CERT-In, India’s national nodal agency for responding to computer security incidents, has issued a high-severity warning about multiple vulnerabilities in Google Chrome that could allow a remote attacker to execute arbitrary code and cause denial of service condition on targeted systems . The warning is designated as CERT-In Vulnerability Note CIVN-2023-0295, issued on October 11, 2023, and underscores a series of high-severity vulnerabilities that can be exploited by hackers and harm the safety and speed of devices using Google Chrome .
The security note elaborates on the specific ‘High’ severity vulnerabilities found in Google Chrome. These vulnerabilities encompass “Use after free” flaws in Site Isolation, Blink History, and Cast, as well as improper implementations in various Chrome features such as Fullscreen, Navigation, DevTools, Intents, Downloads, Extensions API, Autofill, Installer, and Input. Furthermore, a heap buffer overflow vulnerability has been identified in the handling of PDF files.
CERT-In has warned that the vulnerabilities it has highlighted can be exploited by remote attackers by sending carefully crafted requests to the target system. This exploitation could lead to a number of harmful consequences, including bypassing security restrictions, executing unauthorised code, revealing sensitive data, and causing denial-of-service (DoS) disruptions on the targeted system .
In simpler terms - This warning underscores the real danger of attackers capitalising on these vulnerabilities to gain control over devices, which is a grave concern for users. CERT-In strongly recommends immediate system updates to avoid targeted attacks.
0 Comments