Multiple threats affecting user security detected in Google Chrome and Zoom

Both Google and Zoom have released updates fixing the vulnerabilities

September 19, 2022 04:57 pm | Updated 04:58 pm IST

A file photo of the white Google logo

A file photo of the white Google logo | Photo Credit: AP

The Computer Emergency Response Team (CERT-In) on Friday released notes for vulnerabilities affecting Google Chrome’s desktop version for Mac and Linux users.

CERT-In also released notes for vulnerabilities detected in Zoom products on Monday. These vulnerabilities have been detected in Zoom’s on-premise meeting connector and can be exploited by attackers to access audio and video feed of meetings, while staying invisible to participants in the meeting.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

In Google Chrome

The vulnerabilities detected in Google Chrome can be exploited remotely by attackers to bypass security restrictions, execute arbitrary codes and cause denial of service on the targeted systems. 

CERT-In noted that the vulnerabilities in Chrome’s desktop version exist due to use after free in PDF and frames, and out of bounds write in storage, in which a program starts writing outside the bounds of allocated memory. Vulnerabilities also exist due to heap buffer overflow, where a chunk of memory is allocated to the heap and data is written out of bounds, affecting the overall memory of the system, in internals and insufficient validation of untrusted input in developer tools. 

The vulnerabilities could be exploited by remote attackers by persuading users to visit specially crafted websites. 

Google on Wednesday noted that six of the vulnerabilities had been brought to notice by external researchers. Google also stated that its latest security update included fixes for 11 vulnerabilities found to be affecting Chrome for Mac and Linux users.  

In Zoom products

CERT-In reported vulnerabilities rated in the medium severity category. 

The vulnerabilities can be exploited by a remote attacker to join meetings they are authorised to join without appearing to other participants. This could enable them to obtain video and audio feed of meetings they were not authorised to join, and even disrupt targeted meetings. 

The vulnerabilities have been found to affect Zoom on-premise meeting connectors. They exist due to improper access and control implementation. 

Zoom on its website, noted that the vulnerability was first reported by its offensive security team. It released updates fixing it. 

Top News Today

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.