Sunday, July 21, 2024
- Advertisement -
More

    Latest Posts

    CERT-IN Warns About Security Vulnerabilities in Google Chrome

    What’s the news? The Indian Computer Emergency Response Team (CERT-IN) has issued a warning regarding eighteen new security vulnerabilities found in Google Chrome for desktop. According to a report published on June 14, the vulnerabilities affect Chrome versions prior to 126.0.6478.56/57(Windows, Mac) and 126.0.6478.54 (Linux). The cybersecurity agency has classified the vulnerabilities as “high-risk.” The solution is to apply the latest updates released by the company. 

    What Are The Vulnerabilities? The vulnerabilities cover various components of Chrome, including the V8 JavaScript engine, Dawn (a web graphics library), Tab Groups, DevTools, Memory Allocator, CORS, Browser UI, Downloads, Tab Strip, Audio, and PDFium (a PDF rendering library). It describes several vulnerabilities like a Type Confusion in V8 Javascript engine, which occurs when the engine mishandles or confuses the data types it’s working with and a “Use after free” vulnerability, which occurs when an application tries to access or use memory that has already been freed or deallocated.

    It also refers to a policy bypass vulnerability in CORS (Cross-Origin Resource Sharing), which is a security mechanism that restricts web browsers from accessing resources from different origins (domains). A “Policy Bypass” vulnerability in CORS could allow an attacker to bypass these restrictions and access resources they shouldn’t have access to. The vulnerabilities could be exploited by getting users to visit a specially crafted webpage, says the organisation.

    Successful exploitation would allow a remote attacker to execute arbitrary code on a compromised system. Executing arbitrary code means that the attacker can run any malicious program or command on the victim’s computer, which could lead to data theft, installation of malware, or complete system compromise.

    A continuing trend: The cybersecurity agency had also reported on multiple high-severity security vulnerabilities in Google Chrome for Desktop last week. Back then, a total of seven vulnerabilities which could affect Chrome version 125.0.6422.141 for Windows were flagged. In this case, the existence of vulnerabilities was attributed to “Use after free in Media Session, Dawn & Presentation API; Out of Bounds memory access in Keyboard; Out of bounds write in Streams API and Heap buffer overflow in WebRTC.”

    Also Read:

    The post CERT-IN Warns About Security Vulnerabilities in Google Chrome appeared first on MEDIANAMA.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.