Security vulnerabilities in Google Chrome on December
The Indian government has issued an urgent warning to users and organizations about a series of serious security vulnerabilities in the Google Chrome browser on December 10.
According to the warning, these vulnerabilities can be exploited by attackers to run malware remotely, bypass security measures or forge a user interface, just by getting victims access a malicious website.
According to the official announcement, Chrome versions for Windows, macOS, and Linux released before version 142.0.7444.134/.135 are all on the affected list.
Among the identified vulnerabilities, the most prominent is the off-line writing errors in WebGPU and many problems in V8, Views and Omnibox, which are assessed to lead to remote code execution (RCE), an extremely dangerous form of attack.
The Indian Computer Emergency Response Agency (CERT-In) said that the risk level is assessed as high. If exploited, hackers can install spyware, steal data, or take control of the victim's device.
In particular, businesses, financial institutions and sensitive information processing agencies are recommended to urgently update the latest security patch.
What should users do?
To check and update, users should:
Open Chrome → click on the three-digit icon () → Help → Introduce to Google Chrome.
Chrome will automatically check the update and go through the installation.
Restart the browser after completion.
The recommended safe version is 142.0.7444.135 or later on macOS/Linux and equivalent on Windows.
Google confirmed that it has released an emergency patch, and announced a list of security errors (CVE) that have been fixed in the new release note.
Enterprises need to take immediate action
Information technology management groups in organizations should:
- Deploy patches simultaneously through the end point management system.
- Check the access log to detect any unusual activity.
- Deactivate unnecessary additional utilities, while activating security monitoring tools.
- Browse the internet and limit access to unreliable websites while the patch is applied.
Note
Google said that the company has handled the matter quickly and coordinated closely with the Indian cybersecurity agency. However, experts warn that delaying Chrome updates could make users the target of cyber attacks.
If you are using Chrome on your computer, update today.
