India’s CERT-In agency issues ‘high severity’ notice for Google Chrome users


Google Chrome is highly susceptible to cyberattacks due to multiple existing vulnerabilities in the browser, the government’s cybersecurity arm’s Computer Emergency Response Team (CERT-In) warned in its latest advisory. CERT-In said that Google Chrome OS could be exploited by hackers who can “bypass various restrictions, execute arbitrary code” and gain full access to the browser.

According to CERT-In, Google Chrome users should immediately update the Chrome browser to prevent targeted attacks. The agency noted that only Chrome versions prior to 98.0.4758.80 are affected by the vulnerabilities. “These vulnerabilities exist in Google Chrome due to free usage in Safe Browsing, Reader Mode, Web Search, Thumbnails Tab, Strip, Screenshot, Window Dialog, Payments, Extensions, Accessibility, and Streaming; Heap buffer overflow in ANGLE; Improper implementation of Full Screen Mode, Scrolling, Extensions Platform and Pointer Lock; Type confusion on V8; Policy bypass in COOP and memory access out of bounds in V8,” the notice read.

Meanwhile, Google fixed the vulnerabilities in Chrome 98 earlier this month. The nodal agency in its notice categorized the seriousness of the problems as “high”.

This is how you can update Google Chrome manually:

1) Go to chrome

2) Click ‘About Google Chrome’

3) Check for updates

4) Once the update is installed, you will need to reset the browser to its latest version.

CERT-In is the nodal agency within the Ministry of Electronics and Information Technology of the Government of India. It deals with cyber security threats like hacking and phishing. Its objective is to strengthen the defense related to the security of the Indian Internet domain.

It should be noted that CERT-In has always been circumspect of Google Chrome in the past as well. Previously, the agency strongly criticized the availability of certain extensions in the Chrome store. Meanwhile, in 2020, CERT-In had asked Google Chrome users to uninstall certain extensions that were caught collecting “sensitive” user data.


Source link


Please enter your comment!
Please enter your name here