Priyanka Tiwari
Share
India's Computer Emergency Response Team (CERT-In) issued a warning on security vulnerabilities for the Google Chrome desktop browser and Android smartphones. CERT has found critical system weaknesses which, if exploited, can lead to the theft of sensitive information, privilege escalation, or device crashes.
Android Users Beware: Immediate Action Required
According to CERT, the flaws are not just limited to the Android phones and tablets but also to the Framework, Play system updates, Kernel, and hardware vendor’s driver utilities from Qualcomm, Mediatek, and Imagination Technologies. Android versions lower than 13, 14, and 15 will also suffer from these bugs, leaving many devices vulnerable as the base version now runs on many smartwatches.
Suggested Action: Users and device manufacturers are compelled to upgrade to Android 13 or secure the relevant patches on 14 and 15.
Other browser-specific bugs were also noted for Chrome users earlier than version 135.0.7049.84 for Linux and 135.0.7049.84/.85 for Windows and MacOS.
The vulnerability originates from a “use-after-free” bug within Site Isolation on Chrome. If an attacker successfully exploits this bug, they could run arbitrary code just by getting users to open a malicious webpage. This could result in:
System instability
Erratic behavior
Total browser antenna loss
Recommended Action: It is advised that users update Chrome from the official channels provided by Google.
What should you do now
In their assessments, CERT-In classified the Android and Chrome vulnerabilities as high severity, recommending action without delay.
Android Users: Upgrade to Android 13, 14, or 15
Chrome Users: Now available on the stable branch of Chrome.
Organisations: Immediately implement required changes on their managed devices
OEMs: Distribute latest firmware and security updates.
Read More: Vida Z Electric Scooter: Smart, Stylish, and Sustainable Urban Commute
