For those who don’t know, CERT-IN is a nodal agency under the Ministry of Electronics and Information Technology. It deals with cybersecurity threats like phishing and hacking.
Who all are affected
According to CERT-In’s report, the vulnerabilities have been found in the Chrome OS version prior to version 107. That means users who are currently using Chrome OS versions older than 107 will be affected by these vulnerabilities.
What’s the issue and how serious it is
The report mentions these vulnerabilities have ‘high severity. The government body has highlighted that “Multiple vulnerabilities have been reported in Google Chrome OS which could be exploited by a remote attacker to bypass security restrictions, execute arbitrary code or cause a denial of service condition on the targeted system.”
The vulnerabilities exist on Chrome OS due to “eap buffer overflow in Crashpad; Use after free in V8, Speech Recognition, Web Workers and WebCodecs and Type Confusion in V8. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted website.”
Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, execute arbitrary code or cause a denial of service conditions on the targeted system, adds CERT-In.
What’s the solution
CERT-In has advised Chrome OS users to apply the appropriate security patches. Now, Google has recently rolled out the Chrome OS 107 update and the update also includes fixes for these vulnerabilities. So, it is advisable to update your Chromebook devices with the latest version of Chrome OS.