The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for Google Chrome users. The government agency has alerted users about several vulnerabilities found in the popular web browser, which if exploited could allow remote attackers to hack users’ systems. CERT-IN has identified the vulnerabilities in the note as CIVN-2024-0282 and it urges users to take immediate action to protect their systems.

According to CERT-In, these vulnerabilities affect Google Chrome versions prior to 128.0.6613.119/.120 for Windows and macOS, and versions prior to 128.0.6613.119 for Linux. These vulnerabilities have been given the CVE identifiers CVE-2024-8362 and CVE-2024-7970. CERT-In states that these vulnerabilities arise from “use-after-free” issues in Web Audio and other components of Chrome, which could be exploited by remote attackers to gain control of the affected system.

Giving more details about the risks, CERT-In explained that these reported vulnerabilities could allow a remote attacker to execute arbitrary code on the targeted system. In simple terms, this means that hackers can exploit these vulnerabilities, and if successful, they can run any command or software on your computer without your permission. Once they get this access, they can potentially take complete control over the system, allowing them to steal sensitive information such as passwords and financial details, install malicious software (malware), or even use your computer to attack others.

Notably, such cyberattacks that exploit these vulnerabilities often occur when the victim is tricked into visiting a maliciously crafted webpage. These attacks require no action from the user other than visiting the site, making it an easy but dangerous way for attackers to compromise systems. This is why the warning is important, and it is essential for users to be careful about the links they click and the websites they visit, especially when they are browsing unfamiliar or suspicious-looking pages.

How to solve the problem

Although the risk is high, CERT-IN noted that Google has already released security updates to address these vulnerabilities in the latest versions of Chrome. Therefore, users are strongly advised to immediately update their browser to version 128.0.6613.119/.120 for Windows and macOS or version 128.0.6613.119 for Linux. To update your Google Chrome browser:

• Open Google Chrome.
• Click on the three vertical dots in the top-right corner of the browser.
• Go to “Help” and then “About Google Chrome.”
• Chrome will automatically check for updates and install them if available. Restart your browser to complete the update process.

In addition to applying the latest updates, here are some security tips you can follow as a precaution while browsing online:

– Make sure automatic updates are enabled in Chrome so you get the latest security patches as soon as they are released.

– Avoid clicking on suspicious links or visiting unfamiliar websites, as these are common ways for cyber attackers to exploit vulnerabilities.

– Keep your antivirus and anti-malware software updated to detect and prevent malicious activities.

– Additionally, make sure you back up your data regularly. Regular backups can help minimize damage in case of a security breach, allowing you to restore your data if needed.