Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning on vulnerabilities in Google Chrome OS, urged to upgrade their browsers immediately. The security note, CIVN-2024-0031, was released on February 8, 2024, and it identifies serious threats related to Google Chrome OS versions earlier than 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel. The government wants you to download the most recent version of Google Chrome because it fixes all of the current vulnerabilities.
Nature of the Threats
CERT-In identifies these vulnerabilities as exploitable by remote attackers to execute arbitrary code, gain elevated privileges, bypass security restrictions, or cause denial of service conditions on affected systems. The vulnerabilities primarily stem from two sources: a “use after free” flaw in the Side Panel Search feature and inadequate data validation in extensions, both of which can be leveraged by attackers to compromise system integrity.
What Risk Does It Pose To Users?
- Use after free in Side Panel Search: Exploiting memory errors within the Side Panel Search feature is possible due to this vulnerability, potentially leading to the execution of arbitrary code or the bypassing of security measures.
- Insufficient data validation in Extensions: Insufficient validation of input data in extensions gives rise to this vulnerability, creating an opportunity for attackers to carry out malicious actions on impacted systems.
How to stay safe
To safeguard against these vulnerabilities, Cert-In has strongly advised to update their Google Chrome with the latest available update which include security fixes by Google. Users should promptly update their Google Chrome OS installations to version 114.0.5735.350 (or later) on the LTS channel. These updates contain patches that mitigate the identified vulnerabilities, thus enhancing system securit