New Delhi: The Indian Computer Emergency Response Team (Cert-In) has issued a high-risk warning concerning several vulnerabilities found in Google Chrome OS. According to their latest security advisory dated February 8, 2024, identified as CIVN-2024-0031, the government research team has disclosed that these vulnerabilities are deemed high-risk and present substantial threats to users of Google Chrome OS versions preceding 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel.
As per CERTIn’s findings, the identified vulnerabilities can be utilized by a remote attacker to execute arbitrary code, attain elevated privileges, circumvent security measures, or induce denial of service situations on the targeted system.
What are the risks involved?
The risk associated with these vulnerabilities stems from two primary issues:
-Use-after-free in Side Panel Search: This vulnerability enables attackers to exploit memory errors within the Side Panel Search feature, potentially resulting in the execution of arbitrary code or the circumvention of security protocols. (Also Read: Meta Will Stop Suggesting Political Content To Users On Both Instagram And Threads)
-Insufficient data validation in Extensions: This vulnerability arises from inadequate validation of input data in extensions, providing attackers with the opportunity to execute malicious actions on compromised systems. (Also Read: OpenAI Introduces Watermarking For AI-Generated Images Via DALL-E 3; Check Details)
According to Cert-In’s vulnerability note, remote attackers can exploit these vulnerabilities by enticing unsuspecting users to visit specially crafted websites. Upon accessing these sites, the vulnerabilities would be triggered, allowing attackers to compromise the security of unsuspecting users.
How to ensure safety
To stay protected from these vulnerabilities, Cert-In strongly recommends updating Google Chrome to the latest version, which includes security patches from Google. Users should promptly update their Google Chrome OS to version 114.0.5735.350 (or newer) on the LTS channel to address these vulnerabilities and improve system security.
Furthermore, users should:
-Be cautious: Exercise care when browsing the internet, especially on unfamiliar or suspicious websites. Avoid clicking on links from untrusted sources or engaging with unsolicited emails or messages.
-Follow security best practices: Implement robust security measures such as using trusted antivirus software, regularly updating software and applications, and enabling firewalls to enhance protection against potential threats.
CERT-In is currently conducting a “Cyber Swachhta Fortnight” from February 1 to 15, 2024. This initiative aims to safeguard the nation’s digital security by protecting cyberspace from botnets, which have the potential to infect and compromise users’ systems.
To achieve this goal, CERT-In has introduced the ‘Cyber Swachhta Kendra’ (CSK), which provides the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops, and smartphones. Developed in partnership with eScan, a reputable cybersecurity solutions provider, this toolkit empowers individuals to scan and cleanse their devices, shielding them from botnet threats.