Home » News » CERT-In Warns Users: Google Chrome and GitLab Vulnerable to Exploits
The is an advertisement

CERT-In Warns Users: Google Chrome and GitLab Vulnerable to Exploits

In a recent advisory, the Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics & Information Technology, has issued a warning regarding multiple vulnerabilities discovered in Google Chrome and GitLab. These vulnerabilities, if exploited, could potentially allow attackers to gain access to sensitive information, bypass security measures, and trigger denial-of-service (DoS) attacks on targeted systems.

The affected software includes various versions of Google Chrome and GitLab. Specifically, users are urged to take caution if they are running Chrome versions prior to 124.0.6367.118/.119 for Mac and Windows, as well as versions before 124.0.6367.118 for Linux. Similarly, GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 16.11.1, 16.10.4, and 16.9.6 are susceptible to these vulnerabilities.

According to CERT-In, the vulnerabilities present in Google Chrome could potentially lead to remote code execution and DoS conditions. These vulnerabilities stem from flaws in components such as Dawn and Picture in Picture, which are prone to use-after-free errors.

On the GitLab front, the vulnerabilities include an authentication bypass vulnerability, security restriction bypass, and denial of service due to improper authentication mechanisms, handling of domain-based restrictions with crafted email addresses, path traversal vulnerability, and inefficient regular expressions, respectively.

CERT-In warns that attackers could exploit these vulnerabilities by luring victims to visit specially crafted websites designed to trigger the flaws.

As a precautionary measure, users are strongly advised to apply security updates provided by the respective companies. Timely updates can mitigate the risks associated with these vulnerabilities and ensure the security of users’ systems and data.

These advisory underscores the critical importance of maintaining up-to-date software and promptly addressing security vulnerabilities to safeguard against potential cyber threats.

N/A

Leave a Comment