The Indian government has once again issued a high-risk warning to Google Chrome users regarding critical vulnerabilities found in the browser, which could expose their systems to cyber attacks. According to a recent advisory issued by Indian computer emergency response team CERT-In, several security vulnerabilities have been found in Google Chrome, which are posing a serious threat to users. If these vulnerabilities are exploited, they could allow remote attackers to execute malicious code or crash the system.

The latest CERT-In vulnerability note – CIVN-2024-0311, released on September 26, 2024, notes a series of vulnerabilities in Google Chrome. These issues are classified as high-severity due to their potential impact on users’ systems. CERT-In states that these vulnerabilities are caused by flaws and improper implementation in Chrome’s JavaScript engine (V8), which poses serious security risks.

Hackers can exploit these vulnerabilities to execute arbitrary code on the target system. This means that a cyber attacker could potentially take control of the affected system, steal sensitive information, or install malicious software. In the worst case, an attacker could crash the Chrome browser, allowing further exploitation.

The shortcomings identified according to CERT-In include:

Type confusion in V8: This vulnerability occurs when a piece of code does not handle a variable properly, leading to unexpected behavior.

Use-after-free vulnerabilities: These arise when a program does not properly clear memory after use, which can allow attackers to manipulate that memory for malicious purposes.

Improper Implementation: This flaw refers to the improper operation of some browser operations, leaving the browser open to remote code execution.

Affected Software Version

Here is a list of versions of Google Chrome that are affected by the vulnerabilities:

– Google Chrome versions before 129.0.6668.70/.71 for Windows and Mac
– Google Chrome versions before 129.0.6668.70 for Linux

CERT-In notes that these vulnerabilities affect all platforms including Windows, macOS, and Linux, making it imperative for users to update their software as soon as possible. Additionally, Google Chrome users who have not yet updated to the latest version are particularly at risk, as hackers can exploit these flaws before users can apply the required patches.

How to protect your system

To mitigate the risks associated with these vulnerabilities, CERT-In and Google are strongly recommending users to update their Chrome browser to the latest version. Google has already released an update that addresses these vulnerabilities in its Chrome browser. Make sure you are using Google Chrome version 129.0.6668.70 or later.

To check and update your version:

Open Chrome > Click on the three dots at the top right > Click on Help > About Google Chrome > Click on Update Google Chrome.