close
close

The government has a warning for Google devices and services: all the details

Posted on by darion

India’s Computer Emergency Response Team (CERT-In) has issued significant warnings regarding multiple vulnerabilities in Google devices and services, urging users to update their systems immediately to avoid potential security breaches.

What the government saidCERT-In has identified significant security vulnerabilities in both Google Pixel smartphones and the Google Chrome desktop browser. The cybersecurity agency under the Ministry of Electronics and Information Technology warns that these vulnerabilities could be exploited by remote attackers to gain unauthorized access, execute arbitrary code and conduct denial-of-service (DoS) attacks. The advisories emphasize the urgent need for users to apply the latest updates to secure their systems.

Why this warning is importantThe vulnerabilities reported by CERT-In pose serious risks to users. In Google Pixel devices, these defects are due to incorrect input validation in various components such as Exynos RIL, Modem, LWIS, ACPM, Fingerprint Sensor, Telephony, Audio, WLAN HOST, Trusty OS, Pixel Firmware, LDFW, Trusty/TEE, Goodix, Mali, avcp, confirmation, CPIF, v4l2 and GsmSs. Remote attackers can exploit these weaknesses to gain access to sensitive information, escalate privileges, and completely compromise the system. It is worth noting that CVE-2024-32896 (Elevation of Privilege) is already being exploited in the wild, highlighting the critical nature of these vulnerabilities.

Similarly, the Google Chrome desktop browser has multiple security vulnerabilities, including type confusion in V8, improper implementation in WebAssembly, excessive memory access in Dawn, and use-after-free issues in Dawn. These vulnerabilities could allow attackers to execute arbitrary code to trick victims into visiting malicious websites, potentially leading to serious data breaches and other security incidents.

What users can doTo protect against these vulnerabilities, CERT-In recommends that users:

Update software: Instantly apply the latest security updates from Google for Pixel devices and Chrome for desktop.
Stay up to date: regularly monitor CERT-In and Google updates and advisories.
Be careful: watch out for suspicious links and untrusted websites as they can be exploitation vectors.

List of affected devices and services
Google devices:
Pixel 5a with 5G
Pixel 6a
Pixel 6
Pixel 6 Pro
Pixel 7
Pixel 7 Pro
Pixel 7a
Pixel 8
Pixel 8 Pro
Pixel 8a
Pixel folding
These devices are vulnerable to attacks due to flaws in the firmware and various components, including Exynos RIL, Modem, LWIS, ACPM, and others. The specific issue CVE-2024-32896 (Elevation of Privilege) has been reported to be actively exploited.

Google Chrome for desktop:
Versions prior to 126.0.6478.114/115 for Windows and Mac
Versions prior to 126.0.6478.114 for Linux