‘Remote Code Extension’ is a security vulnerability in Apple products which happens from inadequate checks in the CoreMedia component.
Tag: Google Chrome
-
CERT-In Finds Multiple Bugs In Google Chrome, GitLab |
New Delhi: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has warned users of multiple vulnerabilities in Google Chrome and GitLab (an open-core company) which could allow an attacker to obtain sensitive information, bypass security restriction and cause denial-of-service (DoS) conditions on the targeted system.
The affected software includes Chrome versions before 124.0.6367.118/.119 for Mac and Windows and Chrome versions prior to 124.0.6367.118 for Linux. For GitLab, the affected software includes -GitLab Community Edition (CE) and Enterprise Edition (EE) versions before 16.11.1, 16.10.4 and 16.9.6.
“Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to trigger remote code execution and DoS conditions on the targeted system,” said the CERT-In advisory. (Also Read: Now Limit Replies Only To Verified Users On X To Avoid Spam: Tesla and SpaceX CEO Elon Musk)
According to the cyber agency, these vulnerabilities exist in Google Chrome due to the use-after-free flaw in Dawn and Picture in Picture components.
On the other hand, multiple vulnerabilities such as authentication bypass vulnerability, security restriction bypass, and denial of service exist in GitLab due to improper authentication mechanisms, flaws in handling domain-based restrictions when processing crafted email addresses, path traversal vulnerability and an inefficient regular expression, respectively.
As mentioned by the cyber agency, an attacker could use “these vulnerabilities by persuading a victim to visit a specially crafted website.” The agency suggested users apply appropriate security updates as mentioned by the companies.
-
Government Releases Urgent Alert For Google Chrome Users, Urging Them To Promptly Update Their Browser |
New Delhi: The Indian Computer Emergency Response Team (Cert-In) has issued a high-risk warning concerning several vulnerabilities found in Google Chrome OS. According to their latest security advisory dated February 8, 2024, identified as CIVN-2024-0031, the government research team has disclosed that these vulnerabilities are deemed high-risk and present substantial threats to users of Google Chrome OS versions preceding 114.0.5735.350 (Platform Version: 15437.90.0) on the LTS channel.
As per CERTIn’s findings, the identified vulnerabilities can be utilized by a remote attacker to execute arbitrary code, attain elevated privileges, circumvent security measures, or induce denial of service situations on the targeted system.
What are the risks involved?
The risk associated with these vulnerabilities stems from two primary issues:
-Use-after-free in Side Panel Search: This vulnerability enables attackers to exploit memory errors within the Side Panel Search feature, potentially resulting in the execution of arbitrary code or the circumvention of security protocols. (Also Read: Meta Will Stop Suggesting Political Content To Users On Both Instagram And Threads)
-Insufficient data validation in Extensions: This vulnerability arises from inadequate validation of input data in extensions, providing attackers with the opportunity to execute malicious actions on compromised systems. (Also Read: OpenAI Introduces Watermarking For AI-Generated Images Via DALL-E 3; Check Details)
According to Cert-In’s vulnerability note, remote attackers can exploit these vulnerabilities by enticing unsuspecting users to visit specially crafted websites. Upon accessing these sites, the vulnerabilities would be triggered, allowing attackers to compromise the security of unsuspecting users.
How to ensure safety
To stay protected from these vulnerabilities, Cert-In strongly recommends updating Google Chrome to the latest version, which includes security patches from Google. Users should promptly update their Google Chrome OS to version 114.0.5735.350 (or newer) on the LTS channel to address these vulnerabilities and improve system security.
Furthermore, users should:
-Be cautious: Exercise care when browsing the internet, especially on unfamiliar or suspicious websites. Avoid clicking on links from untrusted sources or engaging with unsolicited emails or messages.
-Follow security best practices: Implement robust security measures such as using trusted antivirus software, regularly updating software and applications, and enabling firewalls to enhance protection against potential threats.
CERT-In is currently conducting a “Cyber Swachhta Fortnight” from February 1 to 15, 2024. This initiative aims to safeguard the nation’s digital security by protecting cyberspace from botnets, which have the potential to infect and compromise users’ systems.
To achieve this goal, CERT-In has introduced the ‘Cyber Swachhta Kendra’ (CSK), which provides the eScan Botnet Scanning & Cleaning Toolkit for laptops, desktops, and smartphones. Developed in partnership with eScan, a reputable cybersecurity solutions provider, this toolkit empowers individuals to scan and cleanse their devices, shielding them from botnet threats.