The Centre has discovered numerous vulnerabilities in Google Chrome that could allow remote attackers to circumvent security protections on target systems. The alert was sent out by the Indian Computer Emergency Response Team (CERT-In), a division of the Ministry of Electronics and Information Technology.
The warning comes in response to a CERT-In advisory that cautioned Apple users about a vulnerability in older releases of iOS, iPad, and macOS Monterey (formerly 15.6.1 and 12.5.1, respectively). The central organization issued a warning, saying that tricking a victim into opening a file intended to exploit a vulnerability would allow a remote attacker to benefit from it.
Apple, Google’s biggest rival, has lately discovered security holes that might allow hackers to take control of Macs, iPads, and iPhones. Since the company was “aware of a report that this flaw may have been actively exploited,” it advised customers to upgrade their software. The Cupertino-based tech company released two security assessments, but it did not specify if it was aware of the extent of the exploits.
The issue does not affect all Google Chrome users. According to the Center, users of Google Chrome who are running older versions than Google Chrome 104.0.5112.101 are in danger. The authorities advise Google Chrome users who are using an earlier version to update their browser.
According to CERT-warning, In’s “which might allow a remote attacker to execute arbitrary code and security restriction bypass on the targeted machine,” numerous vulnerabilities in the Google Chrome browser have been discovered.
These flaws occur in Google Chrome because of use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-in Flow, and Chrome OS Shell. They include memory buffer overflow in downloads, insufficient intent validation of untrusted input, insufficient cookie policy enforcement, and unsuitable extensions API implementation.
The alert also noted that the vulnerability (CVE-2022-2856) was being leveraged in the wild. According to CERT-In, users are recommended to deploy upgrades as soon as possible.
