SUMMARY
Multiple vulnerabilities have been reported in Google Chrome which could allow a remote attacker to bypass security restrictions on the targeted system: CERT-In
CERT-In has advised users to apply patches urgently to avoid being exploited
Vulnerabilities also detected in Apple iOS, iPadOS and macOS that could allow a hacker to execute arbitrary code on the targeted systems: CERT-In
The Indian Computer Emergency Response Team (CERT-In) has issued a warning about vulnerabilities in Google Chrome browser that allow hackers to bypass security systems on computers.
“Multiple vulnerabilities have been reported in Google Chrome which could allow a remote attacker to execute arbitrary code and security restriction bypass on the targeted system,” CERT-In said in a note.
It advised users to apply patches urgently to avoid being exploited. Essentially, the agency directed users to update their Chrome browsers.
Tagged ‘High’ on the severity rating, the agency said that a remote attacker could exploit the vulnerabilities by sending specially crafted requests on the targeted system.
“These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, sign-in flow, Chrome OS shell; Heap buffer overflow in downloads, insufficient validation of untrusted input in intents, insufficient policy enforcement in cookies and inappropriate implementation in extensions API,” CERT-In noted while drawing a description of the vulnerability.
It also advised users against vulnerabilities in Apple iOS, iPadOS and macOS. Tagged ‘High’ on the severity list, these issues could allow a hacker to execute arbitrary code on the targeted systems.
“This vulnerability exists in the Apple iOS, iPadOS and macOS due to out-of-bounds write in the Kernel and WebKit component. A remote attacker could exploit this vulnerability by enticing a victim to open a specially-crafted file,” the agency said.
Users have been directed to apply necessary patches and upgrade their softwares to avoid any fallout from the issue.
This comes days after a researcher claimed that sensitive data of 28 Cr Indians was leaked by hackers from the website of Employees Provident Fund Organisation (EPFO). Leaked data ranged from Aadhaar card details to bank account details of the enrolled users.
Last month, fintech player Policybazaar’s IT systems were subjected to illegal and unauthorised access. In July, the Securities and Exchange Board of India (SEBI) also witnessed a cyberattack involving its email system, after which the market regulator lodged an FIR in the matter.
Over 14 Lakh cybersecurity incidents were reported to CERT-In last year.
