Multiple high-severity vulnerabilities were reported in some versions of Android and Chrome OS. Computer Emergency Response (CERT-In) has released vulnerability notes recommending users update their devices with the latest version with fixes.
Security bugs in Android could be exploited by an attacker to elevate their privileges thereby gaining access to sensitive information on affected devices. They can also lead to denial of service on affected devices.
These vulnerabilities exist due to flaws in the software’s framework. They were detected in the media framework, system kernel and kernel components. Security bugs were also detected in Imagination technologies components, MediaTek components, UNISOC components, Qualcomm components and closed source components.
Details of the security bugs were also shared by Android in their security bulletin while requesting users to update their software. CERT-In’s report flagged Android OS versions 10, 11, 12, 12L and 13 for these security bugs.
Google Chrome OS
Security bugs in Chrome OS were exploited by bypassing security restrictions, which executed arbitrary code and caused denial of services on affected systems. CERT-In stated that these bugs could be exploited by sending specially crafted requests.
The security flaws were found after using free network service like WebSQL, Sign-In Flow, Input and SplitScreen.
Also read: Google Maps gets improved live view and eco-friendly routing in the latest update
Bugs were also reported to exist due to inappropriate implementation in site Isolation and Chrome OS lockscreen; heap buffer overflow in internals, screen capture, exosphere, Ash and WebUI. Insufficient validation of untrusted input in DevTools was also found to exist.
Google has released long term channel updates to fix these security bugs, which were reported in Chrome OS LTS channel versions prior to 102.