Government warns against multiple vulnerabilities in Google Chrome OS: Details

Google Chrome OS has multiple vulnerabilities that can allow hackers to cause a denial-of-service attack on the victim’s chromebook. The Indian Computer Emergency Response Team (CERT-In) has spotted multiple vulnerabilities in Google ChromeOS LTS channel version prior to 96.0.4664.219.

What does the warning say?

The agency works under the aegis of the IT Ministry. In its advisory, it says that “multiple vulnerabilities have been reported in Google ChromeOS which could allow a remote attacker to execute arbitrary cc cause a denial-of-service condition on the targeted system”.

It says that these vulnerabilities exist in Google ChromeOS due to Use after free in Blink, Browser Creation, WebUI, Managed devices A Chrome OS Shell, Sign-In Flow, Extensions & Extensions API, Insufficient policy enforcement in Cookies, Inappropriate implementation in Extensions API, Heap buffer overflow in PDF and Side-channel information leakage in Keyboard input. A remote attacker can exploit these vulnerabilities by sending a specially crafted request on the targeted system, it further adds.

The vulnerability is marked with a high severity rating by CERT-In.

What are the devices impacted?

According to the advisory, software affected by the bug are Google ChromeOS LTS channel version prior to 96.0.4664.219 (platform Version: 14268.104.0). Chromebook users are advised to update to the latest Google ChromeOS LTS channel version as mentioned by the vendor.

Earlier this week, CERT-In cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices’ security systems. The advisory said that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system. “These vulnerabilities exist in Mozilla Firefox due to abuse of XSLT error handling, cross-origin iframe referencing an XSLT document… that results in a use-after-free error and memory safety bugs within the browser engine,” the cyber agency said.

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Post your comment

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.