The Indian Computer Emergency Response Team (CERT-In) has issued a warning for Chrome OS users in India. In its latest vulnerability note, the national nodal agency shared that multiple vulnerabilities were spotted in Google’s operating system. According to CERT-In, the affected software included the Long-Term Support (LTS) channel of ChromeOS versions before 120.0.6099.315 (platform version: 15662.112).
The ‘high’ severity rating vulnerabilities note by CERT-In (functioning under the Ministry of Electronics and Information Technology, Government of India) said the flaws in the stated ChromeOS versions could be exploited by bad actors to execute arbitrary codes on a system. The errors due to the “Heap buffer overflow in WebRTC and Use after free in Media Session” could allow attackers to persuade users to a web page and compromise the system via malicious and harmful activity.
A buffer overflow occurs if the volume of data breaches the available memory capacity for the buffer. For context, WebRTC adds real-time communication capabilities to apps that web pages. These can include video, voice, generic data and more. The second error concerns the incorrect use of dynamic memory when performing program operations.
Developed by Google, ChromeOS is a lightweight alternative to Microsoft Windows. (Image:Google)
“An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the targeted system,” CERT-In said. As a safety measure, CERT-In recommends users update ChromeOS to the latest version to patch the vulnerabilities.
As a part of other safety measures, users should not click on suspicious links or visit websites that may run malicious scripts on their devices. You can consider installing an antivirus and scanning your system regularly to remain safe with updated definitions. Moreover, you should only download apps and files from official and trusted sources on the internet.