The Indian Computer Emergency Response Team (Cert-In) has issued a high-risk warning concerning numerous vulnerabilities identified in Google Chrome OS. In its latest security advisory dated February 08, 2024, labelled as CIVN-2024-0031, the government research team has disclosed that the identified vulnerabilities present significant risks to users of Google Chrome OS versions preceding 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel.
CERT-In states that these vulnerabilities have the potential to be “exploited by a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions or cause denial of service conditions on the targeted system.”
What Risk Does It Pose To Users?
- Use after free in Side Panel Search: Exploiting memory errors within the Side Panel Search feature is possible due to this vulnerability, potentially leading to the execution of arbitrary code or the bypassing of security measures.
- Insufficient data validation in Extensions: Insufficient validation of input data in extensions gives rise to this vulnerability, creating an opportunity for attackers to carry out malicious actions on impacted systems.
Cert-In in its vulnerability note said that remote attackers can leverage these weak spots by luring unaware victims to visit specially crafted web pages. After visiting these crafted pages, the vulnerabilities will be triggered which will ultimately allow attackers to hack into unsuspected users.
In order to safeguard against these vulnerabilities, Cert-In has strongly advised users to stay up-to-date with the latest version of Google Chrome which include security fixes by Google.
Users must update their Google Chrome OS installations to version 114.0.5735.350 (or later) on the LTS channel. The said updates contain patches that mitigate the identified weak spots which will gradually enhance system security.
Meanwhile, CERT-In is actively engaged in the “Cyber Swachhta Fortnight” taking place from February 1 to 15, 2024. The primary objective of this initiative is to enhance the digital security of the nation by safeguarding cyberspace against botnets that have the potential to infect and compromise end-user systems.
In pursuit of this goal, CERT-In has introduced the ‘Cyber Swachhta Kendra’ (CSK), which provides the eScan Botnet Scanning & Cleaning Toolkit designed for laptops, desktops, and smartphones. This toolkit is a collaborative effort with eScan, a reputable cybersecurity solutions provider. Empowering citizens with a robust tool, they can now scan and cleanse their devices, fortifying them against botnet infections.