CERT-In, an Indian Computer Emergency Response Team, a wing of the Ministry of Electronic and Information Technology, has reported multiple vulnerabilities discovered by them on Google Chrome and GitLab, a product company with an open-core business model.
This reveals that these security vulnerabilities can enable attackers to obtain sensitive information, bypass the security restrictions on the targets, and cause DoS (denial of service) conditions on the targets’ systems.
Being listed in the vulnerability if described as CVE-2022-3844, users of Linux, Mac, and Windows versions of Chrome before would also be affected by versions 124.0.6367.118/.119. While the case for GitLab stands for Community Edition (CE) and Enterprise Edition (EE) versions, it comprises those specifically before versions 16.11.1, 16.10.4, and 16.9.6, respectively.
As per CERT-In’s advisory, the protect vulnerabilities in Google Chrome are related to the use-after-free flaw in Dawn and Picture-in-Picture components that can enable the remote attacker to execute remote code and DoS conditions by triggering them in a remote way.
On the other hand, there is also a list of GitLab vulnerabilities, such as improper authentication mechanisms, domain-based addresses handled incorrectly, a vulnerability due to path traversal, and poor regular expression processing. These troubles make it possible for goods purporting to authenticate to bypass security restrictions and even attack services.
The security agency has said that an assailant may manipulate them by delivering a website made for this purpose. CERT-In has exhorted the users to diligently check their Google and GitLab security updates since that is the key to neutralizing probable risks.
This shows that security should be prioritized since programs and systems’ vulnerabilities may become cyber threat entry points. The immediate response of technology companies and users is necessary for the robust protection of the digital environment by preventing sensitive data leakages into the wrong hands and, ultimately, the safety of data.