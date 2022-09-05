Some versions of Google Chrome browser may have weak security for desktop users | Photo Credit: Reuters

Some versions of Chrome browser for desktop users may be prone to multiple vulnerabilities, according to Computer Emergency Response Team (CERT-In). The team noted on Monday that versions prior to 105.0.5195.52 could be vulnerable.

CERT-In said vulnerabilities exist after free in network service, webSOL, layout, phonehub, browser tag, tab strip, splitscreen, passwords, sign-In flow heap buffer overflow in screen capture, WebUI, Exosphere and Window manager, inappropriate implementation in site isolation, Chrome OS lockscreen, pointer lock and frame sandbox.

Vulnerabilities have also been detected due to insufficient validation or untrusted input in v8, an open source Java script and web assembly engine, and insufficient policy enforcement in extensions API.

Attackers can exploit these vulnerabilities to execute arbitrary code on affected systems, thereby compromising their security.

CERT-In also released notes for a security bypass vulnerability detected in Google Chrome.

The high severity vulnerability has been found to exist due to insufficient data validation in Mojo and can be exploited by remote attackers by executing a specially crafted request.

CERT-In noted that the vulnerability can be exploited by attackers to bypass security restrictions on affected systems, thereby compromising their safety.

Google in a blog also reported the vulnerability, stating that the stable channel has been updated to version 105.0.5195.102 and will be released for the public in the coming days.

The security bypass vulnerability was first shared by Google on September 2 after an anonymous user brought it to notice.

This is the second time this month that CERT-In has released notes for vulnerabilities in Google Chrome. Earlier, multiple vulnerabilities were detected in Google Chrome OS that could be used by attackers to execute arbitrary codes or cause denial of services.