Beware Google Chrome users! CERT-In alerts to dangerous security risks: How to protect your device
CERT-In's latest advisory (CIVN-2024-0170) include a heap buffer overflow in ANGLE and Dawn, use after free in Scheduling, and type confusion in V8. The heap buffer overflow occurs when a program attempts to write more data to a specific memory area than allocated, potentially leading to crashes or unauthorised code execution.
Moreover, the use after a free issue arises when a program tries to access memory after it has been freed, which can also result in crashes or malicious code execution. The type confusion vulnerability in V8 stems from a discrepancy between the expected data type and the actual data type, allowing attackers to bypass security measures and inject harmful code.These security flaws affect Chrome versions earlier than 125.0.6422.76/.77 on Windows and Mac, and before 125.0.6422.76 on Linux.
Google has already released patches for the identified vulnerabilities to mitigate these risks. Users are strongly advised to update their browsers to version 125.0.6422.76/.77 for Windows and Mac, and 125.0.6422.76 for Linux, to protect their devices from potential attacks.In addition to updating Chrome, users can enhance their browser security by enabling automatic updates, ensuring they receive the latest patches promptly.
Installing security extensions can also provide an additional layer of protection by enforcing secure connections, blocking harmful content, and managing script execution. Regularly clearing browsing data, including cookies, cache, and history, can help reduce the risk from compromised websites or persistent tracking.Users should also exercise caution when clicking on links or downloading attachments from unknown sources, as phishing remains a prevalent method for exploiting browser
. Read more on livemint.com
