Compared to other browsers, Google Chrome's user interface is visually appealing and easy to understand for most users. It has more than 3.45 billion users worldwide, but it also draws the attention of bad actors who try to prey on naive users who venture into shady websites and end up paying a big price.
Over the last several years, Google has made serious efforts to improve the security of its browser. But, threat actors too, don't sit idle; they keep themselves updated about developments in cyber security and learn new tricks to come up with devious ways to find vulnerabilities in Chrome.
Now, CERT-In has flagged new security loopholes in Google Chrome that can allow hackers to execute commands and take over targeted systems.
"These vulnerabilities exist in Google Chrome due to Heap buffer overflow in ANGLE and Dawn; An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted website. And, successful exploitation of these vulnerabilities could allow attackers to remotely execute arbitrary code on the targeted system," reads the CERT-In notification.
Google has acknowledged the existence of security issues in Chrome. Out of six, four are said to be zero-day vulnerabilities.
For the uninitiated, zero-day means a software security vulnerability, where the concerned experts (in this case, engineers in Chrome) were previously unaware of its existence, but some hackers may have used it to attack systems.
Google has restrained from revealing full details to prevent other threat actors from misusing the security loopholes in Chrome and also allow PC users to update their browsers as soon as possible.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed," said Prudhvikumar Bommana, community manager of Google Chrome.
Google has released the update to all versions of Chrome for computers with Windows, Mac and Linux.
For Windows and Mac versions: v125.0.6422.76/.77
For Linux: v125.0.6422.76
PC owners are advised to upgrade to the latest Chrome versions immediately to thwart cyber threats.
Also, Google has announced big cash rewards to independent cyber security researchers for identifying the vulnerabilities in Chrome. Looben Yang and Zhenghang Xiao were awarded $11,000 and $10,000, respectively. And, David Sievers received $5000.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.