PTA Warns of Critical Google Chrome Security Flaws, Urges Immediate Update to Prevent Cyber Attacks | Pakistan Press Foundation (PPF)

Pakistan Press Foundation

PTA Warns of Critical Google Chrome Security Flaws, Urges Immediate Update to Prevent Cyber Attacks

Pakistan Press Foundation

The Pakistan Telecommunication Authority (PTA) has issued an advisory calling on users to update their Google Chrome browsers immediately following the detection of two critical security flaws. These vulnerabilities affect all versions of Chrome before the latest security patch and could allow remote attackers to take control of targeted systems.

The first security flaw, CVE-2024-4671, allows attackers to bypass Chrome’s sandbox environment, making it possible to gain unauthorized access to devices through compromised web pages. The second flaw, CVE-2024-4761, affects the V8 JavaScript engine, creating a scenario where attackers can manipulate system memory and execute malicious code. Both vulnerabilities are categorized as high-severity threats and pose a threat to users across Windows, macOS, and Linux platforms.

PTA has advised users to install Google Chrome version 124.0.6367.207 or later to address these issues. To update, users should open Chrome, navigate to Settings > About Chrome, and restart the browser if prompted. The advisory also recommends activating automatic updates to ensure future security patches are applied without delay.

Users are encouraged to remain watchful for any unusual system behavior that might indicate an attack. PTA has requested individuals and organizations experiencing security incidents to report them via the PTA CERT Portal or through official email channels.

Earlier, on January 26, the National Telecom and Information Technology Security Board (NTISB) also released a cybersecurity warning regarding malicious browser extensions. The advisory highlighted that certain popular extensions, including ChatGPT-4, Gemini for Chrome, Bard AI Chat Extension, VPNCity, and VidHelper Video Downloader, have been compromised by hackers. These extensions, commonly used for AI tools and VPN services, were reportedly injected with malicious code, exposing users’ personal identifiable information (PII) to phishing threats.

 

Photo: Pakistan Telecommunication Authority


Comments are closed.