By Consultants Review Team
For Google ChromeOS, the Indian Computer Emergency Response Team (CERT-In) has released a high-severity alert. The government agency claims that there are many ChromeOS vulnerabilities that an attacker might use to take control of the targeted system and run arbitrary code.
For those who do not know, CERT-In serves as the nation's primary organization for handling significant computer security events. The Ministry of Electronics and Information Technology oversees its operations.
What does the advisory say?
According to the warning released on July 1, numerous vulnerabilities have been detected in ChromeOS' LTS channel that might be exploited by an attacker to execute arbitrary code on the targeted system. The LTS channel for Google ChromeOS versions previous to 120.0.6099.315 (Platform Version: 15662.112) is impacted.
According to the cyber watchdog, these vulnerabilities exist in Google Chrome OS as a result of heap buffer overflow in WebRTC and use after free in Media Session. According to the report, an attacker may take advantage of these vulnerabilities by convincing a victim to visit a specially created web page.
What should Google Chrome users do?
CERT-In has recommended users to deploy the relevant Google updates. According to the company's blog post, the LTS-120 is being upgraded in the LTS (Long Term Support) channel to version 120.0.6099.315 (Platform Version: 15662.112) for most ChromeOS devices. The update addresses two issues: heap buffer overflow in WebRTC and use after free in Media Session, as previously noted.