CERT-In identifies numerous bugs in Google Chrome and GitLab
CERT-In warns of vulnerabilities in Google Chrome & GitLab. Google announces Android 15 with enhanced security & updates for Find My Device.
The Indian Computer Emergency Response Team (CERT-In), an organization under the Ministry of Electronics & Information Technology, has recently issued a warning to users regarding multiple vulnerabilities found in Google Chrome and GitLab. These vulnerabilities, if exploited, could potentially allow attackers to gain access to sensitive information, bypass security measures, and cause denial-of-service (DoS) attacks on the targeted systems. According to the advisory, the affected versions of Google Chrome include those before 124.0.6367.118/.119 for Mac and Windows and those before 124.0.6367.118 for Linux. On the other hand, GitLab Community Edition (CE) and Enterprise Edition (EE) versions before 16.11.1, 16.10.4, and 16.9.6 are known to be vulnerable. The CERT-In advisory highlights that these vulnerabilities in Google Chrome could be exploited by remote attackers to execute code and trigger DoS conditions on the targeted systems. These vulnerabilities are attributed to a use-after-free flaw in the Dawn and Picture in Picture components of the browser. In the case of GitLab, the vulnerabilities include an authentication bypass vulnerability, a security restriction bypass flaw, a denial-of-service vulnerability, and a path traversal vulnerability.
These vulnerabilities are a result of improper authentication mechanisms, flaws in handling domain-based restrictions when processing crafted email addresses, and an inefficient regular expression, respectively. CERT-In warns that attackers could exploit these vulnerabilities by luring victims to visit specially crafted websites designed to exploit these flaws. To mitigate the risks associated with these vulnerabilities, users are strongly advised to apply the security updates provided by the respective companies. In other news, Google has announced that it is working on the new Android 15 operating system, which is scheduled to make its debut at the upcoming Google I/O 2024 event. The event, set to take place in May 2024, will showcase the new features of Android 15, with a particular focus on enhancing the security of smartphones, especially in light of the increasing use of artificial intelligence (AI) in mobile devices. Google has also announced updates to its Find My Device feature for Android users. The update includes five new ways to use the platform, which is expected to benefit millions of users. With these new features, Android users will have an easier time tracking and managing their devices, providing them with added peace of mind. Overall, these developments underscore the importance of keeping software up-to-date and being aware of potential security vulnerabilities. Users are encouraged to stay vigilant and apply security patches as soon as they become available to protect against potential cyber threats.
Follow the Hindeez on Google News | |
Follow the Hindeez channel on WhatsApp |