In a recent development, the Computer Emergency Response Team (CERT-In) has issued a high-severity warning, shedding light on a critical vulnerability in Google Chrome, a widely used web browser. This alert, rated as HIGH in severity, raises concerns about potential risks to user data and system security. The vulnerability, identified as CIVN-2023-0343, was made public on November 15, 2023.
What government body has said
According to CERT-In, the vulnerability poses a significant threat, potentially allowing attackers to execute remote code, gain elevated privileges, or cause a denial-of-service condition on the targeted system. The affected software includes Google Chrome versions before 119.0.6045.123 for Linux and Mac, as well as versions before 119.0.6045.123/.124 for Windows.
Why this problem exists
The main reason behind the issue is in a use-after-free flaw in the Web Audio component of Google Chrome. This flaw could be exploited by a remote attacker who persuades a victim to visit a specially crafted website. Successful exploitation of this vulnerability could result in the attacker gaining elevated privileges or causing a denial-of-service condition on the victim’s system.
What users can do about it
CERT-In emphasises the urgency of addressing this security concern promptly. Users are strongly advised to apply the appropriate updates provided by the vendor to mitigate the risk associated with this vulnerability. The recommended solution is to update Google Chrome to version 119.0.6045.123 or later for Linux and Mac, and version 119.0.6045.123/.124 or later for Windows.
end of article