The government’s cybersecurity watchdog Computer Emergency Response Team (CERT-in) has a warning for Google’s ChromeOS users. The entity under the Ministry of Electronics and Information Technology (MeitY) has informed users of discovering multiple vulnerabilities in the ChromeOS operating system. CERT-in has updated its official website with the latest warning and has confirmed the software version that has been affected.
According to the cybersecurity agency, Google ChromeOS LTS channel version before 114.0.5735.339 (platform version: 15437.76.0) includes the vulnerabilities. CERT-In also says that the severity rating is high for these security flaws.
How these vulnerabilities can affect users
The entity has reported multiple vulnerabilities in Google ChromeOS which can allow cyber attackers to execute arbitrary code or cause denial-of-service (DoS) conditions and bypass security on the targeted system.
These vulnerabilities exist in Google Chrome for use after free in profiles, inappropriate implementation in downloads, heap buffer overflow in PDF and issues in Linux Kernel. Cyber attackers can exploit these vulnerabilities by persuading a victim to visit a specially crafted request on the targeted system.
If successfully exploited, these vulnerabilities can allow a remote attacker to execute arbitrary code or cause denial-of-service (DoS) conditions and bypass security on the targeted system.
What Google is doing to keep users safe
Last week, Google updated its blog to announce that the LTS-114 has been updated in the LTS channel to 114.0.5735.339 (Platform Version: 15437.76.0) for most ChromeOS devices. The tech giant also noted that the update contains multiple security fixes.
CERT-In has also listed the names of the vulnerabilities:
High severity: CVE-2023-5472, CVE-2023-35688, CVE-2023-21401, CVE-2023-21263 and CVE-2023-38545.
Medium severity: CVE-2023-5481, CVE-2023-5474