Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology has cautioned Google Chrome browser after it detected multiple vulnerabilities “which could allow a remote attacker to execute arbitrary code and security restriction bypass on the targeted system.”
As per the advisory, Google Chrome users running versions prior to Google Chrome 104.0.5112.101 are at the risk. If you are running an old version of Google Chrome, it is advised to update the browser version on your laptop.
“These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-in Flow, Chrome OS Shell; Heap buffer overflow in downloads, insufficient validation of untrusted input in intents, insufficient policy enforcement in Cookies, and inappropriate implementation in extensions API,” the advisory said.
The vulnerability (CVE-2022-2856) is being exploited in the wild. Users are advised to apply patches urgently, the advisory says.
Earlier, CERT-In issued an advisory for Apple users, warning them against a vulnerability existing in iOS and iPadOS versions prior to 15.6.1, and macOS Monterey versions prior to 12.5.1. In its warning, the central organization said that it could allow a remote attacker to exploit vulnerabilities by enticing a victim to open a specially-crafted file.
Apple has also disclosed serious security vulnerabilities for iPhones, iPads, and Macs that could potentially allow attackers to take complete control of these devices.
The company said it is aware of a report that this issue may have been actively exploited”,
The company asked its users to update their software. Apple did not disclose whether it had information regarding the extent to which the issue has been exploited. The Cupertino-based company has already released two security reports about the issue.