Govt releases high risk warning for Google Chrome and Android

The Indian government has once again issued a high-risk warning for users of Google Chrome and Android operating systems. According to the Indian Computer Emergency Response Team (CERT-In), multiple vulnerabilities have been identified that hackers could exploit to take over systems. CERT-In has highlighted these issues in two recent advisories—CIVN-2024-0319 and CIVN-2024-0318—urging users to take urgent action to mitigate the risks.
According to CERT-In, several vulnerabilities have been identified in both Android and Google Chrome, potentially exposing millions of devices to cyberattacks. The vulnerabilities have been rated “high severity,” and if exploited, they can allow cyber attackers to execute arbitrary code, potentially leading to a full system compromise.
CERT-In notes that these vulnerabilities exist across various versions of Android and Chrome, making millions of devices and users susceptible to security breaches. According to the government’s cybersecurity team, the vulnerabilities in both Android and Chrome can be exploited in multiple ways, primarily through malicious websites or applications.
In the case of Google Chrome, the vulnerabilities include integer overflow in the Layout feature, inappropriate implementation in the V8 JavaScript engine, and type confusion in V8. If a cyberattacker persuades a victim to visit a specially crafted web page, they could execute arbitrary code, leading to unauthorised system access. The attacker could then gain control over sensitive information or install malware on the affected device.
Similarly, the vulnerabilities identified in Android affect various critical components like the Framework, System, and subcomponents from MediaTek and Qualcomm. Successful exploitation of these Android vulnerabilities could enable a cyber attacker to execute code with elevated privileges, allowing them to hack the targeted system. Once compromised, attackers can steal sensitive information, compromise user privacy, and potentially lock users out of their devices.
For Google Chrome, the vulnerabilities affect versions prior to:
For Android, vulnerabilities have been identified in multiple versions:
While the risk is high, according to CERT-In users can safeguard their systems by promptly applying updates as soon as they are released by Google and other relevant Original Equipment Manufacturers (OEMs). CERT-In advises users to install these updates as soon as they become available. Here’s what you can do:
For Google Chrome users: Ensure that your device is running on the latest version of the browser. Google has already issued patches for the identified vulnerabilities in Chrome. The latest stable version of Chrome as of this advisory is 129.0.6668.100 for Windows and Mac, and 129.0.6668.89 for Linux. To check for updates, go to Chrome’s “About” section and install the latest version to secure your browser from potential attacks.
For Android users: Google is rolling out security patches for Android’s affected versions as part of its regular security bulletins. Users are advised to check for system updates in their device settings and install them as soon as they become available.