrome versions prior to 126.0.6478.114 for Linux

What are its weaknesses?

According to CERT-In, the identified vulnerabilities arise from issues present in the browser’s code that could be exploited by malicious actors. Specifically, they include:

Type confusion in V8: This vulnerability arises from the JavaScript engine used in Chrome, which can cause type confusion errors.
Improper Bounds Memory Access in Dawn: Dawn, a graphics library, has flaws that allow access beyond allocated memory boundaries.
Use after free in Dawn: This involves using memory that has already been freed, which can lead to unexpected behavior and potentially code execution.

Risks posed by these vulnerabilities

A remote attacker can exploit these vulnerabilities by persuading a user to visit a specially crafted web page. Once the user reaches this page, the vulnerabilities can be activated, allowing the attacker to execute arbitrary code on the targeted system. This can lead to a variety of malicious consequences, including data theft, system compromise, and further dissemination of malicious software.

Security measures against these vulnerabilities

To protect their devices from these vulnerabilities, users are strongly advised to:

Make sure your browser is updated to the latest version. Affected versions should be updated to 126.0.6478.114 or later. Google has already released patches addressing these issues. You can find the latest updates and instructions on the official Google Chrome release blog.

Enable automatic updates. If not already enabled, turn on automatic updates for Google Chrome. This ensures that you get the latest security patches as soon as they are available.

Be cautious about clicking links from unknown sources. Phishing attempts often use tempting or threatening messages to lure users into visiting malicious websites.

Given the high severity of these vulnerabilities, it is important for all Google Chrome users to update their browser without delay. Failure to do so could expose their systems to serious security risks, including remote code execution and potential data breaches.