Saturday, July 13, 2024
- Advertisement -

    Latest Posts

    CERT-IN Flags High-Risk Security Threat In Google Chrome

    The Indian Computer Emergency Response Team (CERT-IN) flagged a high-risk security vulnerability in Google Chrome on the 24th of May, according to a vulnerability note published on its website. The vulnerability, which was termed as a “Type Confusion flaw” in the V8 engine, could allow a remote attacker to execute arbitrary code on the system. Google released an update to secure the vulnerability, however, exploits still exist in the wild.

    What does ‘Type Confusion’ mean?

    The vulnerability has been named CVE-2024-5274 and has a severity rating of ‘High,’ according to CERT-IN’s vulnerability notes.  This vulnerability is called a “Type Confusion” flaw, which means that the software gets confused about the type of data it’s dealing with, leading to a potential security breach. The solution is to update Chrome to the latest version.

    Why does it matter?

    Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave use an open-source JavaScript engine called V8 to execute JavaScript code on websites. JavaScript is a programming language that makes web pages interactive and dynamic. A “Type Confusion” flaw refers to a vulnerability where the type of an object is unexpectedly misinterpreted or confused with another type. This can lead to memory corruption or arbitrary code execution. In the context of V8, a Type Confusion vulnerability could allow an attacker to execute malicious code within the browser’s JavaScript engine, potentially compromising the user’s system.

    How critical is this security threat?

    Executing arbitrary code means that the attacker can run any malicious program or command on the victim’s computer, which could lead to data theft, installation of malware, or complete system compromise. Last year, a similar vulnerability named CVE-2023-3079 was discovered by the US National Institute of Standards and Technology and patched soon.

    In March this year, CERT-IN flagged critical security flaws in two government cybersecurity applications, which could potentially allow attackers to take control of the applications.

    Operational since 2004, CERT-IN is the national nodal agency for responding to computer security incidents across the country.

    Also Read:

    The post CERT-IN Flags High-Risk Security Threat In Google Chrome appeared first on MEDIANAMA.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.