The Indian computer emergency response team (CERT-In) has issued an high severity warning regarding multiple vulnerabilities found in Google Chrome which can allow a remote attacker to crash the affected system and additionally allow them to execute arbitrary code within the context of the process. The agency has recommended that users install the update as soon as possible to minimize the risk of the security threat.
The identified vulnerabilities in respective products may allow remote attackers to execute arbitrary code, bypass security restrictions, and cause a denial-of-service (DoS) condition on the affected system, CERT-In said in its recent advisory. The flaws are all bad for one reason or another, one of which is a problem in the browser’s rendering engine, another that impacts the way Chrome handles extensions, and a third that is a problem with memory management in general.
Although the actual technical nature of the vulnerabilities has not been disclosed publicly to prevent misuse, CERT-In said the impacted flaws if a success ful exploitation can result in take-over of infected device. Attackers may be able to access sensitive information, install other malicious applications, or have additional impact on the affected device.
The advisory strongly advises that users upgrade the Chrome browser to the most recent stable version. Google has already fixed these security issues with updates already available. Ordinarily, users would be able to update the browser by clicking on three dots in the top-right corner, going to “Help” and then to “About Google Chrome”. The browser runs automatically checks for updates, installs the updates and restarts the browser. It usually takes a browser restart to finish the upgrade.
CERT-In recommends keeping software, including web browsers, up to date to overcome latest online threats. It is equally important to actively update your security patches. Users should also be cautious when browsing the internet – not to click on links or download files from untrusted sources. This latest claim is a key reminder that we cannot put our guard down when it comes to security and is a reminder of the continued weathering of potential threats.
