An urgent alert has been issued by The Indian Computer Emergency Response Team (CERT-IN) for Google Chrome users about serious new vulnerabilities. These issues known as CIVN-2024-0282 could allow remote attackers to gain authorized access to your computer.
The flaws affect Chrome versions older than 128.0.6613.119/.120 on Windows and macOS, and versions prior to 128.0.6613.119 on Linux. It’s crucial to update your browser to the latest version to stay secure.
The issues identified, marked as CVE-2024-8362 and CVE-2024-7970, involve “use after free” bugs in Chrome’s Web Audio component. These vulnerabilities give cybercriminals a chance to infiltrate your system and execute commands without your consent. This could allow attackers to take full control of your computer, potentially leading to data theft, malware installation, or further cyberattacks.
CERT-IN has highlighted the seriousness of these vulnerabilities and warned that attackers could exploit them by luring users to malicious websites. This type of attack, called drive-by downloading, happens when simply visiting a compromised webpage can infect your system without any additional user action.
Therefore, it’s important to be cautious about the websites you visit and the links you click, especially those from unknown or suspicious sources. Google, in response to these issues has released updates to fix the vulnerabilities. CERT-IN advises users to update their browsers to the latest version as soon as possible to ensure their security.