Government Issues High-Risk Alert For Google Chrome Users: Critical Update Recommended. Here's Why
The CERT-In advisory specifically applies to Google Chrome desktop versions earlier than 131.0.6778.204/.205 for Windows and Mac
Google Chrome Alert: The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory for Google Chrome users, highlighting multiple security vulnerabilities that pose significant risks to systems. The advisory, issued under the Ministry of Electronics and Information Technology, warns that these flaws could allow remote attackers to gain unauthorised access or disrupt targeted systems.
Who Is At Risk?
The advisory specifically applies to Google Chrome desktop versions earlier than 131.0.6778.204/.205 for Windows and Mac and versions prior to 131.0.6778.204 for Linux. CERT-In has labelled these vulnerabilities with a “high severity” risk level, indicating the potential for serious consequences, including data theft and system instability.
Both individual users and organisations relying on Chrome for daily operations are advised to act swiftly.
What Are The Vulnerabilities?
According to CERT-In, the identified vulnerabilities could enable attackers to execute arbitrary code or trigger denial-of-service (DoS) conditions. The issues stem from flaws such as:
- Type Confusion in V8: A JavaScript engine error that could lead to incorrect execution of code.
- Out-of-Bounds Memory Access in V8: An error that allows access beyond allocated memory, creating opportunities for exploitation.
- Out-of-Bounds Write and Use-After-Free in Compositing: Flaws that could allow attackers to overwrite sensitive data or reuse memory improperly, potentially leading to system crashes or unauthorised control.
How To Stay Protected
CERT-In strongly advises users to update their browsers immediately to mitigate risks. Google has already released updates addressing these vulnerabilities. The latest stable versions are 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux.
Users should enable automatic updates to ensure their systems remain secure against future threats. Keeping browsers up to date is a critical step in safeguarding against evolving cyber risks.