Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has issued a ‘high severity’ warning for Google Chrome operating system users. The warning from the government’s cybersecurity team is for users who are using Google Chrome OS versions prior to 102.0.5005.153. As per the warning, multiple vulnerabilities have been reported in the OS that can be exploited by a remote attacker to execute arbitrary code or cause a denial-of-service (DoS) condition on the targeted system.
What is a DoS attack and how it is dangerous
In simple terms, a DoS attack is a cybersecurity threat that occurs when a malicious code tries to make a device or network resource impossible to access. This means that you will not be able to use your smartphone if it is under a DoS attack. It is worth noting that in most cases, the DoS attack does not result in theft or loss of personal information that is stored on your device.
This means that an attacker can run commands or code on a Google Chrome OS device without user’s permission. Although the market share of Google Chrome OS is quite limited in the country, it is slowly attracting more users, especially after the introduction of Chrome OS Flex.
Here’s what the government agency has said about the Google Chrome OS
As per the CERT-In warning, “these vulnerabilities exist in Google ChromeS due to Heap buffer overflow in WebRTC; Use after free in Core & Blink XSLT; Integer overflows in several buffer handling functions in buf.c (xmIBuf*) and tree.c (xmlBuffer*). An attacker could exploit these vulnerabilities by sending a specially crafted request.”
How Google Chrome OS users can protect themselves
To help users stay safe from cybercriminals, Google regularly rolls out updates for its products, including Chrome OS. To address the vulnerabilities in the OS, the tech giant released build 102.0.5005.153 later last month. CERT-In advises that users should install the latest version of Google Chrome OS to avoid any exploitation.