The Indian Computer Emergency Response Team (CERT-In) has issued multiple high-severity warnings regarding security vulnerabilities in the Google Chrome web browser, urging users to take immediate action to protect their systems. These vulnerabilities could allow remote attackers to execute arbitrary code, bypass security protections, and gain unauthorized access to sensitive user data.

Nature of the Threat

The warnings highlight that attackers could exploit these vulnerabilities by convincing a user to visit a specially crafted or malicious webpage. This means users don't need to download suspicious files or install unknown programs to be affected. Simply visiting a compromised website could allow attackers to execute harmful code remotely, potentially leading to data theft, system compromise, or unauthorized access. The vulnerabilities stem from various issues, including inappropriate implementations in Chrome's Extensions, Type Confusion in the V8 JavaScript engine, out-of-bounds read/write in V8 and use-after-free in WebGPU, and incorrect handle provision in Mojo on Windows.

Impact of the Vulnerabilities

Successful exploitation of these vulnerabilities could have severe consequences for Google Chrome users. Attackers could gain control over sensitive information, including passwords, banking information, addresses, and other personal details, potentially leading to financial fraud and identity theft. They could also install malware on affected devices, steal data, or cause system instability.

Affected Versions

The CERT-In advisories specify the Google Chrome versions affected by these vulnerabilities. Users running older versions of Chrome on Windows, macOS, and Linux systems are particularly at risk and are strongly advised to update their browsers immediately. For example, one advisory stated that Chrome versions prior to 143.0.7499.146/.147 on Windows and macOS, and versions prior to 143.0.7499.146 on Linux, were vulnerable. Another advisory specified that Google Chrome versions before 130.0.6723.69 for Windows and Mac, and versions released before 130.0.6723.69 for Linux were affected.

Recommended Actions

CERT-In strongly recommends that Google Chrome users take the following steps to mitigate the risks associated with these vulnerabilities:

• Update Google Chrome: Update to the latest version of the Google Chrome browser immediately.
• Enable Automatic Updates: Enable automatic updates to prevent future vulnerabilities.
• Exercise Caution: Exercise caution when installing browser extensions.
• Maintain Security Software: Maintain up-to-date antivirus software.
• Use Strong Passwords: Use strong, unique passwords for all online accounts.

How to Update Google Chrome

To update Google Chrome, follow these steps:

1. Open Google Chrome.
2. Click on the three dots in the top-right corner.
3. Go to "Help" and select "About Google Chrome."
4. Chrome will automatically check for updates and install the latest version.

By taking these steps, users can protect their systems and data from potential cyberattacks. Given Chrome's widespread use, this warning is relevant to individuals, businesses, and IT administrators alike.