India’s Computer Emergency Response Team, CERT-In, issued a warning regarding a vulnerability of high severity reported in Google Chrome desktop versions. This vulnerability affects both Windows and Mac users, and can be exploited remotely by an attacker to execute code on the targeted system.
According to CERT-In the vulnerability in Chrome is due to a flaw that causes type confusion. Attackers can exploit this by sending specially crafted request to the targeted system. The “type confusion” vulnerability is caused when a program allocates a memory space to store a specific type of data, but interprets it incorrectly as another type. This can cause system crashes, data corrupting, and arbitrary code execution. The device is then vulnerable to attack.
Google released a security update to fix the bug.
Google posted a blog about the stable channel update, 125.0.6422.112/.113 (for Windows, Mac OS X and Linux) that will be rolled out in the next few days/weeks.
Google automatically installs security updates that take effect when you relaunch your browser. Users can install updates manually by going to the settings menu.
Since the start of the year, Google has patched eight actively exploited vulnerabilities in Chrome.
