The Indian Computer Emergency Response Team (CERT-In) has issued an urgent advisory for users of Google Chrome on Windows, Mac, and ChromeOS, warning of critical vulnerabilities that could have severe consequences. These vulnerabilities, identified as CIVN-2025-0007 and CIVN-2025-0008, could allow attackers to compromise user data and systems.
What are the Risks?
- Data Breaches: Hackers could exploit these vulnerabilities to steal sensitive information such as login credentials, financial details, and personal data stored on the device.
- System Instability: The vulnerabilities could lead to system crashes, making devices unusable and potentially disrupting work or personal activities.
- Remote Code Execution: Attackers could gain control over the affected device, allowing them to install malware, steal data, or even use the device for malicious activities like cryptocurrency mining or launching attacks on other systems.
- Denial-of-Service (DoS) Attacks: The vulnerabilities could be exploited to launch DoS attacks, making the affected devices or even entire networks inaccessible to legitimate users.
Who is Affected?
- Windows Users: Users of Google Chrome on Windows versions prior to 132.0.6834.110/111 are at risk.
- Mac Users: Users of Google Chrome on Mac versions prior to 132.0.6834.83/8r are at risk.
- ChromeOS Users: Users of ChromeOS devices running older versions are also affected, although the specific vulnerabilities and risks may vary.
What Should Users Do?
CERT-In strongly advises all affected users to take immediate action to mitigate these risks:
- Update Google Chrome:
- Open Google Chrome.
- Click on the three vertical dots in the top right corner and select “Help.”
- Select “About Google Chrome.”
- The browser will automatically check for updates and install them if available.
- Restart Google Chrome for the updates to take effect.
- Enable Automatic Updates:
- Ensure that automatic updates are enabled for Google Chrome to receive security patches and bug fixes promptly.
- Be Cautious Online:
- Avoid clicking on suspicious links or downloading files from unknown sources.
- Use strong, unique passwords for all online accounts.
- Be wary of phishing emails and messages that attempt to trick you into revealing personal information.
- Use Antivirus and Antimalware Software:
- Install and regularly update reputable antivirus and antimalware software to detect and block malicious threats.
Technical Details of the Vulnerabilities:
- CIVN-2025-0007: This vulnerability affects multiple components of Google Chrome, including V8 (the JavaScript engine), navigation, fullscreen, fenced frames, payments, extensions, and compositing. It involves issues like out-of-bounds memory access, integer overflows, and stack buffer overflows.
- CIVN-2025-0008: This vulnerability also affects the V8 engine and involves object corruption and out-of-bounds memory access.
Importance of Prompt Action:
Cybercriminals are constantly evolving their tactics, and new vulnerabilities are discovered regularly. Neglecting security updates can leave systems vulnerable to exploitation, potentially leading to significant data breaches, financial losses, and reputational damage. By taking prompt action to update their browsers and follow security best practices, users can significantly reduce their risk of falling victim to cyberattacks.
Disclaimer: This article is for informational purposes only and should not be considered professional security advice.