Indian cyber agency Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a high-risk warning to Google Chrome users in India.
According to CERT-In, multiple vulnerabilities have been found in Google ChromeOS LTS which could be exploited by a remote attacker to cause denial of service condition, elevation of privilege and remote code execution on the targeted system.
“These vulnerabilities exist in Google ChromeOS LTS due to Use after free in Extensions, Heap buffer overflow in vp8 encoding in Ibvpx, Out of bounds memory access in FedC, flaws in AMD platforms and issues in Linux Kernel,” the cyber agency said.
A remote attacker could exploit these vulnerabilities by sending a specially crafted request on the targeted system.
Complete List Of Google Chrome ‘Vulnerabilities’ Reported By CERT-In
“The vulnerability CVE-2023-5217 is being exploited in the wild,” the agency said. The agency warned that successful exploitation of these vulnerabilities could allow a remote attacker to cause denial of service condition, elevation of privilege and remote code execution on the targeted system.
Users are advised to update their Chrome browser immediately. Google has already released the update and security fix containing patches and solutions for these security issues.
“This update contains multiple Security fixes, including: 1475798 High CVE-2023-5187 Use after free in Extensions, 1450784 Medium CVE-2023-4366 Use after free in Extensions, 1486441 High CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx and 1476403 High CVE-2023-4761 Out of bounds memory access in FedCM,” the US-based tech giant wrote in a blogpost.
To update Google Chrome browser: Click on the three dots menu in the top left corner. Then Select ‘Help.’ Next, you have to Click ‘About Google Chrome.’ Now, Google Chrome will automatically check for and install updates. If your browser is up to date, you will see a message saying “Google Chrome is up to date.”