Computer Emergency Response Team of India (CERT-In) has issued a Vulnerability Note, CIVN-2023-0131, highlighting multiple vulnerabilities present in Google ChromeOS. These vulnerabilities pose a significant threat, potentially enabling remote attackers to gain access to sensitive information, execute arbitrary code or cause a denial-of-service (DoS) condition on affected systems.
The government body has classified the vulnerability as High severity and has advised users using certain versions of ChromeOS to take urgent action to address them and protect themselves from potential exploitation.
Versions affected
According to the report, Google ChromeOS versions prior to 15393.48.0 (Platform version: 113.0.5672.114) have been identified as vulnerable. The severity rating is deemed high due to the potential impact on system security.
The vulnerabilities exist in ChromeOS due to use-after-free errors and memory corruption in ChromeOS to exploit these vulnerabilities. Attackers can exploit it by tricking victims into visiting specially crafted websites. Hackers can gain unauthorised access to sensitive data, execute arbitrary code or disrupt system functionality through DoS attacks.
What’s the solution
To mitigate the risks associated with these vulnerabilities, Google ChromeOS users must promptly apply the necessary updates as specified by the vendor. The stable channel update for ChromeOS provides the required patches and fixes to address the identified vulnerabilities. Users are advised to visit the following link for further instructions and information on updating their ChromeOS installations: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html
All users need to do is updated their ChromeOS device with the latest version of ChromeOS available that includes fix for the found vulnerabilities.
List of vulnerabilities found in the Google ChromeOS versions prior to 15393.48.0 (Platform version: 113.0.5672.114)
CVE-2023-2458
CVE-2023-2457
CVE-2023-2461
FacebookTwitterLinkedin
end of article
