Multiple bugs found in Google Chrome, SAP Products by Indian cyber agency

0
49
Chrome's vulnerability was exploited by Lazarus Group via a phoney NFT game
Chrome's vulnerability was exploited by Lazarus Group via a phoney NFT game

Multiple vulnerabilities have been reported in Google Chrome that could allow a remote attacker to execute arbitrary code on the targeted system.

Google Chrome desktop versions before 126.0.6478.54 for Linux and versions before 126.0.6478.56/57 for Windows and Mac are vulnerable. Software related to SAP products affected includes SAP Financial Consolidation, NetWeaver AS Java (Guided Procedures), NetWeaver AS Java (Meta Model Repository), NetWeaver and ABAP platforms, Document Builder (HTTP service), and Bank Account Management.

CERT-In’s advisory states, “Multiple vulnerabilities have been reported in Google Chrome that could allow a remote attacker to execute arbitrary code on the targeted system.” Type Confusion in V8, use after free in Dawn, V8, BrowserUI, and Audio; inappropriate implementation in Dawn, DevTools, Memory Allocator, and Downloads; heap buffer overflow in Tab Groups and Tab Strip; and Policy Bypass in CORS are the causes of these Google Chrome bugs. By persuading users to visit specially designed websites, attackers could take advantage of these vulnerabilities.

Vulnerabilities in SAP products could allow attackers to upload files without authorization, execute cross-site scripting (XSS), get sensitive data, bypass authorization checks, or cause denial of service circumstances.

To defend against these vulnerabilities and steer clear of phishing attacks, CERT-In advises users to install the required security upgrades supplied by the organizations.

Also readThe future of retail is all about tech-driven personalization and convenience, says Amit Kriplani, CTO at ace turtle

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.