The Indian Computer Emergency Response Team (CERT-In), which falls under the IT ministry, has issued a high severity warning for Google Chrome users who are using the browser’s version prior to 99.0.4844.74.
Multiple vulnerabilities were reported in Google Chrome which could allow a remote attacker to execute arbitrary code, bypass security restrictions or cause denial of service conditions on the targeted system, CERT-In warned.
The government agency’s warning said that “these vulnerabilities exist in Google Chrome due to use after free in Blink Layout, extensions, safe browsing, splitscreen, ANGLE, new tab page, browser UI and heap buffer overflow in GPU.”
The CERT-In has advised Google Chrome users to update to version 99.0.4844.74 which was rolled out by the company earlier this week with certain fixes and improvements.
CERT-In also issued an alert urging Apple users to upgrade their devices as soon as possible in order to protect themselves against “several vulnerabilities discovered in Apple products.”
According to the advisory, the vulnerabilities discovered in Apple products allow an attacker to obtain elevated privileges and execute arbitrary code on an affected user’s iPhone, exposing personal information and circumventing security constraints on the targeted machine.
According to the release, these vulnerabilities exist in Apple products due to memory initialisation issues, out-of-bounds read and write, memory corruption, type confusion, use after free, null pointer dereference, authentication, cookie management issue, validation issue in the handling of symlinks, permissions issue, buffer overflow, memory consumption issue, access issue, and user interface issue.
The advisory specified the Apple software versions that were vulnerable. These included iOS and iPad versions prior to iOS 15.4, WatchOS prior to 8.5, Apple tvOS prior to 15.4, Apple iTunes for Windows prior to 12.12.3, macOS prior to Monterey 12.3, Apple TV software prior to 7.9, Logic Pro X prior to 10.7.3, and Apple Xcode prior to 13.3.
Along with Google Chrome, the CERT-In has given similar vulnerabilities warning to users of Microsoft Edge browser, in which an attacker can exploit these vulnerabilities by sending a specially crafted request.
The advisory further reveals that “these vulnerabilities exist in Microsoft Edge due to Heap buffer overflow in ANGLE, use-after-free in Cast UI, use after free in Omnibox, out of bounds read in ANGLE, use after free in Views, use-after-free in WebShare, type confusion in Blink Layout, use-after-free in Media, out of bounds memory access in Mojo, use-after-free in MediaStream, and insufficient policy enforcement in Installer.”
The browser can be compromised due to inappropriate implementation in full-screen mode, inappropriate implementation in Permissions, use-after-free in Browser Switcher, data leak in Canvas, inappropriate implementation in Autofill, use-after-free in Chrome OS Shell and out of bounds memory access in WebXR, the alert said. BusinessToday