Govt warns against critical bugs in Google Chrome: How to safeguard yourself
Indian government has issued a warning to all Google Chrome users against critical bugs in Google’s web browser. The government’s Indian Computer Emergency Response Team (CERT-In), in a blog post on its platform has cautioned against critical vulnerabilities in Chrome that can be exploited by a hacker remotely to gain access to a user’s sensitive information.
“Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to execute arbitrary code and gain access to sensitive information on the targeted system,” CERT-In wrote in its blog post.
The government agency said that multiple vulnerabilities in Google Chrome exist due to ‘Use after free in WebTransport, WebRTC and GuestView and Type Confusion error in ServiceWorker API.’ The agency says that this vulnerability can be used by a remote attacker to persuade a victim to visit a specially crafted web page.
“Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code in the context of the logged-in user and gain access to sensitive information on the targeted system,” the agency added.
Google in a support page for Chrome said that these bugs pertain to four CVEs, which includes CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474, some of which have been listed as highly sensitive by the company, while others have been listed to be of medium sensitivity. In the same support page, the company said that it will be rolling out Chrome version 109.0.5414.119 on Mac and Linux and version 109.0.5414.119/.120 on Windows in the coming weeks that will completely fix these bugs.
Bug in Samsung’s Galaxy Store app
In a separate post, CERT-In has cautioned Samsung device users against two vulnerabilities in all versions of the Samsung Galaxy Store app prior to the version 4.5.49.8 of the app. The vulnerability that has been listed as ‘high’ by the agency can allow a local attacker to install unwanted app or execute arbitrary code on the targeted device.
The first vulnerability pertains to CVE-2023-21433 and it exists due to a ‘flow in exported activity which does not handle incoming intents in a saf manner’. CERT-In says that this bug can be exploited by an attacker by sending a specially-crafted request and it could allow the local attacker to install applications from the Galaxy App Store without the users’ knowledge on the targeted device. Good news is that this vulnerability does not affect devices running the Android 13 OS. This means that only Samsung devices running up to Android 12 are susceptible to this bug.
The other bug pertains to the vulnerability with CVE-2023-21434 and it exists due to incorrectly configured filter in webview. This vulnerability can let an attacker to bypass Samsung’s URL filter and launch a webview to an attacker-controlled domain.
Samsung device users can protect themselves from these bugs by downloading the version 4.5.49.8 of the Samsung’s Galaxy Store app on their devices.
The post Govt warns against critical bugs in Google Chrome: How to safeguard yourself appeared first on BGR India.
Indian government has issued a warning to all Google Chrome users against critical bugs in Google’s web browser. The government’s Indian Computer Emergency Response Team (CERT-In), in a blog post on its platform has cautioned against critical vulnerabilities in Chrome that can be exploited by a hacker remotely to gain access to a user’s sensitive information.
“Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to execute arbitrary code and gain access to sensitive information on the targeted system,” CERT-In wrote in its blog post.
The government agency said that multiple vulnerabilities in Google Chrome exist due to ‘Use after free in WebTransport, WebRTC and GuestView and Type Confusion error in ServiceWorker API.’ The agency says that this vulnerability can be used by a remote attacker to persuade a victim to visit a specially crafted web page.
“Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code in the context of the logged-in user and gain access to sensitive information on the targeted system,” the agency added.
Google in a support page for Chrome said that these bugs pertain to four CVEs, which includes CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474, some of which have been listed as highly sensitive by the company, while others have been listed to be of medium sensitivity. In the same support page, the company said that it will be rolling out Chrome version 109.0.5414.119 on Mac and Linux and version 109.0.5414.119/.120 on Windows in the coming weeks that will completely fix these bugs.
Bug in Samsung’s Galaxy Store app
In a separate post, CERT-In has cautioned Samsung device users against two vulnerabilities in all versions of the Samsung Galaxy Store app prior to the version 4.5.49.8 of the app. The vulnerability that has been listed as ‘high’ by the agency can allow a local attacker to install unwanted app or execute arbitrary code on the targeted device.
The first vulnerability pertains to CVE-2023-21433 and it exists due to a ‘flow in exported activity which does not handle incoming intents in a saf manner’. CERT-In says that this bug can be exploited by an attacker by sending a specially-crafted request and it could allow the local attacker to install applications from the Galaxy App Store without the users’ knowledge on the targeted device. Good news is that this vulnerability does not affect devices running the Android 13 OS. This means that only Samsung devices running up to Android 12 are susceptible to this bug.
The other bug pertains to the vulnerability with CVE-2023-21434 and it exists due to incorrectly configured filter in webview. This vulnerability can let an attacker to bypass Samsung’s URL filter and launch a webview to an attacker-controlled domain.
Samsung device users can protect themselves from these bugs by downloading the version 4.5.49.8 of the Samsung’s Galaxy Store app on their devices.
The post Govt warns against critical bugs in Google Chrome: How to safeguard yourself appeared first on BGR India.
