New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning concerning multiple vulnerabilities identified in Google Chrome OS. In their recent security advisory dated February 08, 2024, marked as CIVN-2024-0031, the government research team has disclosed that the highlighted vulnerabilities pose a significant risk to users of Google Chrome OS versions preceding 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel.
As per CERT-In, these identified vulnerabilities have the potential to be “exploited by a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions, or cause denial of service conditions on the targeted system.”
These vulnerabilities originate from two primary issues:
- Use after free in Side Panel Search: This vulnerability enables attackers to exploit memory errors within the Side Panel Search feature, potentially leading to the execution of arbitrary code or the circumvention of security measures.
- Insufficient data validation in Extensions: This vulnerability results from inadequate validation of data input in extensions, providing attackers with the opportunity to execute malicious actions on affected systems.
According to CERT-In’s vulnerability note, remote attackers can exploit these vulnerabilities by enticing unsuspecting victims to visit specially crafted web pages. Upon visiting these pages, the vulnerabilities will be triggered, allowing attackers to infiltrate unsuspecting users.
To counteract these vulnerabilities, CERT-In strongly recommends updating Google Chrome with the latest available update, incorporating security fixes from Google. Users are advised to promptly update their Google Chrome OS installations to version 114.0.5735.350 (or later) on the LTS channel. These updates include patches that address the identified vulnerabilities, thereby bolstering system security.
Users should exercise caution while browsing the internet, especially when visiting unfamiliar or suspicious websites. It is crucial to avoid clicking on links from untrusted sources or engaging with unsolicited emails or messages.
Implementing strong security practices, such as utilizing reputable antivirus software, consistently updating software and applications, and activating firewalls, can enhance defense mechanisms against potential threats.
Simultaneously, CERT-In is currently observing “Cyber Swachhta Fortnight” from February 1 to 15, 2024. The primary objective of this initiative is to ensure the digital security of the country by safeguarding cyberspace from botnets, which have the potential to infect and compromise end users’ systems.
In pursuit of this goal, CERT-In has introduced the ‘Cyber Swachhta Kendra’ (CSK), presenting the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops, and smartphones. Developed in collaboration with eScan, a reputable cybersecurity solutions vendor, this robust toolkit empowers citizens to scan and clean their devices, protecting them from potential botnet infections.