CERT-In has been circumspect of Google Chrome in the past as well and has come down heavily on the availability of certain extensions on the chrome store.
Issuing an alert, the Indian Computer Emergency Response Team (CERT-In) has asked the users of Google Chrome browser to update the browsing app as soon as possible to avoid any misconduct on their data. The CERT-In has asked the Chrome users to update their app if they are using the browser version released before Google Chrome version 84.0.4147.89. The emergency response team has graded the possible vulnerabilities on Chrome’s older version with high severity and has laid out an advisory to help users in prevention from possible infringement of data privacy.
The agency for maintaining Indian cyberspace security has issued the latest guidelines on account of multiple vulnerabilities in Google Chrome that could potentially enable remote attackers in executing arbitrary code, bypassing security restrictions, accessing sensitive information along with conducting spoofing attack, and denial of services (DoS) on the target systems.
Detailing the cause of these loopholes in Google Chrome, CERT-In laid the blame on heap buffer flow, side-channel information leakage, type confusion and an inappropriate implementation in WebRTC among others.
CERT-In has been circumspect of Google Chrome in the past as well and has come down heavily on the availability of certain extensions on the chrome store. Earlier this month, the CERT-In had asked Google Chrome users to uninstall certain extensions that were caught collecting “sensitive” user data. The federal cyber-security agency had recommended that users uninstall Google Chrome extensions with IDs given in section IOCs (organizational chart). The CERT-In had also suggested users to visit the Chrome extensions page and assess if they have in the past installed any extensions now found to be malicious.
CERT-In had also stated that some extensions included code to circumvent Google Chrome ‘s security scans on the Web store. The malicious extensions were able to take screenshots, read the clipboard, harvest authentication cookies or capture passwords and other confidential information with user keystrokes