The Pakistan Telecommunication Authority (PTA) has issued an urgent cybersecurity advisory, urging all users to immediately update their Google Chrome browsers. This comes after the discovery of two severe vulnerabilities that could potentially allow remote attackers to execute malicious code on affected systems. The flaws impact all versions of Chrome prior to the latest emergency update and affect users across Windows, macOS, and Linux platforms.
Read More: PTA Blocks Websites and Applications
As part of the advisory, PTA has stressed that these vulnerabilities are highly critical, putting millions of users at risk. The authority has emphasized that failure to update the browser could expose systems to remote exploitation, making it an urgent matter for both individual users and organizations.
Details of the Vulnerabilities
The advisory details two vulnerabilities, both classified as high-severity security risks:
- CVE-2024-4671: This vulnerability allows attackers to bypass Chrome’s sandbox environment, which is a security feature that isolates processes to prevent potential malicious code from affecting other parts of the system. If exploited, this flaw enables attackers to access a user’s device through specially crafted websites. The risk is particularly high because the sandbox escape could provide unauthorized access to critical system resources and data.
- CVE-2024-4761: The second vulnerability is found in Chrome’s V8 JavaScript engine. This flaw causes an out-of-bounds write, which can lead to arbitrary code execution. This means that an attacker could potentially inject malicious code into the browser and take control of the system. If exploited, this vulnerability could allow the attacker to execute harmful operations, including stealing sensitive data or launching further attacks on the system.
Both vulnerabilities are of significant concern because they can be exploited remotely through compromised websites. This means that simply visiting a malicious webpage could lead to an attack without any further interaction required from the user.
Immediate Action Recommended
To mitigate the risks posed by these vulnerabilities, PTA has strongly recommended that all users update their Google Chrome browser to version 124.0.6367.207 or later. This update addresses both vulnerabilities, significantly reducing the chances of exploitation.
Users can easily check their current Chrome version by navigating to Settings > About Chrome in the browser’s menu. If an update is available, users can restart their browser to apply it. PTA has also emphasized the importance of enabling automatic updates for Chrome to ensure that users always have the latest security patches, protecting them from future vulnerabilities.
Organizations are particularly urged to ensure that all their devices are updated, as the exploitation of these flaws could lead to serious security breaches, including data theft or loss of control over systems.
Monitoring for Suspicious Activity
In addition to updating browsers, PTA has urged all users to stay vigilant for any signs of unusual activity on their systems. Suspicious behavior, such as unexplained system slowdowns, abnormal resource usage, or sudden crashes, could be an indication that an exploitation attempt has been made.
Users are encouraged to regularly monitor their systems for any anomalies and report any potential security incidents immediately to the PTA CERT Portal or through email. This quick reporting process ensures that experts can investigate and mitigate any threats before they escalate further.
Read More: PTA announces plans to ‘block’ VPNs
The PTA’s advisory comes at a time when cybersecurity experts are increasingly concerned about the frequency and sophistication of browser-based attacks. With more people relying on web browsers for both personal and professional tasks, the number of potential entry points for cybercriminals continues to grow.