2 weeks Ago By Sakshi Sadashiv K
Explainer Briefly Slides India’s Computer Emergency Response Team (CERT-In) has issued a warning about a critical vulnerability found in Google Chrome for desktops. This vulnerability affects both Windows and Mac users, allowing remote attackers to execute arbitrary code on the targeted systems. According to CERT-In, the Chrome vulnerability stemmed from a ‘type confusion’ flaw that attackers can exploit by sending specially crafted requests.
CERT-In is a nodal agency under the Ministry of Electronics and Information Technology that deals with cyber security incidents occurring within the Indian Internet domain. What is a type confusion flaw? A ‘type confusion’ vulnerability happens when a computer program allocates memory for one type of data but mistakenly treats that memory as if it holds a different type of data. For example, if a program reserves space in memory for an integer (a whole number) but then reads it as a string (a sequence of characters), this mismatch can cause problems.
To illustrate, imagine a program sets aside a box to store a number, like the number 5. But later, due to a malfunction, the program mistakenly fills the box with a word instead, like “hello.” The program still expects a number in that box and tries to perform math on it, like adding more numbers.
But since “hello” isn’t a number, the program can’t complete the operation, leading to confusion and errors. This kind of mix-up can cause the program to crash or behave unexpectedly because it’s trying to use the wrong type of information. Therefore, the program’s original memory of the number 5 isn’t erased, its just malfunctioning.
This confusion might cause the system to crash, meaning the program stops working entirely. It can also corrupt data, causing loss or alteration of important information. Additionally, attackers can exploit this vulnerability to run malicious code on the affected device, which can compromise security and lead to unauthorized access or damage.
Google released an update to rectify the security issue. The update, labeled as stable channel update 125.0.
6422.112/.113 for Windows and Mac, and 125.
0.6422.112 for Linux, will be rolled out over the coming days and weeks, as mentioned in a Google blog post.
How does Google address its security issues? While Google typically installs crucial security updates automatically, users can manually update their browsers by checking the settings menu. Google has a process for flagging vulnerabilities, especially concerning its Chrome browser: The workflow operates as follows: Google’s Project Zero focuses on identifying and addressing security flaws in software, including its own and third-party products. Upon discovering a ‘zero-day’ vulnerability, Google aims to notify the affected vendor within 90 days to allow time for a fix.
Once the vulnerability is addressed, Google notifies CERT-In. CERT-In then issues an alert to inform users about the vulnerability and the importance of updating their software to protect against potential threats. Read More:.
