You are currently viewing High-Severity Alert: Multiple Vulnerabilities in Google Chrome – issued by CERT-in 

High-Severity Alert: Multiple Vulnerabilities in Google Chrome – issued by CERT-in 

Introduction 

The Computer Emergency Response Team of India (CERT-In) has issued an urgent alert regarding several vulnerabilities in Google Chrome. These vulnerabilities affect versions of Chrome prior to 117.0.5938.62/.63 on Windows and 117.0.5938.62 on Mac and Linux. In this blog post, we’ll discuss the specific vulnerabilities and provide guidance on how users can safeguard themselves. 

Vulnerabilities 

  1. Heap Buffer Overflow in WebP: 
  • A heap buffer overflow vulnerability exists in the WebP image format handling code within Chrome. Attackers could exploit this flaw to execute arbitrary code or escape the browser’s sandbox. 
  • Affected Versions: All versions before 117.0.5938.62/.63 (Windows) and 117.0.5938.62 (Mac & Linux). 
  1. Inappropriate Implementation in Chrome Features: 
  • Certain features within Chrome have been implemented inappropriately, leading to security weaknesses. These vulnerabilities could allow attackers to manipulate the browser’s behavior. 
  • Affected Versions: All versions before 117.0.5938.62/.63 (Windows) and 117.0.5938.62 (Mac & Linux). 
  1. Insufficient Policy Enforcement in Downloads and Autofill: 
  • Chrome’s policy enforcement mechanisms related to downloads and autofill are insufficient, potentially allowing malicious actors to exploit these areas. 
  • Affected Versions: All versions before 117.0.5938.62/.63 (Windows) and 117.0.5938.62 (Mac & Linux). 

Active Exploitation 

  • CVE-2023-4863 is currently being actively exploited. Users should be particularly cautious as this vulnerability poses a significant risk. 

User Action 

To protect against these security risks, users are strongly advised to take the following steps: 

  1. Update Google Chrome: 
  • Update your Chrome browser to the latest version (117.0.5938.62/.63 on Windows and 117.0.5938.62 on Mac & Linux). 
  • Regularly check for updates and apply them promptly. 
  1. Be Proactive: 
  • Implement proactive incident response strategies by staying informed about security alerts and promptly addressing vulnerabilities. 

Prime Infoserv’s Commitment 

At Prime Infoserv, we take security seriously. As a CERT-IN Empanelled Incident Responder, we are committed to safeguarding digital assets and ensuring the protection of our clients data. If you have any concerns or need assistance, feel free to reach out to our experts. Write to us at info@primeinfoserv.com or contact us at +913340085677 for queries about implementing a proactive approach and safeguarding your critical data. Follow our Facebook page and Instagram page for more information about us. 

Stay secure, and keep your digital crown and jewels safe! 💪🛡 

Leave a Reply