Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Vulnerabilities were also found due to insufficient authentication or untrusted input in version 8, open source Java scripts and the web assembly core, and insufficient policy enforcement in the extension API.
According to the Computer Emergency Response Team (CERT-In), some versions of Chrome for desktop users may be vulnerable to several vulnerabilities. The team noted on Monday that versions prior to 105.0.5195.52 may be vulnerable.
CERT-In reported that vulnerabilities exist after free in network service, webSOL, layout, phonehub, browser tag, tab bar, split screen, passwords, login flow buffer overflow on screenshot, WebUI, Exosphere and Window manager, improper implementation on web isolation, Chrome OS lock screen, pointer lock and sandbox frame.
Vulnerabilities were also found due to insufficient authentication or untrusted input in version 8, the open source Java script and web build tool, and insufficient policy enforcement in the extension API.
Attackers can exploit these vulnerabilities to run arbitrary code on affected systems, compromising their security.
CERT-In also published notes on a security flaw that was discovered in Google Chrome.
This critical vulnerability was discovered to exist due to insufficient data validation in Mojo and could be exploited by remote attackers by executing a specially crafted request.
CERT-In noted that this vulnerability could be exploited by attackers to bypass security restrictions on affected systems, thereby compromising their security.
Google also announced the vulnerability on its blog and said that the stable channel has been updated to version 105.0.5195.102 and will be released to the public in the coming days.
The security bypass vulnerability was first shared by Google on September 2 after it was brought to the attention of an anonymous user.
This is the second time this month that CERT-In has published notes on vulnerabilities in Google Chrome. Previously, several vulnerabilities were discovered in Google Chrome OS that could be used by attackers to execute arbitrary code or cause a denial of service.
