Computer Emergency Response Team (CERT-In), an agency operating under the Ministry of Electronics and Information Technology, has issued a warning for Google Chrome users. Classified as ‘high severity,’ this warning pertains to the discovery of multiple vulnerabilities within specific versions of Google Chrome.
The role of CERT-In encompasses addressing and managing cybersecurity threats, encompassing issues such as hacking and phishing. Their latest advisory underscores the potential risks linked with using certain iterations of the popular web browser.
What’s the threat
The advisory divulges that “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to execute arbitrary code and gain access to sensitive information on the targeted system.” The gravity of the situation calls for immediate action to safeguard users’ data and systems from potential breaches.
The vulnerabilities in question have been attributed by CERT-In to several factors, including ‘use after free’ scenarios in prompts, Web Payments API, SwiftShader, Vulkan, Video, and WebRTC.
Additionally, a heap buffer overflow in Video and integer overflow in PDF have contributed to this issue. The concerning part is that a remote attacker could potentially exploit these vulnerabilities by luring unsuspecting victims to visit maliciously crafted web pages.
List of all the vulnerabilities found
The vulnerabilities highlighted by CERT-In are as follows:
– CVE-2023-0927
– CVE-2023-0928
– CVE-2023-0929
– CVE-2023-0930
– CVE-2023-0931
– CVE-2023-0932
– CVE-2023-0933
– CVE-2023-0941
Affected versions
Google Chrome versions prior to 115.0.5790.170 for Linux and Mac
Google Chrome versions prior to 115.0.5790.170/.171 for Windows
What users can do?
CERT-In has recommended users to promptly apply the latest available security patches for the browser. On a positive note, Google has already dropped the latest version of Chrome which includes fixes for these vulnerabilities.
The role of CERT-In encompasses addressing and managing cybersecurity threats, encompassing issues such as hacking and phishing. Their latest advisory underscores the potential risks linked with using certain iterations of the popular web browser.
What’s the threat
The advisory divulges that “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to execute arbitrary code and gain access to sensitive information on the targeted system.” The gravity of the situation calls for immediate action to safeguard users’ data and systems from potential breaches.
The vulnerabilities in question have been attributed by CERT-In to several factors, including ‘use after free’ scenarios in prompts, Web Payments API, SwiftShader, Vulkan, Video, and WebRTC.
Additionally, a heap buffer overflow in Video and integer overflow in PDF have contributed to this issue. The concerning part is that a remote attacker could potentially exploit these vulnerabilities by luring unsuspecting victims to visit maliciously crafted web pages.
List of all the vulnerabilities found
The vulnerabilities highlighted by CERT-In are as follows:
– CVE-2023-0927
– CVE-2023-0928
– CVE-2023-0929
– CVE-2023-0930
– CVE-2023-0931
– CVE-2023-0932
– CVE-2023-0933
– CVE-2023-0941
Affected versions
Google Chrome versions prior to 115.0.5790.170 for Linux and Mac
Google Chrome versions prior to 115.0.5790.170/.171 for Windows
What users can do?
CERT-In has recommended users to promptly apply the latest available security patches for the browser. On a positive note, Google has already dropped the latest version of Chrome which includes fixes for these vulnerabilities.
