Govt agency warns of severe vulnerabilities in ChromeOS

CERT-in (Indian Computer Emergency Response Team) recently released an advisory highlighting critical security vulnerabilities in Google’s ChromeOS.

The government’s cybersecurity watchdog has designated a High severity rating to the security alert, CIVN-2024-0031, and recommends that these be addressed at the earliest.

On the official website, CERT-in highlights that all Google’s ChromeOS LTS channel versions prior to 114.0.5735.350 (Platform version: 15437.90.0) are affected. It states that the vulnerabilities exist in Use after free in Side Panel Search and insufficient data validation in the extensions.

These allow hackers to remotely gain administrative privileges, execute arbitrary code, bypass security features, and deploy a Denial of Service (DoS) attack on any system running the affected ChromeOS version.

All this can be achieved by tricking you into visiting a webpage specifically designed for deploying the attack.

CERT-in recommends that you update to the latest LTS channel, 114.0.5735.350, for ChromeOS devices to avert the possibility of an attack or the data being compromised. The official Chrome Releases page also states that the vulnerabilities have been eliminated in the update.

There’s no reason to be concerned. Such vulnerabilities are identified from time to time and patch is released in the latest versions. This is the standard practice!