In a recent development, India’s Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a high-severity warning to Google Chrome users regarding multiple vulnerabilities found in specific versions of the popular web browser. This advisory is crucial for anyone using Google Chrome as it highlights potential risks associated with these specific browser versions.
What’s the warning
The advisory states that “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to execute arbitrary code and gain access to sensitive information on the targeted system.” This is a serious matter that demands immediate attention to protect users’ data and systems from potential breaches.
These vulnerabilities, classified as high-severity, are attributed by CERT-In to several factors, including ‘use after free’ scenarios in prompts, Web Payments API, SwiftShader, Vulkan, Video, and WebRTC. Additionally, a heap buffer overflow in Video and an integer overflow in PDF have also contributed to the issue. The concerning part is that a remote attacker could potentially exploit these vulnerabilities by luring unsuspecting victims to visit maliciously crafted web pages.
Here is a list of the vulnerabilities highlighted by CERT-In:
What’s the warning
The advisory states that “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to execute arbitrary code and gain access to sensitive information on the targeted system.” This is a serious matter that demands immediate attention to protect users’ data and systems from potential breaches.
These vulnerabilities, classified as high-severity, are attributed by CERT-In to several factors, including ‘use after free’ scenarios in prompts, Web Payments API, SwiftShader, Vulkan, Video, and WebRTC. Additionally, a heap buffer overflow in Video and an integer overflow in PDF have also contributed to the issue. The concerning part is that a remote attacker could potentially exploit these vulnerabilities by luring unsuspecting victims to visit maliciously crafted web pages.
Here is a list of the vulnerabilities highlighted by CERT-In:
- CVE-2023-4427
- CVE-2023-4428
- CVE-2023-4429
- CVE-2023-4430
- CVE-2023-4431
Affected Versions:
- Google Chrome versions prior to 116.0.5845.110/.111 for Windows
- Google Chrome versions prior to 116.0.5845.110 for Mac and Linux
What can users do?
To safeguard your system and data, CERT-In strongly recommends that users immediately apply the latest available security patches for Google Chrome. On a positive note, Google has already released the latest version of Chrome, which includes fixes for these vulnerabilities.