As per the advisory, the multiple vulnerabilities have been reported in Google Chrome for Desktop which could execute arbitrary code on the targeted system.
Why it’s a problem for users
As per the report, the vulnerability can allow remote attackers to gain access to users’ data and this could include passwords, banking details and several other personal information and that could lead to scams and financial frauds, etc.
What government body has said
CERT-In’s report has mentioned that these vulnerabilities in Chrome for Desktop exist due to “use after free in Media Session, Dawn & Presentation API; Out of bounds memory access in Keyboard; Out of bounds write in Streams API and Heap buffer overflow in WebRTC. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted Web page”.
Affected versions
Google Chrome versions prior to 125.0.6422.141/.142 for Windows and Mac and Google Chrome versions prior to 125.0.6422.141 for Linux are affected by recently found security flaws.
What’s recommended for users
As per the advisory, users are supposed to apply latest security patch. Now, this patch will be available in the latest version of the Chrome browser. So, users are advised to download and install the latest version of Chrome either via Chrome’s website or by following these steps.
- Open Chrome
- Click on three dots at the top right corner
- Head to Settings
- About Chrome
- Check for update
- Once done, restart to apply the patch.
Vulnerabilities found
CVE-2024-5493
CVE-2024-5494
CVE-2024-5495
CVE-2024-5496
CVE-2024-5497
CVE-2024-5498
CVE-2024-5499
