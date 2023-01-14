



Throughout the week, CERT-In released vulnerability notes for security bugs in Google’s Chrome, Chrome OS, Windows, and Adobe products. | | Photo credit: Getty Images

Google Chrome and ChromeOS

Multiple high-severity security bugs have been detected in Google Chrome and Chrome OS. A remote attacker could exploit them to bypass security restrictions, access user information, execute arbitrary code, or cause a denial of service on the targeted system.

CERT-In (Indian Computer Emergency Response Team) stated in its vulnerability note that a summary mode flaw, improper implementation of the fullscreen API, insufficient validation of untrusted input when downloading, and inadequate policies resulted in , shared that a bug exists in Google Chrome. Enforcement with CORS.

Exploiting these bugs in Google Chrome could allow an attacker to target Mac, Linux, and Windows users with the software.

Chrome OS found a security bug in the Mojo IPC and Blink Media components. An attacker could also exploit these vulnerabilities by enticing a victim to visit her specially crafted website.

Vulnerabilities in Google Chrome and Chrome OS have been fixed in security updates released over the course of the week.

adobe products

A high-severity security bug has been detected in multiple Adobe products affecting Windows and macOS users.

A security bug reported by Adobe could allow an attacker to execute arbitrary code, cause a memory leak, elevate privileges, and even cause a denial of service on the target system.

CERT-In states in its vulnerability notes that bugs are caused by out-of-bounds read and write errors, use-after-free errors, stack-based buffer overflows, heap-based buffer overflows, integer overflows or wraparounds, and null pointer issues. shared that exists. Dereferencing, violating safe design principles, and improper input validation.

Adobe has released software updates that fix security bugs. Users are advised to update their software to avoid exploits.

microsoft windows

Over the course of the week, multiple vulnerabilities have been discovered in various components of Microsoft’s Windows 32-bit and 64-bit systems.

These vulnerabilities were found to allow attackers to bypass security restrictions, gain elevated privileges, and execute arbitrary code on the targeted system.

According to a vulnerability note shared by CERT-In, these bugs existed in Windows Cryptographic Services, Advanced Local Procedure Calls, Secure Socket Tunneling, and Windows Layer 2 Tunneling Protocol.

A security bug was found to exist in MS Windows Cryptographic Services due to the application not enforcing security restrictions, while it existed in Secure Socket Tunneling due to a race condition. However, Windows Layer 2 Tunneling had bugs due to component flaws.

CERT-In also allows attackers to take advantage of these vulnerabilities in Windows to send specially crafted requests to the target system or to send maliciously crafted connection requests to the RAS server. I have shared what is possible.

Windows releases security updates that contain bug fixes for vulnerabilities and users are encouraged to update their software.

