Indian cyber agency has issued a high-risk warning for Google Chrome users in the country, saying that users must update their Chrome browser immediately. According to the Computer Emergency Response Team in India (CERT-In), multiple vulnerabilities have been reported in Google Chrome which could allow an attacker to execute arbitrary code, bypass security restrictions or cause a denial-of-service condition on the targeted system.
“Multiple vulnerabilities exist in Google Chrome due to Heap buffer overflow error in WebP; Inappropriate implementation in Custom Tabs, Prompts, Input, Intents, Picture in Picture and Interstitials; Insufficient policy enforcement in Downloads and Autofill,” CERT-In said in a report.
The agency also said that cyber attackers could exploit these vulnerabilities by persuading a victim to visit a specially crafted website. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition on the targeted system.
Here’s The List of Affected Chrome Software
– Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.188 (for Mac and Linux)
– Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.187 (for Windows)
– Google Chrome for Desktop versions prior to 117.0.5938.62 (for Mac and Linux)
– Google Chrome for Desktop versions prior to 117.0.5938.62/.63 (for Windows)
“The vulnerability under CVE-2023-4863 is being exploited in the wild. Users are advised to patch the vulnerable devices immediately,” the agency said. For the affected software, users are advised to update their Chrome browser immediately.
According to CERT-In, Google has already released the update and security fix containing patches and solutions for these security issues.
“The Stable and Extended stable channels has been updated to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.
The Extended Stable channel has been updated to 116.0.5845.188 for Windows and 116.0.5845.187 for Mac, which will roll out over the coming days/weeks,” Google wrote in a blopost.