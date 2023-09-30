The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for Google Chrome users across the nation. The alert comes in response to the tech giant's recent revelation of numerous vulnerabilities in its ubiquitous browser platform that may be exploitable by malicious entities.

These vulnerabilities could potentially allow hackers to execute arbitrary code, gain unauthorized access to sensitive information, or cause denial of service (DoS) attacks. This development poses cybersecurity challenges to millions of Chrome users, jeopardizing their online safety and data privacy.

"A remote attacker could allow these vulnerabilities by executing a specially crafted HTML page," CERT-In said in a statement.

These vulnerabilities exist in Google Chrome due to heap buffer overflow in vp8 encoding libvpx, use-after-free error in Passwords and Extensions. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions or cause a denial-of-service condition on the targeted system, added CERT-In.

These vulnerabilities affect Desktop versions prior to 117.0.5938.132 and CERT-In has recommended applying appropriate updates.

What makes the situation even more troubling is that one of the vulnerabilities, CVE-2023-4863, is already being exploited in the wild. This suggests that cybercriminals are actively exploiting this security issue. As a result, Google Chrome users must take quick steps to secure their systems.

Here is the complete list of affected software vulnerable to hackers:

Affected Chrome Software

Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.188 (for Mac and Linux)

Google Chrome (Extended Stable Channel) versions prior to 116.0.5845.187 (for Windows)

Google Chrome for Desktop versions prior to 117.0.5938.62 (for Mac and Linux)

Google Chrome for Desktop versions prior to 117.0.5938.62/.63 (for Windows)

How hackers will try to trick users

A popular method amongst these is to entice unsuspecting internet users into visiting malicious websites. These concealed cyber threats exploit user vulnerabilities, allowing hackers to infiltrate their systems with ease.

On clicking a seemingly innocuous link or accessing a compromised website, an attacker can execute harmful code. This stealth operation gives them control over the user's system, enabling them to bypass established security protocols. It can also lead to a full-scale denial-of-service attack, crippling the user's system and rendering it useless.

The firm highly advises users to upgrade Google Chrome browser immediately for the affected software. Furthermore, the cybersecurity organisation recommends users keep their browsers and other software up to date in order to avoid future dangers.

To upgrade Google Chrome, follow these steps:

Open a new tab in Chrome.

In Chrome, click the three dots icon in the upper right corner.

From the dropdown menu, choose "Help."

Select "About Google Chrome."

Finally, restart your browser to have the changes take effect.

