Google Chrome users again at high risk of hacking, here is how you can protect your system

The Indian government has alerted Google Chrome users to critical vulnerabilities that pose serious security risks. Users are strongly advised to update their browsers immediately to protect against potential cyberattacks.

In Short

• CERT-In issues high risk warning for Google Chrome users
• The warning is related to multiple vulnerabilities found in the Google's browser
• Google has already released a fix to solve the issue

The Indian government has once again released a high risk warning for Google Chrome users about critical vulnerabilities found in the browser, that could expose their systems to cyberattacks. According to a recent advisory issued by the Indian Computer Emergency Response Team CERT-In, multiple security vulnerabilities have been discovered in Google Chrome, which are posing a serious threat to users. These vulnerabilities, if exploited, could allow remote attackers to execute malicious code or crash the system.

The latest CERT-In Vulnerability Note – CIVN-2024-0311, issued on September 26, 2024 notes a series of vulnerabilities in Google Chrome. These issues have been categorised as high-severity due to their potential impact on users’ systems. CERT-In explains that these vulnerabilities are caused by flaws in Chrome's JavaScript engine (V8) and inappropriate implementations, leading to serious security risks.

Hackers can exploit these vulnerabilities to execute arbitrary code on the target system. This means that a cyberattacker can potentially control the affected system, steal sensitive information, or install malicious software. In the worst-case scenario, an attacker could cause the Chrome browser to crash, leading to further exploitation.

According to CERT-In the identified flaws include:

Type Confusion in V8: This vulnerability occurs when a piece of code does not properly handle a variable, leading to unintended behaviour.

Use-after-free vulnerabilities: These arise when a program does not correctly clear memory after use, which can allow attackers to manipulate that memory for malicious purposes.

Inappropriate implementation: This flaw refers to improper handling of certain browser operations, leaving the browser open to remote code execution.

Affected software versions

Here is the list of versions of Google Chrome which are affected by the vulnerabilities:

– Google Chrome versions prior to 129.0.6668.70/.71 for Windows and Mac
– Google Chrome versions prior to 129.0.6668.70 for Linux

CERT-In notes that these vulnerabilities affect all platforms, including Windows, macOS, and Linux, making it imperative for users to update their software as soon as possible. Also Google Chrome users who have not yet updated to the latest version are particularly at risk, as hackers could exploit these flaws before the users have applied the necessary patches.

How to protect your system

To mitigate the risks associated with these vulnerabilities, CERT-In and Google are strongly recommending users to update their Chrome browser to the latest version. Google has already released an update that addresses these vulnerabilities in its Chrome browser. Ensure you are using Google Chrome version 129.0.6668.70 or later.

To check your version and update it:

Open Chrome > At the top right click on three dots > Click Help > About Google Chrome > Click Update Google Chrome.