The Indian Computer Emergency Response Team (CERT-In) issued a high-severity warning on September 30, 2023, about multiple vulnerabilities in the popular web browser Google Chrome. These vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.
CERT-In has advised users to update their Chrome browsers to the latest version as soon as possible to mitigate these risks. The affected versions of Chrome are:
- Windows: Prior to 117.0.5938.132
- Mac: Prior to 117.0.5938.132
- Linux: Prior to 117.0.5938.132
Google has released a security update that addresses these vulnerabilities, and users can update their browsers manually or enable automatic updates to ensure that they are always using the latest version.
CERT-In has not provided any specific details about the vulnerabilities, but has said that they are being exploited in the wild. This means that attackers are already using these vulnerabilities to target Chrome users, so it is important to update to the latest version as soon as possible.
What can users do to protect themselves?
In addition to updating their Chrome browsers, users can also take the following steps to protect themselves from these vulnerabilities:
- Be careful about what links you click on and what attachments you open. Phishing emails are a common way for attackers to exploit vulnerabilities in web browsers, so it is important to be vigilant.
- Use a strong password manager to create and manage strong, unique passwords for all of your online accounts.
- Enable two-factor authentication (2FA) whenever possible. 2FA adds an extra layer of security to your accounts by requiring you to enter a code from your phone in addition to your password when logging in.
What is CERT-In?
CERT-In is the national nodal agency for cyber security incidents in India. It is responsible for coordinating the response to cyber security incidents and issuing warnings and advisories to users and organizations about potential threats.
Why is this warning important?
Google Chrome is the most popular web browser in the world, with over 3.3 billion active users. This means that these vulnerabilities could potentially affect a large number of people.
In addition, the fact that these vulnerabilities are being exploited in the wild means that they are a serious threat to Chrome users. Attackers could use these vulnerabilities to steal personal information, install malware, or even take control of users’ devices.
What should organizations do?
Organizations should advise their employees to update their Chrome browsers to the latest version as soon as possible. They should also implement security measures such as web filtering and employee awareness training to help protect employees from phishing attacks and other cyber threats.
The high-severity warning from CERT-In is a reminder that cyber threats are constantly evolving. It is important for users and organizations to take steps to protect themselves from these threats, such as keeping their software up to date and using strong security measures.
Additional information
In addition to the information above, here are some additional things to keep in mind:
- The vulnerabilities that CERT-In is warning about were discovered by researchers at Google’s Threat Analysis Group (TAG). TAG is a team of security experts who are responsible for identifying and responding to the most advanced threats to Google users.
- Google has a bug bounty program that rewards researchers for finding and reporting security vulnerabilities in Google products. The bug bounty program has helped Google to fix thousands of vulnerabilities over the years.
- Users can report suspicious activity to Google by visiting the Chrome Help Center.
Here are some additional tips for staying safe online:
- Be careful about what information you share online. Avoid sharing personal information such as your address, phone number, and Social Security number on public websites or social media.
- Use a VPN when connecting to public Wi-Fi networks. VPNs encrypt your traffic, making it more difficult for attackers to intercept your data.
- Keep your software up to date. Software developers regularly release updates to fix security vulnerabilities. By keeping your software up to date, you can help to protect yourself from known threats.
- Be suspicious of unsolicited emails and phone calls. Phishing emails and scams are designed to trick you into revealing personal information or clicking on malicious links. If you receive an email or phone call from someone you don’t know, don’t click on any links or give away any personal information.
If you think you may have been a victim of a phishing attack or other cyber crime, you should report it to the authorities. You can also contact Google for assistance.