CERT-In, India’s Computer Emergency Response Team, has issued urgent alerts regarding critical vulnerabilities found in Google devices and services. Users are strongly advised to promptly update their systems to mitigate potential security risks.
According to CERT-In, significant security flaws have been identified in Google Pixel smartphones and the Google Chrome desktop browser. These vulnerabilities, if exploited by remote attackers, could lead to unauthorized access, execution of arbitrary code, and denial-of-service (DoS) attacks. It is crucial for users to apply the latest updates immediately to secure their devices and data.
The identified vulnerabilities in Google Pixel devices stem from incorrect input validation across various components such as Exynos RIL, Modem, LWIS, ACPM, Fingerprint Sensor, Telephony, Audio, WLAN HOST, Trusty OS, Pixel Firmware, LDFW, Trusty/TEE, Goodix, Mali, avcp, confirmation, CPIF, v4l2, and GsmSs. These weaknesses enable attackers to potentially access sensitive information, escalate privileges, and compromise the device entirely. Notably, CVE-2024-32896 (Elevation of Privilege) is actively exploited in the wild, underscoring the critical nature of these vulnerabilities.
Similarly, the Google Chrome desktop browser exhibits multiple security vulnerabilities including type confusion in V8, improper WebAssembly implementation, excessive memory access in Dawn, and use-after-free issues in Dawn. Exploitation of these vulnerabilities could allow attackers to execute arbitrary code, potentially compromising user data through malicious websites.
To safeguard against these threats, CERT-In advises users to take the following actions:
- Update Software: Immediately install the latest security updates provided by Google for Pixel devices and Chrome desktop browser.
- Stay Informed: Regularly check for updates and advisories from CERT-In and Google to stay ahead of potential threats.
- Exercise Caution: Be vigilant against suspicious links and avoid visiting untrusted websites, as they can serve as entry points for exploitation.
- By staying proactive and keeping their systems updated, users can significantly enhance their cybersecurity posture and protect themselves from potential threats associated with these vulnerabilities.
