The Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics & Information Technology, has issued a warning regarding several vulnerabilities in Google Chrome OS and GitLab. These vulnerabilities could potentially allow an attacker to execute arbitrary code on the targeted system. The affected software includes the LTS channel for Google ChromeOS versions prior to 120.0.6099.315.
On the other hand, the affected software in GitLab includes GitLab Community Edition (CE) versions prior to 17.1.1, 17.0.3, and 16.11.5, and GitLab Enterprise Edition (EE) versions prior to 17.1.1, 17.0.3, and 16.11.5.
"Multiple vulnerabilities have been reported in the LTS channel for ChromeOS which could be exploited by an attacker to execute arbitrary code on the targeted system," said the CERT-In advisory.
According to the cyber agency, Google Chrome OS has vulnerabilities such as heap buffer overflow in WebRTC and use-after-free in Media Session. These vulnerabilities could be exploited by an attacker who persuades a victim to visit a specially crafted web page. Additionally, vulnerabilities in GitLab were reported to exist in various components of both GitLab Community Edition (CE) and Enterprise Edition (EE).
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, access sensitive information, cause cross-site scripting, bypass security restrictions, and create a denial of service condition on the targeted system, according to the cyber agency.
CERT-In has recommended that users apply appropriate security updates as suggested by the companies.
Meanwhile, in May 2024, WhatsApp, a messaging platform owned by Meta, reported that it had banned over 6.6 million accounts in India for violating local laws. Out of these banned accounts, 1.25 million were blocked proactively, without any user reports, according to a statement from the company.
ALSO READ: UPI transactions skyrocket 49 per cent per year, reaching 13.89 billion in June 2024
Inputs from IANS
