CERT-In has pinpointed vulnerabilities in Google Chrome OS that could potentially be exploited by remote attackers, allowing them to execute arbitrary code, attain elevated privileges, circumvent security restrictions, or induce denial of service conditions on impacted systems. The root causes of these vulnerabilities lie in a "use after free" flaw within the Side Panel Search feature and inadequate data validation in extensions.
These issues pose a significant threat to system integrity, making it imperative for users to address them promptly. The security agency highlights that remote attackers can exploit these vulnerabilities by luring users to visit specially crafted web pages, activating the identified vulnerabilities upon access.
To address these concerns, CERT-In strongly advises users to update their Google Chrome OS to version 114.0.5735.350 or later, as these updates include crucial patches addressing the identified vulnerabilities. CERT-In's Recommended Actions: In conjunction with the warning, CERT-In has initiated a "Cyber Swachhta Fortnight" from February 1 to 15, 2024, aimed at securing cyberspace from botnets, which pose a significant threat to end-user systems.
As part of this campaign, CERT-In, in collaboration with eScan, has introduced the 'Cyber Swachhta Kendra' (CSK), providing the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops, and smartphones. Milestone Alert!
Livemint tops charts as the fastest growing news website in the world