Two weeks after issuing a warning for Google Chrome users, Computer Emergency Response Team (CERT-IN) has issued another warning for Chrome users. The government body has classified the new warning as ‘high severity’ and has reported that multiple vulnerabilities have been found in select versions of Google Chrome.
For those unfamiliar with CERT-IN, it is a nodal agency under the Ministry of Electronics and Information Technology. It deals with cybersecurity threats like phishing and hacking.
What’s the warning
According to a recently published report, “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to execute arbitrary code and gain access to sensitive information on the targeted system.”
Who all are affected by the newly found vulnerabilities
The government body has mentioned that users using Google Chrome versions prior to 110.0.5481.177/.178 for Windows and Google Chrome versions prior to 110.0.5481.177 for Mac and Linux are currently affected by the new vulnerabilities.
Why these vulnerabilities exists in Google Chrome
CERT-In has mentioned that these vulnerabilities in Google Chrome exist due to use after free in prompts, Web Payments API, SwiftShader, Vulkan, Video and WebRTC; Heap buffer overflow in Video & Integer overflow in PDF. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.
List of vulnerabilities
CVE-2023-0927
CVE-2023-0928
CVE-2023-0929
CVE-2023-0930
CVE-2023-0931
CVE-2023-0932
CVE-2023-0933
CVE-2023-0941
What users can do
CERT-In bas recommended users to apply the latest security patch available that contains fix for the above-mentioned vulnerabilities. Thankfully, Google has already rolled an update for Chrome recently which contains fix for the issues found by CERT-In.
For those unfamiliar with CERT-IN, it is a nodal agency under the Ministry of Electronics and Information Technology. It deals with cybersecurity threats like phishing and hacking.
What’s the warning
According to a recently published report, “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by an attacker to execute arbitrary code and gain access to sensitive information on the targeted system.”
Who all are affected by the newly found vulnerabilities
The government body has mentioned that users using Google Chrome versions prior to 110.0.5481.177/.178 for Windows and Google Chrome versions prior to 110.0.5481.177 for Mac and Linux are currently affected by the new vulnerabilities.
Why these vulnerabilities exists in Google Chrome
CERT-In has mentioned that these vulnerabilities in Google Chrome exist due to use after free in prompts, Web Payments API, SwiftShader, Vulkan, Video and WebRTC; Heap buffer overflow in Video & Integer overflow in PDF. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.
List of vulnerabilities
CVE-2023-0927
CVE-2023-0928
CVE-2023-0929
CVE-2023-0930
CVE-2023-0931
CVE-2023-0932
CVE-2023-0933
CVE-2023-0941
What users can do
CERT-In bas recommended users to apply the latest security patch available that contains fix for the above-mentioned vulnerabilities. Thankfully, Google has already rolled an update for Chrome recently which contains fix for the issues found by CERT-In.
Please follow and like us:
