Google Chrome for Desktop Faces a High-risk Security Issue

By Consultants Review Team Thursday, 20 June 2024

The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning for various vulnerabilities detected in Google Chrome for desktop. The nodal organization for dealing with cybersecurity events has urged Chrome users to take quick steps to protect their computers against potential misuse.

The detected vulnerabilities have been documented under CERT-In Vulnerability Note CIVN-2024-0193, and they affect Google Chrome versions previous to 126.0.6478.114/115 for Windows and Mac, as well as versions prior to 126.0.6478.114 for Linux. According to CERT-In, these security weaknesses might pose serious threats to consumers if not resolved.

Affected software

Google Chrome versions before 126.0.6478.114/115 for Windows and Mac

Google Chrome versions before 126.0.6478.114 for Linux

What are the vulnerabilities?

According to CERT-In, the reported vulnerabilities are due to problems in the browser's code that might be exploited by hostile actors. Specifically, they include:

Type Confusion in V8: This vulnerability stems from the JavaScript engine used by Chrome, which can cause type confusion problems.

Inappropriate Bounds Memory Access in Dawn: Dawn, a graphics library, has weaknesses that allow access outside assigned memory boundaries.

Use After Free in Dawn: This requires utilizing previously freed memory, which might result in unexpected behavior and code execution.

Threats presented by these vulnerabilities 

A remote attacker might exploit these flaws by enticing a user to visit a specially designed web page. Once the user gets on this website, the vulnerabilities may be exploited, allowing the attacker to execute arbitrary code on the target machine. This might result in a number of negative outcomes, including data theft, system compromise, and the spread of malicious software.

Security remedies against these vulnerabilities 

To defend against these vulnerabilities, users should upgrade their browser to the current version. The affected versions should be upgraded to 126.0.6478.114 or newer. Google has previously provided updates that address these concerns. The official Google Chrome Releases blog provides the most recent upgrades and instructions.

Enable automatic updates. If it is not already enabled, enable automatic updates for Google Chrome. This guarantees that you receive the newest security fixes as soon as they become available.
Use caution while clicking on links from unknown sources. Phishing efforts sometimes utilize attractive or disturbing messages to trick visitors into accessing malicious websites.

Given the seriousness of these vulnerabilities, all Google Chrome users should upgrade their browsers immediately. Failure to do so may expose their systems to major security concerns, such as remote code execution and data leaks.

Current Issue