The desktop version of Google Chrome is affected by multiple vulnerabilities that could allow hackers to access sensitive information and bypass security restrictions, the government warned users through a note issued by India’s Computer Emergency Response Team (CERT-In). The Node Agency for Cybersecurity Threats has advised Chrome users in the country to update the browser on their systems to avoid security concerns. Google has acknowledged a vulnerability in its Chrome browser and released an update.
The flaws could allow an attacker to remotely execute arbitrary code on the browser, or even cause a buffer overflow (an attempt to write more data into a fixed-length block of memory to corrupt software) on the target system, CERT-In said in the vulnerability description. .
The agency has given a “high” severity rating to the issue affecting the Chrome browser. The vulnerabilities are due to improper implementation in elements such as WebGL, Extensions API, Input, HTML Parser, Web Authentication, and iFrame, heap buffer overflow in WebGPU and Web UI settings, out-of-bounds memory access in UI Shelf, insufficient data validation Resulting in incorrect security interface in Blink Editing, Trusted Types and Dev Tools, and Downloads.
Google acknowledged the issues now covered by the Indian agency in a blog post published last month. It also released Chrome version 101.0.4951.41 for Windows, macOS, and Linux to patch known issues. The update contains a total of 29 security fixes.
CERT-In has urged Chrome users to install the latest version to patch a vulnerability that is public and easily exploited by attackers.