The Indian Computer Emergency Response Team (CERT-In) has raised a high-severity warning regarding vulnerabilities present in Google Chrome OS, urging users to update their browsers immediately. Released on February 8, 2024, under the designation CIVN-2024-0031, the security note highlights significant risks associated with Google Chrome OS versions preceding 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel. Govt wants you to download the latest Google Chrome update as that will remove all current vulnerabilities that are there.
Nature of the Threats
CERT-In identifies these vulnerabilities as exploitable by remote attackers to execute arbitrary code, gain elevated privileges, bypass security restrictions, or cause denial of service conditions on affected systems. The vulnerabilities primarily stem from two sources: a “use after free” flaw in the Side Panel Search feature and inadequate data validation in extensions, both of which can be leveraged by attackers to compromise system integrity.
Remote attackers can exploit these vulnerabilities by enticing users to visit specially crafted web pages, triggering the identified vulnerabilities upon access. To mitigate these risksHT, CERT-In strongly recommends updating Google Chrome OS to version 114.0.5735.350 or later, as these updates contain patches addressing the identified vulnerabilities.
Additionally, users are advised to exercise caution while browsing the internet, especially when encountering unfamiliar or suspicious websites, and to avoid interacting with links from untrusted sources or unsolicited emails and messages. Implementing security best practices such as using reputable antivirus software, regularly updating software and applications, and enabling firewalls can further enhance defense mechanisms against potential threats.
In parallel, CERT-In is conducting a “Cyber Swachhta Fortnight” from February 1 to 15, 2024, aimed at securing cyberspace from botnets, which pose a threat to end user systems. As part of this initiative, CERT-In has introduced the ‘Cyber Swachhta Kendra’ (CSK) in collaboration with eScan, providing the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops, and smartphones. This toolkit empowers citizens to scan and clean their devices, fortifying them against botnet infections and contributing to overall digital security efforts.
Also, read other top stories today:
Social media scam alert! Most scams reported to the finance app Revolut started their journey on Facebook, Instagram and WhatsApp. Most money was lost to “get-rich-quick” schemes. Some interesting details in this article. Check it out here.
AI opportunities in India! Microsoft CEO Satya Nadella urged more than a thousand Indian computer code developers they use the company’s artificial intelligence tools being deployed across its products. Find out more details here.
Voice cloning becomes illegal! US regulators have declared scam “robocalls” made using voices created with AI as illegal. This move comes after an impersonation of POTUS surfaced last month, requesting people not to cast ballots in the New Hampshire primary. Dive in here.
One more thing! We are now on WhatsApp Channels! Follow us there so you never miss any updates from the world of technology. To follow the HT Tech channel on WhatsApp, click here to join now!