The Nigeria Data Protection Commission (NDPC) has issued a security advisory, warning Nigerians about multiple vulnerabilities discovered in the Google Chrome browser. 

According to the Commission’s announcement on its official X handle, these flaws could let attackers run harmful code on a user’s system, giving them dangerous control over your personal data and devices.

The commission, established under the Nigeria Data Protection Act 2023 to safeguard data privacy, enforce regulations, and promote responsible data handling in Nigeria said, “Multiple vulnerabilities have been discovered in Google Chrome. The most severe of these could allow an attacker to execute arbitrary code on a user’s system.”

Google Chrome vulnerabilities and why they matter

These Google Chrome vulnerabilities are security holes in Chrome’s code. If you haven’t updated your browser, it’s like leaving your front door wide open for cybercriminals. The most severe of these flaws, as stated by the NDPC, could allow an attacker to bypass security measures and gain unauthorised access to your computer.

The potential impact is alarming. Cyber attackers could install harmful programs in your system without your permission. As such they could view, delete, or alter your private data, including personal documents, photos, and financial records. They can also create new user accounts with full administrative rights, effectively giving them complete control of your device.

These actions can lead to the theft of sensitive personal data, financial loss, and the complete disruption of your system’s functionality. This is why the NDPC is stressing that users must act immediately to secure their systems.

How to protect yourself

Protecting yourself is straightforward and requires only a few minutes. The NDPC has provided clear guidance:

1. Update Chrome Immediately: This is the single most important step. Google has released a patch that fixes these vulnerabilities. Simply open Chrome, go to the three-dot menu in the top-right corner, navigate to Help, and then select About Google Chrome. The browser will automatically check for and install the latest update. Restart the browser once it’s done.
2. Limit User Permissions: As a best practice, operate with standard user rights on your computer whenever possible, not administrative rights. This limits the potential damage an attacker can do even if they manage to get in.
3. Exercise Caution: Be vigilant. Avoid clicking on suspicious links in emails or on social media, don’t open unsolicited attachments, and only visit websites you trust. Attackers often use these vulnerabilities in combination with clever phishing schemes to trick you.

Backstory

This advisory from the NDPC fits into a larger, ongoing effort to secure Nigeria’s digital space. For years, the government has been pushing for stricter enforcement of data protection laws.

However, other government bodies like the National Information Technology Development Agency (NITDA) and the Nigerian Communications Commission (NCC) have also raised alarms about similar threats.

According to an advisory from NITDA, cybercriminals were actively exploiting a “type confusion” flaw in Chrome’s V8 JavaScript engine. This vulnerability was a coding error that could be triggered just by visiting a malicious website, allowing attackers to take control of an unpatched system. 

This threat, like the current one, was a serious zero-day vulnerability, meaning it was being exploited in the wild even before a fix was available.

Another notable threat, according to the NCC’s Computer Security Incident Response Team (CSIRT), involved several “Use-After-Free” vulnerabilities. These flaws are like a computer using a ladder that’s already been removed, causing it to crash and creating an opening for an attacker to execute harmful code.

The National Commissioner of the NDPC, Dr. Vincent Olatunji, has been a key figure in this push. Last year, he disclosed that the commission was actively investigating 17 major cases of data breaches across various sectors, including finance, technology, education, logistics, and lottery. 

According to the NDPC, these investigations stemmed from over 1,000 complaints, highlighting a systemic issue with data security in the country. This reveals that the NDPC isn’t just reacting to a single threat but is part of a sustained campaign to hold institutions accountable and protect citizens’ rights in an increasingly digital world.