Home>>Business>>Centre cautions Google Chrome users against ‘vulnerabilities’; details here
Business

Centre cautions Google Chrome users against ‘vulnerabilities’; details here

The Indian Computer Emergency Response Team (CERT-IN), under the Ministry of Electronics and Information Technology, has warned users against “vulnerabilities” in Google Chrome browser.
It further said that multiple vulnerabilities in Google Chrome could allow remote attackers to execute arbitrary code and bypass security restrictions on targeted systems.
No, not all users of Google Chrome are affected by the vulnerability. As per the advisory, Google Chrome users running versions prior to Google Chrome 104.0.5112.101 are at the risk. If you are running an old version of Google Chrome, it is advised to update the browser version on your laptop.
In its warning, CERT-In says that multiple vulnerabilities have been detected in Google Chrome browser “which could allow a remote attacker to execute arbitrary code and security restriction bypass on the targeted system.”
“These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-in Flow, Chrome OS Shell; Heap buffer overflow in downloads, insufficient validation of untrusted input in intents, insufficient policy enforcement in Cookies and inappropriate implementation in extensions API,” it further said.
The vulnerability (CVE-2022-2856) is being exploited in the wild. Users are advised to apply patches urgently, the advisory says.
Earlier this week, CERT-In issued an advisory for Apple users, warning them against a vulnerability existing in iOS and iPadOS version prior to 15.6.1, and macOS Monterey version prior to 12.5.1. In its warning, the central organization said that it could allow a remote attacker to exploit vulnerabilities by enticing a victim to open a specially-crafted file.
The CERT-IN had also found vulnerabilities in CISCO software products which could allow an attacker to execute arbitrary code, information disclosure and cross site scripting attack on an affected system.

Leave a Reply

Your email address will not be published. Required fields are marked *