Hyderabad: The Indian Computer Emergency Response Team (CERT-In) has issued a “high-risk” warning for users of Google Chrome and Android smartphones. It identified multiple vulnerabilities in both systems, which could be exploited by hackers.
CERT-In highlighted these issues in two recent advisories – CIVN-2024-0319 and CIVN-2024-0318 – for both Google Chrome users and devices running Android versions 15, 14, 13, 12, or 12L. Since Android is the most used operating system in the world and Google Chrome is the most popular internet browser, these vulnerabilities potentially exposed millions of devices for cyberattack.
Rated as “high-risk,” CERT-In said that cyber attackers could exploit these vulnerabilities through applications or malicious websites to execute arbitrary code, potentially gaining full access to the victims’ systems.
The vulnerabilities in Google Chrome include integer overflow in the Layout feature, inappropriate implementation in the V8 JavaScript engine, and type confusion in V8. The vulnerabilities identified in Android affect various critical components, such Framework, System, and subcomponents from MediaTek and Qualcomm.
Cyberattackers could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page and executing arbitrary code to get unauthorised system access, gain control over sensitive information, or install malware on the affected device.
Notably, these vulnerabilities are no longer a threat as Google already acknowledged the issue and released security patches. Users just need to update their systems to get protection against the known issues. Your Android smartphone must have already received an update over the air in addition to a new OTA update for Google Chrome. Just make sure you have installed the new updates.
