Google Chrome has a number of vulnerabilities that, according to the Indian Computer Emergency Response Team (CERT-In), which is part of the IT Ministry, might allow a remote attacker to run arbitrary code on the targeted system.
A remote attacker might exploit the vulnerabilities by sending specially crafted queries on the targeted system, according to CERT-In, which rated the severity as “severe”.
The agency continued, “These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, sign-in flow, and the Chrome OS shell; heap buffer overflow in downloads, inadequate validation of untrusted input in intents, inadequate policy enforcement in cookies, and inappropriate implementation in extensions API” (opens in new tab).
The emergency response team in India has previously warned Chrome users in a similar manner. A similar notification had been published by CERT-In as recently as July 2022.
Prior to this, it also cautioned customers about security holes in Apple’s iOS, iPadOS, and macOS. “Due to an out-of-bounds write in the WebKit and Kernel components, this vulnerability exists in the Apple iOS, iPadOS, and macOS operating systems.
This vulnerability might be exploited remotely by luring a victim into opening a specially created file, “agency stated.
How to update Google browser to stay away from bugs
The problem is that not all Google Chrome users are in danger. CERT- Versions of Google Chrome before 104.0.5112.101 are vulnerable. It is advisable to update the browser version on your system if you are using an outdated version of Google Chrome. Applying the essential patches that are a part of the upgrade has been instructed to users.
Chrome is the most used browser in the world, making it the top target for several threat actors looking for fresh zero-day vulnerabilities. Google supposedly found one such vulnerability in the Windows version that was being used in the wild and repaired it less than two months ago.
The heap-based buffer overflow flaw that causes the high severity bug, designated CVE-2022-2294, is present.
It’s easy to update Google Chrome (opens in new tab):
Open your Google Chrome browser and log in.
Find the three-dot menu at the upper right of the browser window.
Navigate to About Google Chrome by selecting Help.
You can click on the Update Google Chrome button to see if an update is available.
After updating, launch your browser again.
If you have automatic update enabled, you will see a notification that an update has been installed close to the three-dot menu. All that is required is a browser restart.
