Google Chrome desktop users have been warned about several vulnerabilities that could allow hackers to take control of their devices, according to a recent advisory from India’s cyber agency CERT-In.
The CERT-in advisory states that these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass the security of the target system. Those affected are versions of Google Chrome prior to 104.5.112.101.
The Google Chrome team has identified and fixed several high-severity security vulnerabilities that could have allowed attackers to take control of affected systems.
According to CERT-In Computer Emergency Response Team, India, these vulnerabilities exist due to free usage in FedCM, SwiftShader, Angle, Blink, Sign-in Flow, Chrome OS Shell. Stack buffer overflows in downloads, insufficient validation of invalid input in intent, insufficient policy enforcement in cookies, and improper enforcement in extension APIs.
Hackers can send requests to people who specialize in exploiting these security holes. CERT-In has also suggested a solution for users
At risk, they advise that “The vulnerability (CVE-2022-2856) is exploitable in nature. Users are advised to apply the patch immediately.”