Government issues ‘high’ severity security alert for THESE Google users

Written By DNA Web Team | Updated: Dec 02, 2022, 09:41 AM IST

As per the latest CERT-In security alert, multiple vulnerabilities have been reported in the Linux-based operating system designed by Google.

The government issued a ‘high’ severity rating security alert for Google Chrome OS, flagging multiple vulnerabilities and suggesting a solution for users. The Indian Computer Emergency Response Team (CERT-In) issued a security alert ‘Multiple Vulnerabilities in Google ChromeOS’ on Thursday. 

As per the alert, the issue affects the users with the following Google ChromeOS software:

  • Google ChromeOS Stable channel versions prior to 108.0.5359.71 for Mac and Linux
  • Google ChromeOS Stable channel versions prior to 108.0.5359.71/72 for Windows

Multiple Vulnerabilities in Google ChromeOS

As per the CERT-In security alert, multiple vulnerabilities have been reported in the Linux-based operating system designed by Google. The issues make the Chrome OS vulnerable to being exploited by hackers remotely. 

A remote attacker can exploit the vulnerabilities to “bypass security restrictions, execute arbitrary code or cause denial of service condition on the targeted system,” CERT-In alert said. 

Elaborating on the security risk, the alert said that vulnerabilities exist in Google Chrome OS because of “type confusion in V8; Use after free in Camera Capture, Extensions, Mojo, Audio, Forms, Sign-In, Live Caption and Accessibility; Out-of bounds write in Lacros Graphics; Inappropriate implementation in Fenced Frames and Navigation; Insufficient policy enforcement in Popup Blocker, Autofill, DevTools, File System API and Safe Browsing; Insufficient validation of untrusted input in Downloads and CORS; Insufficient data validation in Directory.”

What users need to know about possible cyber attacks?

The vulnerabilities can be exploited by hackers who can persuade the particular Google ChromeOS users to visit a website specially designed for the reason. If a hacker is successful in exploiting the issue, it allows them to bypass the cybersecurity of the victim and even deny them usage of software on their device. 

Affected users are advised to fix the issue by making the appropriate update as mentioned on this Google security blog

READ | What is deadly ‘blackout challenge’, viral TikTok trend linked with 20 child deaths in 18 months