CERT-In finds multiple bugs in Google Chrome, GitLab

New Delhi: The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has warned users about several vulnerabilities in Google Chrome and GitLab (an open-core company) that could allow an attacker to Can give. Obtain sensitive information, bypass security restrictions, and cause a denial of service (DoS) condition on the targeted system. Affected software includes Chrome versions before 124.0.6367.118/.119 for Mac and Windows, and Chrome versions before 124.0.6367.118 for Linux.

For GitLab, the affected software includes GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 16.11.1, 16.10.4, and 16.9.6. “Multiple vulnerabilities have been reported in Google Chrome that can be exploited by a remote attacker to trigger remote code execution and DoS conditions on a targeted system,” the CERT-In advisory said. According to the cyber agency, these vulnerabilities exist due to a use-after-free flaw in the Dawn and Picture in Picture components in Google Chrome.

On the other hand, several vulnerabilities such as authentication bypass vulnerability, security restriction bypass, and denial of service are found in GitLab due to improper authentication mechanisms, flaws in handling domain-based restrictions when processing crafted email addresses, path traversal vulnerability, and an inefficient regularization. Reasons exist. expression respectively. As the cyber agency noted, an attacker could “exploit these vulnerabilities by tricking a victim into visiting a specially crafted website.” The agency suggested users to apply appropriate security updates as advised by the companies.