Computer Emergency Response Team (CERT-In), the national cybersecurity watchdog under Ministry of Electronics and Information Technology (MeitY), has issued a high-severity warning for Google Chrome users on desktop. CERT-In warnss that vulnerabilities in older vesions of Google Chrome on Windows, macOS, and Linux are currently being exploited by attackers.
What’s the issue?
CERT-In states that versions of Google Chrome prior to 136.0.7103.113/.114 on Windows and Mac, and prior to 136.0.7103.113 on Linux, contain multiple security vulnerabilities which could be exploited by the attackers. These vulnerabilities stem from:
• Insufficient policy enforcement in the browser loader
• Incorrect handling in Mojo, a component used for inter-process communication in Chromium-based browsers.
CERT-In says that the target audience for these attacks could be all end-user organization and individuals using Google Chrome.
What could go wrong?
According to CERT-In, the vulnerabilities in Google Chrome could allow a remote attacker to execute arbitrary code, essentially giving them control of a user’s system. This could lead to:
• Disclosure of sensitive data
• Compromise of system integrity
• Potential malware injection or spyware installation
CERT-In also warns that one of the flaws is particularly critical since it is already being used by attackers for real-world attack, making it an urgent threat.
What should you do?
The good news is that CERT-In assures that these vulnerabilities have already been fixed in the latest version of Google Chrome for Desktop. Therefore, the cybersecurity agency urges users and organizations to update their Google Chrome browser to the latest update immediately.
In order to update your Google Chrome browser on desktop, follow the below steps.
• Open Google Chrome, tap on the Chrome Menu and then click on Help, followed by About Google Chrome
• Your browser should automatically check for new updates and if an update is available then install them automatically.
Source link