Computer Emergency Response Team (CERT-In), the cybersecurity watchdog under the Ministry of Electronics and Information Technology (MeitY), has issued a high severity warning for Google Chrome users. The warning affects users running Windows, Mac and Linux operating systems.
According to CERT-In, multiple vulnerabilities have been found in Google Chrome for desktop that could be exploited by a remote attacker to execute arbitrary code on a user’s system. The cybersecurity agency said that these vulnerabilities exist in Google Chrome for a number of reasons, including initialized and insufficient data usage in dawn and out-of-bounds read in WebTransport.
CERT-In provided rationale for the vulnerabilities in an August 7 advisory, noting: “These vulnerabilities exist in Google Chrome for Desktop due to Uninitialized Usage in Dawn; Out of Bounds Read in WebTransport; and Insufficient Data Validation in Dawn. An attacker could exploit these vulnerabilities by convincing a victim to visit a specially crafted request.”
The vulnerability affects users of stable channel versions of Google Chrome before 127.0.6533.88/89 on Windows, Mac, and stable channel versions of Google Chrome before 127.0.6533.88 on Linux.
What should a Google Chrome user do?
Thanks, CERT-In notes that suitable updates that fix the above-mentioned issues are available on Google Chrome’s website. Therefore, the cybersecurity agency urges users to update to the latest version of Google Chrome for desktop to stay safe.
Apple Safari and Google Chrome are working to fix a critical security vulnerability:
Meanwhile, a recent but unrelated report by Forbes had stated that Apple and Google are working on fixing a critical security vulnerability that has been present in their web browsers for years. This vulnerability, related to the IP address 0.0.0.0, is reportedly being exploited by cybercriminals to hack devices and steal user data.
According to a Forbes report, this vulnerability could have existed for 18 years, but developers only recently noticed it. Researchers from Israeli cybersecurity firm Oligo discovered the issue, which has been labeled a “zero-day vulnerability” due to the lack of prior awareness and immediate patching.
The exploit, dubbed the “0.0.0.0-day attack” by Oligo AI security researcher Avi Lumelsky, involves malicious websites sending potentially malicious requests via the IP address 0.0.0.0. If a user inadvertently clicks on a malicious link, attackers could gain unauthorized access to sensitive information on their device.
Although this leak mainly affects individuals and organizations that host their own web servers, the scale of compromised systems is significant. Experts stress that this security problem should not be underestimated.
3.6 Crore Indians visited us in a single day and chose us as India's undisputed platform for the general election results. Check out the latest updates here!
Drop everything and dive into the Amazon Great Freedom Festival Sale 2024. Grab great offers and incredible deals on laptops, home appliances, kitchen appliances, gadgets, cars and more. This is your best chance to grab favorite products at deep discounts.
Get all the business news, technology news, current news events and latest news updates on DailyExpertNews. Download Mint News app to get daily market updates
More Less
Published: Aug 11, 2024, 12:04 PM IST