The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics & Information Technology, has issued a warning about critical vulnerabilities in Google Chrome for desktop and various SAP products. These vulnerabilities could potentially allow attackers to execute arbitrary code or trigger denial of service conditions on targeted systems.
Affected Google Chrome Versions
The vulnerabilities impact Chrome versions prior to 126.0.6478.54 on Linux and versions before 126.0.6478.56/57 on Windows and Mac. CERT-In’s advisory highlights that these vulnerabilities could enable remote attackers to execute arbitrary code by persuading users to visit specially crafted web pages.
Details of Vulnerabilities in Google Chrome
The security flaws in Google Chrome are due to multiple issues, including:
- Type Confusion in V8
- Use After Free in Dawn, V8, BrowserUI, Audio
- Inappropriate Implementation in Dawn, DevTools, Memory Allocator, Downloads
- Heap Buffer Overflow in Tab Groups, Tab Strip
- Policy Bypass in CORS
Affected SAP Products
The advisory also lists several SAP products at risk, including:
- SAP Financial Consolidation
- NetWeaver AS Java (Meta Model Repository)
- NetWeaver AS Java (Guided Procedures)
- NetWeaver and ABAP Platform
- Document Builder (HTTP Service)
- Bank Account Management
These vulnerabilities in SAP products could allow attackers to perform cross-site scripting (XSS), bypass authorization checks, upload malicious files, obtain sensitive information, or cause denial of service conditions.
Recommendations
CERT-In strongly advises users to apply the appropriate security updates recommended by Google and SAP to mitigate the risks associated with these vulnerabilities. Staying updated with security patches is crucial to prevent potential phishing attacks and other cyber threats.
Conclusion
Users of Google Chrome and SAP products are urged to update their software immediately to protect against these critical vulnerabilities. Regular updates and awareness are key to maintaining cybersecurity and safeguarding against potential exploits.
For more detailed information, users should refer to the official CERT-In advisory and follow the prescribed security measures.
