Government warns against multiple vulnerabilities in Google Chrome OS: Details

What does the warning say?

The agency works under the aegis of the IT Ministry. In its advisory, it says that “multiple vulnerabilities have been reported in Google ChromeOS which could allow a remote attacker to execute arbitrary cc cause a denial-of-service condition on the targeted system”.

It says that these vulnerabilities exist in Google ChromeOS due to Use after free in Blink, Browser Creation, WebUI, Managed devices A Chrome OS Shell, Sign-In Flow, Extensions & Extensions API, Insufficient policy enforcement in Cookies, Inappropriate implementation in Extensions API, Heap buffer overflow in PDF and Side-channel information leakage in Keyboard input. A remote attacker can exploit these vulnerabilities by sending a specially crafted request on the targeted system, it further adds.

The vulnerability is marked with a high severity rating by CERT-In.

What are the devices impacted?

According to the advisory, software affected by the bug are Google ChromeOS LTS channel version prior to 96.0.4664.219 (platform Version: 14268.104.0). Chromebook users are advised to update to the latest Google ChromeOS LTS channel version as mentioned by the vendor.

Earlier this week, CERT-In cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices’ security systems. The advisory said that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system. “These vulnerabilities exist in Mozilla Firefox due to abuse of XSLT error handling, cross-origin iframe referencing an XSLT document… that results in a use-after-free error and memory safety bugs within the browser engine,” the cyber agency said.

Post your comment
First article