You are currently viewing CERT-In Urges Google Chrome Users to Update Immediately; Makes High Severity Alert
Citation: Image is used for information purposes only. Picture Credit: https://akm-img-a-in.tosshub.com/

CERT-In Urges Google Chrome Users to Update Immediately; Makes High Severity Alert

Prime Highlights:

  • CERT-In has urged Google Chrome users of Windows, Mac, and Linux operating systems to update instantly.
  • Remote attackers are likely able to execute arbitrary code or cause system instability due to critical flaws.

Key Facts:

  • The vulnerabilities exist in Chrome versions less than 137.0.7151.55 for Linux and 137.0.7151.55/56 for Windows and Mac.
  • These security vulnerabilities are occurring due to use-after-free bugs in important components such as Compositing and libvpx.
  • Exploitation of these vulnerabilities can lead to system crashes, stability, and unauthorized code execution.

Key Background

India’s Computer Emergency Response Team (CERT-In) has issued a top-level security warning notification to Google Chrome users for a chain of high-severity vulnerabilities. They target desktop versions of Chrome for Windows, Mac, and Linux operating systems, exposing millions of users to cyber attacks.

These are due to use-after-free bugs in modules like Compositing and libvpx. Use-after-free bugs occur when the browser attempts to access already freed memory, and this might lead to unstable behavior like crashes or running malicious code. These bugs would be exploited by attackers via specially designed web pages that, when accessed with a vulnerable version of Chrome, lead to these bugs and infect the user’s system.

Impacted Chrome versions include below 137.0.7151.55 on Linux and 137.0.7151.55 or 137.0.7151.56 on Windows and Mac. CERT-In stresses updating the browsers at the earliest to the latest stable version in order to prevent exploitation possibility.

This timely announcement puts the continuous need for maintaining software updates in place to protect against increasingly complex cybersecurity attacks. Users are reminded of updating and installing updates on a regular basis as they are released. Updating software not only protects individual machines but also assists in protecting larger digital realms.

In brief, this guidance is a reminder that vigilance and pre-emptive defence steps need to be instituted in countering vulnerabilities made accessible for exploitation remotely that can lead to anything ranging from system instability to execution of unauthorised code.