Chrome OS isn’t as widely accepted as Windows or MacOS. However, as people still continue to use it and store data on Chrome OS devices, a new warning that has been issued by the government’s cyber security arm Computer Emergency Response Team (CERT-In) that can put that data at risk.
As per the latest advisory from the security agency, Google Chrome OS could be exploited by hackers who can “bypass several restrictions, execute arbitrary code” and gain full access. It can also cause denial of service condition on the targeted system which can result in the user not being able to use their device properly. It may also result in data theft.
In addition, Cert-In noted that only Chrome OS versions prior to 98.0.4758.80 are affected by the vulnerabilities. “These vulnerabilities exist in Google Chrome due to inappropriate implementation in Autofill, Storage, Push messaging, Fenced Frames and Service Worker API, use-after-free in Storage, Safe browsing, Scheduling, Printing, Omnibox, Web packaging, Site isolation, Bookmarks, Text Input Method Editor and Optimization Guide, improper bounds checking by PDFium and Task Manager”. Further, the advisory said that an attacker could exploit this vulnerability by enticing the victim to open the specially crafted webpage.
Read More: Installing Chrome OS 96 may not be safe for now?
Meanwhile, the vulnerabilities were fixed by Google in Chrome 98 earlier this month. The nodal agency in its advisory categorised the severity of the issues as “high”. It also said that only Google Chrome OS versions prior to 96.0.4664.180 were affected by these vulnerabilities.
Google has already released the latest version with the appropriate fixes and one should immediately update their devices running Chrome OS. To those unaware, Cert-In deals with cyber security threats like hacking and phishing and aims to strengthens security-related defence of the Indian Internet domain.