Bug fixes this week | Vulnerabilities in Google, Microsoft, and Adobe products fixed

Multiple security bugs were detected in Google’s Chrome, Chrome OS, Windows and Adobe products by CERT-In 

Updated - January 28, 2023 03:49 pm IST

Published - January 14, 2023 04:53 pm IST

CERT-In through the week released vulnerability notes for security bugs in Google’s Chrome, Chrome OS, Windows and Adobe products.

CERT-In through the week released vulnerability notes for security bugs in Google’s Chrome, Chrome OS, Windows and Adobe products. | Photo Credit: Getty Images

Google Chrome and Chrome OS

Multiple security bugs with high severity ratings were detected in Google Chrome and Chrome OS which could be exploited by remote attackers to bypass security restrictions, access user information, execute arbitrary code, or cause denial-of-service on the targeted systems.

(For insights on emerging themes at the intersection of technology, business, and policy, subscribe to our tech newsletter Today’s Cache.)

CERT-In, (Indian Computer Emergency Response Team), in its vulnerability notes shared that the bugs existed in Google Chrome due to flaws in Overview Mode, inappropriate implementation of full-screen API, insufficient validation of untrusted input in download, and insufficient policy enforcement in CORS.

The exploitation of these bugs in Google Chrome could allow attackers to target the software for Mac, Linux, and Windows users.

In Chrome OS security bugs were detected in Mojo IPC and Blink Media components. And attackers could exploit these vulnerabilities by persuading victims to visit specially crafted websites.

Vulnerabilities in Google Chrome and Chrome OS have been fixed with security updates released over the week.

Adobe products

High-severity security bugs were detected in multiple Adobe products affecting Windows and macOS users.

The security bugs reported in Adobe could allow attackers to execute arbitrary codes, cause memory leaks, gain elevated privileges and even cause denial-of-services on targeted systems.

CERT-In in its vulnerability notes shared that the bugs existed due to problems in Out-of-bounds Read and Write errors, Use after Free errors, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Overflow or Wraparound, NULL Pointer Dereference, Violation of Secure Design Principles and Improper Input Validation.

Adobe has released software updates fixing the security bugs recommending users update their software to avoid exploitation.

Microsoft Windows

Multiple vulnerabilities in different components of Microsoft’s Windows 32- and 64-bit systems were detected over the week.

These vulnerabilities were found to allow attackers to bypass security restrictions, gain elevated privileges, and execute arbitrary codes on the targeted systems.

According to vulnerability notes shared by CERT-In, these bugs existed in Windows Cryptographic Services, Advanced Local Procedure Call, Secure Socket Tunneling, and Windows Layer 2 Tunneling Protocol.

In MS Windows cryptographic services, the security bug was found to exist due to the application not enforcing security restrictions, while in secure socket tunneling it existed due to a race condition. In Windows layer 2 tunneling, however, the bug existed due to a flaw in the component.

CERT-In also shared that these vulnerabilities in Windows could be exploited by attackers by sending specially crafted requests to targeted systems or by sending a maliciously crafted connection request to a RAS server.

Windows has released security updates with bug fixes for the vulnerabilities and users are advised to update their software.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.