Google Chrome Security Flaws: What You Need to Know

India’s cybersecurity watchdog, CERT-In, has issued warnings about two vulnerabilities in the popular Google Chrome browser that hackers can exploit. These new warnings are primarily for Chrome users on Mac, PC, and laptop platforms, although they may also affect smartphone users to a lesser extent. The vulnerabilities can allow attackers to compromise user data and devices, emphasizing the importance of updating to the latest version of the browser.

What are the Security Flaws?

According to CERT-In’s website, Google Chrome is currently facing two major vulnerabilities: CIVN-2025-0007 and CIVN-2025-0008. The first vulnerability affects Google Chrome versions before 132.0.6834.83/8r (in Windows/Mac), while the second one targets Google Chrome versions before 132.0.6834.110/111 for Windows and Macs, as well as versions before 132.0.6834.110 for Linux.

How Can These Security Flaws Affect Users?

CIVN-2025-0007 includes multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, cause Denial of Service (DoS) conditions, disclose sensitive information, and bypass security restrictions on the targeted system. These security flaws are targeted towards all end-user organizations and individuals using Google Chrome for desktops. Hackers can use these vulnerabilities to potentially disclose sensitive information, cause system instability, and data exfiltration.

CERT-In claimed that these vulnerabilities exist in Google Chrome due to out-of-bounds memory access in V8, inappropriate implementation in navigation, fullscreen, fenced frames, payments, extensions, and compositing, an integer overflow in Skia, out-of-bounds read in metrics, stack buffer overflow in Tracing, Race in Frames, and Insufficient data validation in Extensions.

Exploiting the Vulnerabilities

A remote attacker can exploit these vulnerabilities by sending a specially crafted request to the targeted system. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, cause Denial of Service (DoS) conditions, disclose sensitive information, and bypass security restrictions on the targeted systems.

CIVN-2025-0008: Another Set of Vulnerabilities

CIVN-2025-0008 also includes multiple vulnerabilities that can allow a remote attacker to execute arbitrary code or cause denial of service (DoS) conditions on the targeted system. These security flaws are also targeted towards all end-user organizations and individuals using Google Chrome for Desktop. Hackers can also use these vulnerabilities to disclose sensitive information or cause system instability.

CERT-In also noted that these vulnerabilities exist in Google Chrome due to object corruption in V8 and out-of-bounds memory access in V8. A remote attacker could exploit these vulnerabilities by executing a specially crafted webpage to conduct remote code execution or cause a denial of service (DoS) condition on the targeted systems.

What to Do?

CERT-In has asked users to immediately apply the necessary security patches and update their Chrome browser to mitigate these risks. It is essential to update to the latest version of the browser to ensure the security of your data and devices.

Published On: January 27, 2025, at 10:27 AM IST

Category: Most Read