The Computer Emergency Response Team (CERT-in) is alerting Google Chrome browser users of multiple vulnerabilities identified by the government’s cybersecurity agency, rated as “high severity.” These vulnerabilities, found in the desktop version of Google Chrome, could potentially allow hackers to access private data and execute arbitrary code on the targeted machine, as per CERT-in.
The vulnerabilities, according to the cybersecurity agency under the Ministry of Electronics and Information Technology (MeitY), exist in Google Chrome versions earlier than 122.0.6261.57 for Linux and Mac, and earlier than 122.0.6261.57/58 for Windows.
These vulnerabilities in Google Chrome can be attributed to the following: inappropriate implementation in Site Isolation, Content Security Policy, Navigation, and Insufficient policy enforcement in Download; Out of bounds memory access in Blink; Use after free in Mojo; and assessibility.
CERT-In pointed out that by convincing a victim to visit a specifically designed web page, a remote attacker might take advantage of these vulnerabilities. It is recommended that web browser users install the security updates that have begun to be released. It is also recommended that users upgrade their browsers as soon as the manufacturers issue security patches for them.
After updating Chrome automatically, Google asks users to reopen the browser. Additionally, users can manually upgrade their browser.