The Computer Emergency Response Team (CERT-In), the cyber security watchdog under the Ministry of Electronics and Information Technology (MeitY), has issued a high severity alert for Google Chrome users, affecting users of Windows, Mac and Linux operating systems.
According to CERT-In, Google Chrome Chrome for desktop has been found to have multiple vulnerabilities that could be exploited by a remote attacker to execute arbitrary code on the user’s system. The cybersecurity agency said that these vulnerabilities exist in Google Chrome due to a number of reasons, including the use of insufficient initialized data in Dawn and out-of-bounds read in WebTransport.
In an advisory on August 7, CERT-In explained the reasons for the vulnerabilities, noting that “these vulnerabilities exist in Google Chrome for desktop due to an uninitialized use-case in Dawn, an out-of-bounds read in WebTransport, and insufficient data validation in Dawn. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted request.”
The vulnerability affects users of stable channel versions of Google Chrome prior to 127.0.6533.88/89 on Windows, Waterproof and Google Chrome stable channel versions prior to 127.0.6533.88 in Linux.
What should a Google Chrome user do?
Thankfully, CERT-In notes that appropriate updates that fix the above-mentioned issues are available on the Google Chrome website. The cybersecurity agency therefore urges users to update to the latest version of Google Chrome for desktop to stay safe.
Apple Safari and Google Chrome working to resolve a critical security flaw:
Meanwhile, a recent but unrelated report from Forbes had claimed that Apple and Google are working to resolve a critical security vulnerability that has been present in their web browsers for years. This vulnerability, related to the IP address 0.0.0.0, is said to be being exploited by cybercriminals to breach devices and steal users’ data.
According to a report by Forbes, this security flaw may have existed for 18 years, but developers failed to detect it until recently. Researchers at Israeli cybersecurity firm Oligo discovered the issue, which has been labeled a “zero-day vulnerability” due to a lack of prior knowledge and prompt patching.
The exploit, dubbed the “0.0.0.0 day attack” by Oligo AI security researcher Avi Lumelsky, involves malicious websites being able to send harmful requests through the IP address 0.0.0.0. If a user inadvertently clicks on a malicious link, attackers could gain unauthorized access to sensitive information on their device.
Although this flaw primarily affects individuals and organizations hosting their own web servers, the potential scale of compromised systems is significant and experts stress that this security issue should not be underestimated.
3.6 million Indians visited us in a single day and chose us as India’s undisputed platform for the general election results. Explore the latest updates here!
Leave everything and immerse yourself in the Amazon Great Freedom Festival 2024 Offer. Grab incredible offers and incredible offers on laptops, household appliances, Kitchen appliances, devices, Automobiles and furtherThis is your best chance to get your favorite products at great discounts.
Catch all theBusiness News, Technology News,Breaking NewsEvents andLatest news Updates in Live Mint. DownloadMint News App to get daily market updates
Posted: Aug 11, 2024, 12:04 pm IST
Disclaimer
The information contained in this post is for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose.
We respect the intellectual property rights of content creators. If you are the owner of any material featured on our website and have concerns about its use, please contact us. We are committed to addressing any copyright issues promptly and will remove any material within 2 days of receiving a request from the rightful owner.