The vulnerabilities disclosed by CERT-In impact individuals utilizing versions of Google Chrome that are earlier than 116.0.5845.96/.97 for Windows, and versions earlier than 116.0.5845.96 for Mac and Linux operating systems.
CERT-In clarifies that these vulnerabilities stem from concerns like utilization post-deallocation in domains including offline mode, device engagements, network communication, audio functionalities, DNS, and extensions.
This governmental organization functions under the Ministry of Electronics and Information Technology.
In a recent advisory, CERT-In emphasized significant vulnerabilities present in Google Chrome, leading to an immediate request for users to expeditiously update their web browsers. The warning from CERT-In underscores that “Several critical vulnerabilities have been identified in Google Chrome, potentially enabling malicious actors to circumvent security limitations, execute unauthorized code, expose confidential data, and trigger conditions leading to Denial of Service (DoS) on the targeted system.” These vulnerabilities pose a notable threat to user information and system security.
The vulnerabilities detected by CERT-In impact individuals utilizing versions of Google Chrome earlier than 116.0.5845.96/.97 for Windows, as well as versions prior to 116.0.5845.96 for Mac and Linux. Users employing these specific versions are at an elevated risk of potential exploitation stemming from these security vulnerabilities.
The governmental agency elaborates that these vulnerabilities arise from issues such as “use after free,” spanning across offline mode, device interactions, network communications, audio functions, DNS, and extensions. Similarly, challenges are evident in the execution of features like fullscreen mode, app launchers, color management, autofill, web sharing, and permission prompts. Additionally, there are reservations concerning type confusion and the accessing of memory out of bounds within the V8 engine, coupled with a heap buffer overflow in components like ANGLE, Skia, and Mojom IDL. The insufficiency of verifying untrusted inputs in XML and the deficient enforcement of policies within the Extensions API contribute to the predicament as well.
The advisory furnishes an inventory of discerned vulnerabilities:
- CVE-2023-2312
- CVE-2023-4349
- CVE-2023-4350
- CVE-2023-4351
- CVE-2023-4352
- CVE-2023-4353
- CVE-2023-4354
- CVE-2023-4355
- CVE-2023-4356
- CVE-2023-4357
- CVE-2023-4358
- CVE-2023-4359
- CVE-2023-4360
- CVE-2023-4361
- CVE-2023-4362
- CVE-2023-4363
- CVE-2023-4364
- CVE-2023-4365
- CVE-2023-4366
- CVE-2023-4367
- CVE-2023-4368
CERT-In strongly recommends that users promptly update their Google Chrome browsers in response to these alarming security concerns. The good news is that Google has already released the most recent Chrome update to tackle these vulnerabilities. To ensure the safety of your system, adhere to the following guidelines:
1. Open Settings: Launch Google Chrome and click on the three vertical dots situated in the upper right-hand corner to access the menu.
2. Choose “About Chrome”: Scroll down the menu and select “About Chrome.”
3. Check for Updates: Chrome will automatically initiate a search for updates. If a fresh update is accessible, it will commence the downloading process.
4. Install the Update: Once the update is downloaded, follow the on-screen instructions to complete the installation process.
