CERT-In finds multiple bugs in Google Chrome, GitLab

New Delhi: The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has warned users about multiple vulnerabilities in Google Chrome and GitLab (an open-core company) that could allow an attacker to Can give permission. Obtain sensitive information, bypass security restrictions, and cause a denial of service (DoS) condition on the targeted system. Affected software includes Chrome versions prior to 124.0.6367.118/.119 for Mac and Windows, and 124.0 for Linux. Chrome versions prior to 6367.118 are included. For GitLab, the affected software includes GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 16.11.1, 16.10.4, and 16.9.6.

“Multiple vulnerabilities have been reported in Google Chrome that could be exploited by a remote attacker to trigger remote code execution and DoS conditions on a targeted system,” the CERT-In advisory said. According to the cyber agency, these vulnerabilities are being exploited by Google. Dawn and Picture in Picture components in Chrome exist due to a use-after-free flaw. On the other hand, several vulnerabilities such as authentication bypass vulnerability, security restriction bypass, and denial of service are due to improper authentication mechanism in GitLab, crafted email address Flaws exist in handling domain-based restrictions when processing, causing path traversal vulnerabilities and an inefficient regularization. expression respectively. As the cyber agency noted, an attacker “could exploit these vulnerabilities by tricking a victim into visiting a specially crafted website.” Suggested applying updates.