Indian Government Issues Urgent Alert for Google Chrome Users

By Consultants Review Team Friday, 09 February 2024

The Indian Computer Emergency Response Team (Cert-In) has recently raised a significant alert concerning potential vulnerabilities in Google Chrome OS, urging users to promptly update their browsers. Highlighting the risks associated with outdated versions of Google Chrome OS, particularly those preceding version 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel, Cert-In emphasized the critical nature of the flagged vulnerabilities.

According to Cert-In's security advisory, identified vulnerabilities could be exploited by remote attackers to execute arbitrary code, obtain elevated privileges, circumvent security protocols, or initiate denial of service attacks on targeted systems. The vulnerabilities primarily stem from two main sources: a "use after free" flaw in the Side Panel Search feature, enabling memory exploitation, and insufficient data validation in Extensions, facilitating the execution of malicious actions.

In its vulnerability note, Cert-In warned that cyber attackers could exploit these vulnerabilities by directing unsuspecting users to specially crafted websites. Upon accessing these sites, the vulnerabilities could be triggered, granting attackers unauthorized access to users' systems. To mitigate these risks, Cert-In strongly recommends updating Google Chrome OS to version 114.0.5735.350 or later, as these updates contain patches to address the identified vulnerabilities and enhance overall system security.

In addition to updating software, users are advised to exercise caution while browsing the internet, particularly when encountering unfamiliar or suspicious websites. It's crucial to avoid clicking on links from untrusted sources or engaging with unsolicited emails or messages. Furthermore, implementing robust security measures such as using reputable antivirus software, regularly updating applications, and enabling firewalls can help strengthen defense mechanisms against potential threats.

Meanwhile, Cert-In is currently observing "Cyber Swachhta Fortnight" from February 1 to 15, 2024, with the goal of enhancing the nation's digital security by safeguarding cyberspace from botnets. As part of this initiative, Cert-In has launched the 'Cyber Swachhta Kendra' (CSK), offering the eScan Botnet Scanning & Cleaning Toolkit developed in collaboration with cybersecurity solutions vendor eScan. This toolkit empowers citizens to scan and clean their devices, protecting them from botnet infections and contributing to a safer online environment.

Current Issue