The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning concerning multiple vulnerabilities in Google Chrome OS. In a security advisory dated February 8, 2024, designated as CIVN-2024-0031, the government research team revealed that the identified vulnerabilities posed significant risks to users of Google Chrome OS versions preceding 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel.
According to CERT-In, the flagged vulnerabilities can be exploited by remote attackers to execute arbitrary code, gain elevated privileges, bypass security restrictions, or cause denial of service conditions on the targeted system.
The vulnerabilities stem from two main issues:
Use after free in Side Panel Search:
This vulnerability enables attackers to exploit memory errors in the Side Panel Search feature, potentially leading to the execution of arbitrary code or bypassing security measures.
Insufficient data validation in Extensions: Arising from inadequate validation of data input in extensions, this vulnerability can be exploited by attackers to execute malicious actions on affected systems.
CERT-In’s vulnerability note highlights that remote attackers can leverage these vulnerabilities by enticing unsuspecting victims to visit specially crafted web pages. Upon visiting these pages, the vulnerabilities are triggered, allowing attackers to compromise unsuspecting users.
To mitigate the risks associated with these vulnerabilities, CERT-In strongly advises users to update their Google Chrome installations, including security fixes provided by Google. It is highly recommended that users update their Google Chrome OS to version 114.0.5735.350 or above on the LTS channel as soon as possible. These updates contain patches that mitigate the identified vulnerabilities, thereby enhancing system security.
Meanwhile, CERT-In is currently observing Cyber Swachhta Fortnight from February 1 to 15, 2024. The primary aim of this initiative is to ensure the digital security of the country by securing cyberspace from botnets, which can infect and compromise end users’ systems.
As part of this initiative, CERT-In has launched the Cyber Swachhta Kendra (CSK), offering the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops and smartphones. Developed in collaboration with eScan, a reputable cybersecurity solutions vendor, this toolkit enables citizens to scan and clean their devices, protecting them from botnet infections.
(Edited by : Pihu Yadav)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Prajwal Revanna's father in custody for alleged kidnapping and sexual abuse
May 4, 2024 7:53 PM
Delhi, Indore, Surat and Banswara — why these are the most challenging domains for Congress internally
May 4, 2024 1:53 PM
Congress nominee from Puri Lok Sabha seat withdraws, citing no funds from party
May 4, 2024 12:00 PM
Lok Sabha Polls '24 | Rahul Gandhi in Rae Bareli, why not Amethi
May 4, 2024 9:43 AM