The Indian Computer Emergency Response Team (CERT-In) has sent out a security alert to alarm the users of Google Chrome. The cyber security watchdog has issued CERT-In Vulnerability Note CIVN-2023-0295 on October 11. It marks a number of high-severity vulnerabilities that hackers can exploit and harm the safety and speed of devices that use Google Chrome.
The security note says that the High severity vulnerabilities encompass “Use after free” flaws in Site Isolation, Blink History, and Cast, as well as improper implementations in various Chrome features such as Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input.
A heap buffer overflow vulnerability has also been identified in the handling of PDF files.
CERT-In has said that remote attackers can exploit these vulnerabilities by sending carefully crafted requests to the target system.
There could be a number of harmful consequences due to these attacks, including bypassing security restrictions, executing unauthorized code, revealing sensitive data, and causing denial-of-service (DoS) disruptions on the targeted system.
What does it mean in English? Well, to put it simply, the hackers would be able to take complete control of your devices, which is a major threat in itself.
For Windows, Google Chrome versions prior to 118.0.5993.70/.71 are affected by these high-severity vulnerabilities, and for Mac and Linux, Google Chrome versions prior to 118.0.5993.70 have been affected.
What to do now?
This applies to almost all kinds of possible threats: update your systems. CERT-In has asked users to update their systems immediately. Google on its part has responded to the notice and has issued updates to fix the vulnerabilities.
You can update your Google Chrome by going to More (three dots)>Click Help > About Google Chrome. If there is an update available, Chrome will start downloading it automatically.
Relaunch Chrome once the update has been downloaded.
Once the update is downloaded, click relaunch to apply the update.
The Indian government has also offered free tools through CERT-In to help users protect their devices from malware and bot.
These tools include:
eScan CERT-IN Bot Removal: Available on the Google Play Store
M-Kavach 2: Developed by C-DAC Hyderabad
Free Bot Removal Tool: Available at csk.gov.in
Users can access these free malware detection tools through the Cyber Swachhta Kendra portal. The website provides information and tools to users to secure their systems/devices.