The Indian Computer Emergency Response Team (Cert-In) has issued a high risk warning regarding multiple vulnerabilities in Google Chrome OS. In its recent security note dated February 08, 2024, designated as CIVN-2024-0031 the government research team has revealed that the flagged vulnerabilities are at high risk and pose significant risks to users of Google Chrome OS prior to version 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel.
According to CERTIn, the flagged vulnerabilities can be “exploited by a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions or cause denial of service conditions on the targeted system.
What is the risk?
These vulnerabilities stem from two main issues:
- Use after free in Side Panel Search: This vulnerability allows attackers to exploit memory errors in the Side Panel Search feature, potentially leading to the execution of arbitrary code or the bypassing of security measures.
- Insufficient data validation in Extensions: This vulnerability arises from inadequate validation of data input in extensions, which can be exploited by attackers to execute malicious actions on affected systems.
Cert-In in its vulnerability note says that remote attackers can leverage these vulnerabilities by luring unsuspecting victims to visit specially crafted web pages. Upon visiting these pages, the vulnerabilities will be triggered, allowing attackers to hack into unsuspected users.
How to stay safe
To safeguard against these vulnerabilities, Cert-In has strongly advised to update their Google Chrome with the latest available update which include security fixes by Google. Users should promptly update their Google Chrome OS installations to version 114.0.5735.350 (or later) on the LTS channel. These updates contain patches that mitigate the identified vulnerabilities, thus enhancing system security.
Additionally, users are advised to:
Exercise Caution: Users should exercise caution when browsing the internet, particularly when visiting unfamiliar or suspicious websites. Avoid clicking on links from untrusted sources or interacting with unsolicited emails or messages.
Implement Security Best Practices: Employing robust security practices such as using reputable antivirus software, regularly updating software and applications, and enabling firewalls can help bolster defence mechanisms against potential threats.
Meanwhile, CERT-In is observing “Cyber Swachhta Fortnight” from February 1 to 15, 2024. The aim of this initiative is to ensure the digital security of the country by securing cyberspace from botnets, which can infect and compromise the end user’s systems.
To achieve this, CERT-In has launched the ‘Cyber Swachhta Kendra’ (CSK), which offers eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops and smartphones. This toolkit is developed in collaboration with eScan, a well-known cybersecurity solutions vendor. With this powerful tool, citizens can scan and clean their devices and protect them from botnet infections.