The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has issued a warning for Google Chrome users. It has notified multiple vulnerabilities in Google Chrome that could allow remote attackers to execute arbitrary code and bypass security restrictions on targeted systems.
No, not all users of Google Chrome are affected by the vulnerability. As per the advisory, Google Chrome users running versions prior to Google Chrome 104.0.5112.101 are at the risk. If you are running an old version of Google Chrome, it is advised to update the browser version on your laptop.
What does the warning say?
In its warning, CERT-In says that multiple vulnerabilities have been detected in Google Chrome browser “which could allow a remote attacker to execute arbitrary code and security restriction bypass on the targeted system.”
“These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-in Flow, Chrome OS Shell; Heap buffer overflow in downloads, insufficient validation of untrusted input in intents, insufficient policy enforcement in Cookies and inappropriate implementation in extensions API,” it further adds.
The vulnerability (CVE-2022-2856) is being exploited in the wild. Users are advised to apply patches urgently, the advisory says.
Earlier this week, CERT-In issued an advisory for Apple users, warning them against a vulnerability existing in iOS and iPadOS version prior to 15.6.1, and macOS Monterey version prior to 12.5.1. In its warning, the central organization said that it could allow a remote attacker to exploit vulnerabilities by enticing a victim to open a specially-crafted file.
Apple has also disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices. The company said it is “aware of a report that this issue may have been actively exploited”, and has asked its users to update their software. Apple did not disclose whether it had information regarding the extent to which the issue has been exploited. The Cupertino-based company has already released two security reports about the issue.