Skip to content

CERT-In finds vulnerabilities in Google Chrome, SAP Products

  • by
  • 2 min read

The Indian Computer Emergency Response Team (CERT-In) issued a warning about major vulnerabilities found in Google Chrome for desktop and SAP Products, which enables an attacker to run an arbitrary code or cause the target system to have a denial of service (DoS) condition.

MeitY’s CERT-In stated that the vulnerabilities present in Google Chrome are due to Type Confusion in V8, use after free in Dawn, V8, BrowserUI, and Audio, improper implementation in Dawn, DevTools, Memory Allocator, Downloads alongwith heap buffer overflow in Tab Groups, Tab Strip and Policy Bypass in CORS.

The affected software in desktop Google Chrome includes versions before 126.0.6478.54 for Linux and Chrome versions preceding 126.0.6478.56/57 for Mac and Windows.

In addition to Google Chrome, SAP Products that were affected include SAP Financial Consolidation, Document Builder (HTTP service), Bank Account Management, NetWeaver AS Java (Meta Model Repository), NetWeaver AS Java (Guided Procedures), NetWeaver and ABAP platform, and many more.

The flaws reported in SAP Products enable attackers to perform cross-site scripting (XSS), missing authorisation checks, upload files, attain sensitive information or cause a DoS condition on the target systems.

A remote attacker has the ability to exploit the mentioned vulnerabilities if a victim or target is persuaded to visit a particular crafted webpage. The Indian cyber agency suggested users to apply the appropriate security updates recommended by companies to avoid phishing attacks.

The computer emergency response team, which reports on security incidents in the Indian cyber community, had recently issued a high severity alert on significant vulnerabilities found in Apple’s Vision Pro running on a visionOS version prior to 1.2.

The Vision Pro flaws allowed attackers to run arbitrary codes, similar to Google Chrome and SAP Products, but with kernel privileges, trigger spontaneous termination of an app, bypass kernel memory protections and security restrictions, cause DoS conditions, obtain sensitive information and have increased privileges on the targeted system.

In response to the vulnerabilities, Apple released a software update for the Vision Pro which CERT-In advised all users to update to, for the prevention of potential exploits and security reasons.

In the News: Google rolls out ‘Listen to this page’ TTS feature in Chrome for Android

Arun Maity

Arun Maity

Arun Maity is a journalist from Kolkata who graduated from the Asian College of Journalism. He has an avid interest in music, videogames and anime. When he's not working, you can find him practicing and recording his drum covers, watching anime or playing games. You can contact him here: arunmaity23@proton.me

>