The Indian Computer Emergency Response Team (CERT-In) under the IT ministry has issued a high severity warning for Google Chrome browser users. The warning is for the users who are using browser’s version prior to 100.0.4896.88. As per the warning, multiple vulnerabilities have been reported in Google Chrome which can be exploited by someone to execute arbitrary code and access sensitive information on the targeted system.
The advisory further reveals “these vulnerabilities exists in Google Chrome due to Use after free in Storage, BFCache, regular expressions, Chrome OS shell and tab groups, Insufficient policy enforcement in developer tools, Type Confusion in V8, Inappropriate implementation in compositing and full screen”
A remote attacker could exploit these vulnerabilities by sending specially crafted web requests. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code and access sensitive information on the targeted system. To avoid any swindling, the CERT-In wants Google Chrome users to update to version 100.0.4896.88. The mentioned version was rolled out by the tech giant earlier this week and it contains a number of fixes and improvements.
Last week, the CERT-In also mentioned that multiple vulnerabilities have been reported in Google Chrome OS which could allow a remote attacker to execute arbitrary code on the targeted system. The vulnerabilities in tech giant’s operating system exist due to Heap-use-after-free in QuickAnswersUiController, CloseQuickAnswersView, Security heap-use-after-free ash/wm/splitview/split_view_divider.cc and heap-use-after-freeinextensions: ExtensionApiFrameldMap: GetFrameld.
