A new cybersecurity warning has been issued for users of Google Chrome on desktops, urging immediate action to prevent possible system compromise. The Indian Computer Emergency Response Team has classified the issue as high severity, noting that attackers could exploit multiple weaknesses in the browser to gain unauthorized access to devices.
According to the advisory, the vulnerabilities affect Chrome versions released before 142.0.7444.59 on Linux and earlier corresponding versions on Windows and macOS. These flaws are linked to issues in the browser’s core components, including the V8 JavaScript engine and several internal processing systems.
The vulnerabilities include type confusion and race conditions in the V8 engine that could enable remote code execution. There are also problems in browser extensions and app bound encryption that could allow unauthorized access. Additional concerns relate to user interface and policy bypass in areas like the Omnibox, fullscreen features, and extensions, which could aid phishing or spoofing attempts. Furthermore, use after free and out of bounds read issues in modules such as PageInfo, Ozone, and WebXR may expose private information or internal memory.
Attackers could exploit these flaws simply by convincing users to visit a harmful website. No prompts or alerts may appear during the attack, making it difficult for users to detect the breach.
In response, Cert In has strongly advised users to update Google Chrome immediately by using the official update feature or downloading the latest version directly from the vendor. System administrators have been asked to enable automatic updates across enterprise environments and closely monitor network activity for unusual behavior.
The advisory states, “Users are advised to apply necessary patches released by the product vendor immediately. Delaying chrome updates could expose systems to data theft, credential compromise, or ransomware deployment.”
Cybersecurity professionals note that while Chrome updates frequently, many users delay installing patches, creating openings for exploitation. Experts also highlighted that vulnerabilities in the V8 engine are especially valuable targets for cybercriminals because they can potentially provide broad system access.
This Chrome alert follows a series of similar warnings in recent months, reflecting increasing attempts to exploit commonly used software as the number of internet users in the country continues to grow.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
