Friday, July 12, 2024
- Advertisement -
More

    Latest Posts

    CERT-IN flags multiple high severity vulnerabilities in Google Chrome

    The Indian Computer Emergency Response Team (CERT-IN) flagged multiple high-severity security vulnerabilities in Google Chrome for Desktop on the 3rd of June, according to a vulnerability note published on its website. If successfully exploited, these vulnerabilities could allow a remote attacker to execute arbitrary code on a compromised system. The vulnerability has a severity rating of “high”. The solution is to update the application with the latest patches released by Google.

    What are the vulnerabilities detected?

    CERT-IN has notified a total of seven vulnerabilities which affect Chrome version 125.0.6422.141 for Windows. According to the cybersecurity agency, the vulnerabilities exist due to “Use after free in Media Session, Dawn & Presentation API; Out of Bounds memory access in Keyboard; Out of bounds write in Streams API and Heap buffer overflow in WebRTC.” 

    A use-after-free vulnerability occurs when an application attempts to access or use memory that has already been freed or deallocated, while an out-of-bounds memory access or write vulnerability occurs when an application reads or writes data outside the boundaries of allocated memory. Similarly, a heap buffer overflow occurs when an application attempts to write data beyond the boundaries of the allocated heap buffer, which is a temporarily allocated memory. 

    What does this mean?

    The vulnerabilities could be exploited by getting users to visit a specially crafted webpage, says the organisation. Successful exploitation would allow a remote attacker to execute arbitrary code on a compromised system. Executing arbitrary code means that the attacker can run any malicious program or command on the victim’s computer, which could lead to data theft, installation of malware, or complete system compromise.

    Two weeks ago, CERT-IN had flagged another serious vulnerability in Chrome, which was termed as a “Type Confusion flaw” in the V8 engine, allowing a remote attacker to similarly execute arbitrary code on the system. Google released an update to secure the vulnerability, however, exploits still exist in the wild.

    Operational since 2004, CERT-IN is the national nodal agency for responding to computer security incidents across the country.

    Also Read:

    The post CERT-IN flags multiple high severity vulnerabilities in Google Chrome appeared first on MEDIANAMA.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.