Govt issues warning for Google Chrome, Apple users; Issues advisory to update security patches

The Centre has warned of multiple Google Chrome vulnerabilities that could allow remote attackers to bypass security restrictions on targeted systems. The warning comes from the Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics and Information Technology.

Also Read | WhatsApp launches new privacy features: Silent Group exit, Screenshot blocking and more

The warning follows a CERT-In advisory for Apple users that warned them against a vulnerability in iOS and iPadOS versions prior to 15.6.1 and macOS Monterey version prior to 12.5.1. The central organisation, in its warning, said it could allow a remote attacker to exploit vulnerabilities by enticing a victim to open a file specially crafted to exploit it.

Apple, Google’s biggest rivals, has also disclosed security vulnerabilities for iPads, iPhones, and Macs that could allow attackers to take control of these devices. The company said it was “aware of a report that this issue may have been actively exploited”, and asked users to update their software. While Apple did not disclose if it had information regarding the extent to which the vulnerabilities had been exploited, the Cupertino-based tech giant has released two security reports.

ARE ALL GOOGLE CHROME USERS HIT?

The vulnerability has not affected all Google Chrome users. According to the Centre’s advisory, Google Chrome users running versions before Google Chrome 104.0.5112.101 face the risk. The government has advised users running an older version of Google Chrome to update their browser version.

THE WARNING

CERT-In, in its warning, said multiple vulnerabilities had been detected in the Google Chrome browser “which could allow a remote attacker to execute arbitrary code and security restriction bypass on the targeted system”.

Also Read | WhatsApp will soon let you restore deleted messages

“These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-in Flow, Chrome OS Shell; Heap buffer overflow in downloads, insufficient validation of untrusted input in intents, insufficient policy enforcement in Cookies and inappropriate implementation in extensions API,” it added.

The advisory added that the vulnerability (CVE-2022-2856) was being exploited in the wild. “Users are advised to apply patches urgently,” CERT-In said.

Source Link

LEAVE A REPLY

Please enter your comment!
Please enter your name here