The Indian government has once again issued a high risk warning for users of Google Chrome and Android operating systems. According to India’s Computer Emergency Response Team (CERT-In), several vulnerabilities have been identified that hackers could exploit to take control of systems. CERT-In highlighted these issues in two recent advisories – CIVN-2024-0319 and CIVN-2024-0318 – urging users to take urgent action to mitigate risks.

According to CERT-In, several vulnerabilities have been identified in Android and Google Chrome, potentially exposing millions of devices to cyberattacks. The vulnerabilities have been rated “high severity” and if exploited, could allow cyber attackers to execute arbitrary code, potentially leading to complete system compromise.

CERT-In notes that these vulnerabilities exist in different versions of Android and Chrome, making millions of devices and users vulnerable to security breaches. According to the government cybersecurity team, vulnerabilities in Android and Chrome can be exploited in several ways, primarily through malicious websites or apps.

In the case of Google Chrome, the vulnerabilities include an integer overflow in the layout functionality, improper implementation in the V8 JavaScript engine, and type confusion in V8. If a cyberattacker persuades a victim to visit a specially crafted web page, they could execute arbitrary code, leading to unauthorized access to the system. The attacker could then take control of sensitive information or install malware on the affected device.

Similarly, the vulnerabilities identified in Android affect various critical components such as the framework, system and sub-components of MediaTek and Qualcomm. Successful exploitation of these Android vulnerabilities could allow a cyber attacker to execute code with elevated privileges, allowing them to hack the targeted system. Once compromised, attackers can steal sensitive information, compromise user privacy, and potentially prevent users from accessing their devices.

List of affected software

For Google Chrome, the vulnerabilities affect versions earlier than:

• 129.0.6668.89/.90 for Windows and Mac
• 129.0.6668.89 for Linux
• 129.0.6668.100/.101 for Windows and Mac
• 129.0.6668.100 for Linux

For Android, vulnerabilities have been identified in several versions:

• Android 12
• Android 12L
• Android 13
• Android 14
• Android 15

What is the solution?

Although the risk is high, according to CERT-In, users can protect their systems by quickly applying updates as soon as they are released by Google and other affected original equipment manufacturers (OEMs). CERT-In advises users to install these updates as soon as they become available. Here’s what you can do:

For Google Chrome users: Make sure your device is running the latest version of the browser. Google has already released fixes for the vulnerabilities identified in Chrome. The latest stable version of Chrome as of the date of this review is 129.0.6668.100 for Windows and Mac and 129.0.6668.89 for Linux. To check for updates, go to the About section of Chrome and install the latest version to secure your browser against potential attacks.

For Android users: Google is rolling out security patches for affected versions of Android as part of its regular security bulletins. Users are advised to check for system updates in their device settings and install them as soon as they become available.