Computer Emergency Response Team (CERT-In), the cyber security watchdog under the Ministry of Electronics and Information Technology (MeitY), has issued a high severity alert for Google Chrome users, affecting users on Windows, Mac and Linux operating systems.
According to CERT-In, Google Chrome for desktop has been found to have multiple vulnerabilities that could be exploited by a remote attacker to execute arbitrary code on the user’s system. The cybersecurity agency said that these vulnerabilities exist in Google Chrome due to a number of reasons, including initialised and insufficient data usage in dawn and out of bounds read in WebTransport.
Giving reasons behind the vulnerabilities in an advisory dated August 7, CERT-In noted, “These vulnerabilities exist in Google Chrome for Desktop due to Uninitialized use in dawn; Out of bounds read in WebTransport and Insufficient data validation in dawn. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted request.”
The vulnerability affects users of Google Chrome stable channel versions prior to 127.0.6533.88/89 on Windows, Mac and Google Chrome stable channel versions prior to 127.0.6533.88 on Linux.
What should a Google Chrome user do?
Thanks, CERT-In notes that appropriate updates that fix the above mentioned issues are available on the Google Chrome website. Therefore, the cybersecurity agency urges users to update to the latest version of Google Chrome for desktop in order to stay safe.
Apple Safari and Google Chrome working on resolving critical security flaw:
Meanwhile, a recent but unrelated report by Forbes had stated that Apple and Google are working to resolve a critical security vulnerability that has been present in their web browsers for years. This vulnerability, related to the IP address 0.0.0.0, and is reportedly being exploited by cybercriminals to breach devices and steal user data.
According to a Forbes report, this security flaw could have existed for as long as 18 years, yet developers did not notice it until recently. Researchers from the Israeli cybersecurity firm Oligo uncovered the issue, which has been labeled a “zero-day vulnerability” due to the lack of prior awareness and immediate patching.
The exploit, dubbed the “0.0.0.0-day attack” by Oligo AI security researcher Avi Lumelsky, involves malicious websites potentially sending harmful requests through the 0.0.0.0 IP address. If a user inadvertently clicks on a malicious link, it could enable attackers to gain unauthorized access to sensitive information on their device.
Although this flaw primarily impacts individuals and organizations that host their own web servers, the potential scale of compromised systems is significant, and experts emphasize that this security issue should not be underestimated.
3.6 Crore Indians visited in a single day choosing us as India’s undisputed platform for General Election Results. Explore the latest updates here!
Catch all theBusiness News, Technology News,Breaking NewsEvents andLatest News Updates on Live Mint. Download TheMint News App to get Daily Market Updates
More
Less
Published: 11 Aug 2024, 12:04 PM IST