The Indian Computer Emergency Response Team (CERT-In), part of the IT ministry, has issued a ‘high severity’ warning for Google Chrome Internet browser users. As per the advisory, several vulnerabilities have been found in Google Chrome browser and these could be exploited by a remote attacker to execute arbitrary code on the targeted PC.
The attacker may get access to personal data and also inject malware to snoop on a targeted PC. Google has already released a fix for these vulnerabilities in its latest software update for Chrome and it is highly advisable that Google Chrome users upgrade to the latest version soon.
Google recently announced that the Chrome Stable channel has been updated to 96.0.4664.93 for Windows, Mac and Linux. The update is already available for users. Google also said that the “Extended stable channel has also been updated to 96.0.4664.93 for Windows and Mac which will roll out over the coming days/weeks.”
Google acknowledged that the latest Chrome update includes 22 security fixes, many of which were highlighted by “external researchers”.
CERT-In in ts advisory said, “Multiple vulnerabilities exists in Google chrome due to Type Confusion in V8;Use after free in web apps, UI, window manager, screen capture, file API, auto fill and developer tools; Incorrect security UI in autofill;Heap buffer overflow in extensions, BFCache and ANGLE; Type Confusion in loader; Insufficient data validation in loader; Integer underflow in ANGLE and Insufficient validation of untrusted input in new tab page.”
Warning users, CERT-In added, “A remote attacker could exploit these vulnerabilities by enticing a victim to visit a specially crafted web page. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the targeted system.”
