Computer Emergency Response Team (CERT-In), the cyber security watchdog under the Ministry of Electronics and Information Technology (MeitY), has warned Google Chrome users. The warning is specifically for people using Windows, Mac, and Linux operating systems.
As per CERT-In’s warning, Google Chrome for desktops ahs been found to have multiple vulnerabilities that could be exploited by a remote attacker to execute arbitrary code on the user’s system.
The cybersecurity agency said that these issues exist in the browser for a number of reasons, including initialized and insufficient data usage in the dawn and out-of-bounds read in WebTransport.
Also Read: Govt Issues Serious Warning Qualcomm, MediaTek-Based Android Phones
Keep Your Google Chrome Browser Updated
The agency also gave the reasons behind the vulnerabilities in an advisory dated August 7, CERT-In noted, “These vulnerabilities exist in Google Chrome for Desktop due to Uninitialized use in the dawn; Out of bounds read in WebTransport and Insufficient data validation in the dawn. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted request."
The vulnerabilities affect users of Google Chrome stable channel versions before 127.0.6533.88/89 on Windows, Mac, and Google Chrome stable channel versions prior to 127.0.6533.88 on Linux.
Thankfully, the agency noted that appropriate updates that can fix these issues are available on the Google Chrome website. Therefore, the cybersecurity agency urges users to update to the latest version of Google Chrome for desktops in order to stay safe.
Also Read: Apple Could Launch Its Smallest Mac Mini With M4 Chips
Apple Safari And Google Chrome Trying To Fix Security Flaws
A recent unrelated report from Forbes stated that Google and Apple are working to resolve critical security vulnerabilities that have been present in their web browsers for a long time. This issue is related to the IP address 0.0.0.0 and is reportedly being exploited by hackers to breach devices and steal user data.
As per the report, this security flaw could have existed for more than 18 years, yet developers missed it completely, until recently. Researchers from the Israeli cybersecurity firm Oligo uncovered the issue, which has been labeled a "zero-day vulnerability" because of the lack of prior awareness and immediate patching.
The exploit called the "0.0.0.0-day attack" by Oligo AI security researcher Avi Lumelsky, involves malicious websites sending harmful requests through the 0.0.0.0 IP address. If a user clicks on a malicious link, it could allow attackers to gain unauthorized access to sensitive information on their device.