Critical Chrome Security Alert: Update Your Browser Immediately
The Indian Computer Emergency Response Team (Cert-In) has issued a high-severity security warning for Google Chrome desktop users. Multiple critical vulnerabilities have been discovered that could allow hackers to steal sensitive data, execute malicious code, and take control of affected systems.
Key Takeaways
- Cert-In warns of high-risk vulnerabilities in Google Chrome desktop versions
- Security flaws enable data theft, remote code execution, and system compromise
- Affects Windows, Mac, and Linux users with outdated Chrome versions
- Immediate update to latest Chrome version recommended
What Cert-In Discovered
India’s national cybersecurity agency identified multiple security flaws in Google Chrome that pose serious threats to users. These vulnerabilities can be exploited through specially crafted web pages, putting millions of users at risk.
“Multiple vulnerabilities have been reported in Google Chrome, which could allow a remote attacker to execute arbitrary code, bypass security restrictions, perform a Spoofing attack or disclose sensitive information on the targeted system.”
Affected Chrome Versions
The security warning applies to specific outdated versions of Google Chrome:
- Google Chrome versions before 142.0.7444.59 for Linux
- Google Chrome versions before 142.0.7444.59/60 for Windows and Mac
- Google Chrome versions before 142.0.7444.60 for Mac
Cert-In emphasized that these security flaws impact
“all end-user organisations and individuals using Google Chrome for Desktop.”
Severity of the Threat
The vulnerabilities carry significant risks according to the cybersecurity agency:
“high risk of remote code execution, privilege escalation or unauthorised access to sensitive data,”
with
“potential for system compromise, data theft or service disruption,”
Technical Details
Cert-In provided detailed technical analysis of the security flaws:
“Multiple vulnerabilities exist in Google Chrome due Type Confusion in V8, Inappropriate implementation in V8, Extensions, App-Bound Encryption, Autofill; Object lifecycle issue in Media, Race in V8, Storage; Incorrect security UI in Omnibox, Fullscreen UI, SplitView; Policy bypass in Extensions, Use after free in PageInfo, Ozone and Out of bounds read in V8, WebXR.”
The V8 JavaScript engine, which converts computer code to readable text, contains several of these vulnerabilities. Attackers can exploit these weaknesses by tricking users into visiting malicious websites.
Cert-In strongly recommends all Google Chrome users update to the latest version immediately to protect against these critical security threats.
