Government Issues High Severity Warning for Google ChromeOS

CERT-In warns of high severity Google ChromeOS vulnerabilities, urging users to update to version 120.0.6099.315 in the LTS channel to prevent arbitrary code execution through malicious web pages.

The Indian Computer Emergency Response Team (CERT-In) has issued a high severity warning for Google ChromeOS. As per the government body, multiple vulnerabilities exist in the ChromeOS which can be exploited by an attacker to execute arbitrary code on the targeted system. For those unaware, CERT-In is the nodal agency for responding to major computer security incidents in the country. It works under the Ministry of Electronics and Information Technology.

What the advisory says?

The advisory issued on July 1 states that multiple vulnerabilities have been reported in the LTS channel for ChromeOS which could be exploited by an attacker to execute arbitrary code on the targeted system. LTS channel for Google ChromeOS versions prior to 120.0.6099.315 (Platform Version: 15662.112) are affected. These vulnerabilities, the cyber watchdog says, exist in Google Chrome OS due to Heap buffer overflow in WebRTC and Use after free in Media Session. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page, it states.

What should Google Chrome users do?

CERT-In has advised users to apply appropriate updates released by Google. In a blog post, the company said that the LTS-120 is being updated in the LTS (Long Term Support) channel, version 120.0.6099.315 (Platform Version: 15662.112), for most ChromeOS devices. The update brings fixes for both issues- Heap buffer overflow in WebRTC and Use after free in Media Session, as mentioned above.