Urgent Advisory: The Indian government's Computer Emergency Response Team, known as CERT-In, which runs under the Ministry of Electronics and Information Technology, has issued a serious warning about potential security flaws in specific versions of Google Chrome.
These flaws could expose users to a variety of security dangers, including phishing attacks, data breaches, and malware infections. Users must exercise caution and take reasonable precautions to safeguard their safety.
CERT-In has discovered many vulnerabilities in specific versions of Google Chrome that could be exploited by attackers.
These flaws can be found in a variety of Chrome components, including prompts, Web Payments API, SwiftShader, Vulkan, Video, and WebRTC.
They include heap buffer overflows in Video and integer overflows in PDF, both of which attackers might exploit to infiltrate a user's PC.
The likelihood of an attacker exploiting these vulnerabilities by tricking a user into visiting a rogue website is especially concerning.
An attack of this type could give the attacker control of the user's computer and allow sensitive information to be stolen.
The vulnerabilities highlighted by CERT-In include identifiers such as CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, and CVE-2023-4078.
Google Chrome previous versions 115.0.5790.170 for Linux and Mac, and versions preceding 115.0.5790.170/.171 for Windows, are affected. It is strongly urged that users of these versions take urgent action to protect their systems.
CERT-In recommends that users immediately update Google Chrome to the current version to safeguard their systems since Google has already published fixes to address these issues. Users can start the updating process by doing the following:
1. Launch Google Chrome.
2. Click on the three dots located in the top right corner of the window.
3. From the drop-down menu, select Help, then About Google Chrome.
4. If an update is available, Chrome will automatically download and install it.
5. After the update is installed, Chrome will restart.
Users can also check for updates manually by going to Help > About Google Chrome and selecting "Check for updates."
In addition to updating the browser, the following other security practises are recommended to improve device protection:
- Exercise caution while visiting websites and clicking on links. If a website's safety is uncertain, it's best to avoid it.
- Utilize a reliable password manager to generate and store strong passwords for online accounts.
- Enable two-factor authentication (2FA) for accounts that support it.
- Practice discretion in sharing personal information online, particularly on social media platforms.
- Maintain up-to-date operating systems and software with the latest security patches.
- Implement a firewall and reliable antivirus software to guard against malware threats.
