The Indian Computer Emergency Response Team (CERT-In) under the IT Ministry has issued a high-severity warning for Google Chrome browser user. The warning is for users who are using a version of the browser earlier than 97.0.4692.71. According to the warning, several vulnerabilities have been reported Google Chrome which can be exploited by anyone to execute arbitrary code on the target system.
The advisory further states that “these vulnerabilities exist in Google”. chrome Due to free access to storage, screen capture, sign-in, SwiftShader, PDF, Autofill and File Manager APIs; Inappropriate implementations in DevTools, Navigation, Autofill, Blink, WebShare, Password and Compositing; Heap buffer overflow in Media Stream API, Bookmark and Angle; Type Confusion in V8; Autofill, wrong security UI in browser UI; Out of range memory access in web serial; Uninitialized use in File API and Policy Bypass in Service Workers.”
A remote attacker can exploit these vulnerabilities by tempting the victim to visit a specially crafted webpage. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a target system. To avoid any fraud, CERT-In requires Google Chrome users to update to version 97.0.4692.71. The mentioned version was rolled out by the tech giant earlier this week and includes several fixes and improvements.
Last week, CERT-In also noted that several vulnerabilities have been reported in Microsoft Windows that could allow a remote attacker to gain elevated privileges on a target system. When combining these vulnerabilities, an attacker can create a direct path to a domain administrator user in an Active Directory environment. This escalation attack allows attackers to easily elevate their privileges to that of a domain administrator after a regular user in the domain has been compromised. This vulnerability exists in Microsoft Windows because of a flaw in Active Directory Domain Services.
,