CERT-In Finds Severe Security Issues In Google Chrome For Web

Date: March 13, 2024

The Indian government’s CERT-In team has released a new security risk alert for Google Chrome web browser users.

Google Chrome is the go-to web browser for 3.46 billion users worldwide. In India, the number has gone up to 692 million monthly active users. The Indian government’s Computer Emergency Response Team has released a new security issue with a high to severe rating for all Google Chrome desktop browser users.

The alert indicates multiple severe vulnerabilities in Chrome’s web browser's backend that could open potential gateways for hackers. A hacker can remotely execute arbitrary code or Denial of Service conditions on the targeted systems using these loopholes. The CERT-In team has also released details on the causes of vulnerabilities. 

The bulletin explained the cause in its statement, “Use-after-free error within the FedCM component; out-of-bounds memory access and inappropriate implementation in V8. A remote attacker could exploit these vulnerabilities by sending a specially crafted web page to the targeted system."

However, the issues exist only in the Google Chrome version before 122.0.6261.111/.112 for Windows and Mac and Google Chrome versions before 122.0.6261.111 for Linux. Google acknowledged the vulnerabilities and released an official statement regarding rectification. 

It stated that the vulnerabilities will be resolved in the next version update, which may be released this week. To speed up the issue resolution process, it has also launched a reward system for developers who identify and propose a solution. The reward price is $28,000 in Google’s bug bounties. Google has identified 12 security issues: two high-severity, five medium-severity, and one low-severity. 

CERT-In has urged all Google Chrome desktop users to update it to the latest version immediately. To do that, a user can simply click on the three dots on the top-right corner of the screen. Then, click on Help and About Chrome. Chrome will automatically look for the latest version update, and if found, it will automatically install it. Users may be prompted to restart their browser or even the window for the updates to take effect.

By taking immediate action, users can safeguard their personal information and prevent denial-of-service conditions while using Chrome. If the Chrome browser is updated already to the latest version of 122.0.6261.111/.112 on Windows/Mac and 122.0.6261.111 on Linux, then the security issues are already gone in their desktops.