CERT-In has issued a critical-severity advisory warning regarding multiple vulnerabilities discovered in Google Chrome for desktop. According to the central government agency, these vulnerabilities pose a high risk of remote code execution, unauthorized access to sensitive data, service disruption, and privilege escalation. Notably, Google has acknowledged these vulnerabilities and released a log of all issues that will be fixed with the next update, which is expected to roll out in the coming days.
As per CERT-In’s advisory, the discovered vulnerabilities can allow a remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, cause a heap-based buffer overflow or lead to Denial of Service (DoS) conditions on the targeted system.
Every end-user organisation and individual using Google Chrome for desktop is at risk from these vulnerabilities. This can potentially result in system compromise, service disruption, and disclosure of sensitive information without consent.
As per CERT-In, these vulnerabilities exist in Chrome due to User-after-free in WebRTC, GPU, QUIC, XR and DOM, Out-of-bounds read in GPU, Heap buffer overflow in WebRTC and Chromecast, Type confusion in GFX, Insufficient policy enforcement in Service Worker, Insufficient validation of untrusted input in Input, and inappropriate implementation of UI.
As part of the resolution, CERT-In has advised users to follow Google’s resolution. The search giant has mentioned in a change log that a patch to fix these issues will be rolled out in the coming days or weeks. Users can stay up-to-date with the update, and download the forthcoming update as soon as it becomes available.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
