Critical Security Advisory: CERT-In Warns of High-Risk Vulnerabilities in Google Chrome OS – Urgent Action Required

In a recent security advisory dated February 8, 2024, the Indian Computer Emergency Response Team (CERT-In) issued a high-risk warning concerning multiple vulnerabilities discovered in Google Chrome OS. These vulnerabilities, identified as CIVN-2024-0031, pose significant threats to users of Google Chrome OS versions preceding 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel.

CERT-In’s research team has classified these vulnerabilities as high-risk, citing their potential to enable remote attackers to execute arbitrary code, attain elevated privileges, bypass security measures, or trigger denial of service situations on affected systems.

Key Risks Identified:

The primary risks associated with these vulnerabilities are attributed to:

Use-after-free in Side Panel Search: Exploiting memory errors within the Side Panel Search feature, attackers can potentially execute arbitrary code or bypass security protocols.
Attack Vector:

CERT-In’s vulnerability note highlights that remote attackers can exploit these vulnerabilities by luring unsuspecting users to visit specially crafted websites. Upon accessing these sites, the vulnerabilities are triggered, enabling attackers to compromise the security of users.

Protective Measures:

CERT-In strongly advises users to safeguard their systems by promptly updating Google Chrome to the latest version containing security patches from Google. Users are urged to update their Google Chrome OS to version 114.0.5735.350 (or newer) on the LTS channel to address these vulnerabilities and enhance overall system security.

In addition to updating, users are recommended to:

Exercise Caution: Be vigilant when browsing the internet, particularly on unfamiliar or suspicious websites. Avoid clicking on links from untrusted sources and refrain from engaging with unsolicited emails or messages.

Implement Security Best Practices: Strengthen security measures by using trusted antivirus software, regularly updating all software and applications, and enabling firewalls to provide robust protection against potential threats.

CERT-In is currently undertaking a “Cyber Swachhta Fortnight” from February 1 to 15, 2024, aiming to safeguard the nation’s digital security by addressing botnets’ potential threats. As part of this initiative, CERT-In introduces the ‘Cyber Swachhta Kendra’ (CSK), offering the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops, and smartphones. Developed in collaboration with eScan, a reputable cybersecurity solutions provider, this toolkit empowers individuals to scan and cleanse their devices, providing an added layer of defense against botnet threats.