Reportedly, the Indian Computer Emergency Response Team (CERT-In) has warned Google Chrome users of a high-level threat. The cybercrime nodal agency highlighted some major vulnerabilities in the Chrome browser for the desktop.
CERT-In wants Chrome users to immediately update the browser to the latest version. Google acknowledged the vulnerabilities and released a fix via a software update.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” Google said in an official statement.
What is the issue?
The agency highlighted that the Google Chrome version prior to 101.0.4951.41 had been impacted by a new flaw in the software. The threat is primarily for desktop users only. Google has acknowledged the flaw and listed 30 vulnerabilities in the Chrome blog post. Around seven flaws have been classified as ‘High’ threats.
CERT-In further explained that these high-level vulnerabilities can be exploited and allow a remote attacker to execute arbitrary code and in turn gain access to sensitive information. The flaw is said to allow hackers to be able to bypass security restrictions and cause a buffer overflow on the targeted system.
The agency highlighted that “these vulnerabilities exist in Google Chrome due to Use after free in Vulkan, SwiftShader, ANGLE, Device API, Sharin System API, Ozone, Browser Switcher, Bookmarks, Dev Tools and File Manager; Inappropriate implementation in We Extensions API, Input, HTML Parser, Web Authentication, and iframe; Heap buffer overflow in WebGPU and Web UI Set Confusion in V8; Out of bounds memory access in UI Shelf; Insufficient data validation in Blink Editing, Trusted Type Tools; Incorrect security UI in Downloads.”
Update your browser immediately
CERT-In has urged all Chrome desktop users to upgrade the browser to version 101.0.4951.41. The agency said that any version before this could be susceptible to attacks, which may eventually lead to the loss of sensitive data. The vulnerabilities have been discovered in Windows, Mac as well as Linux.
Google has started rolling out the update for Windows, Mac, and Linux. The update should reach all users over the coming days or weeks.
About Author
