Yazılar

CERT-In Warns: Google Chrome Vulnerabilities May Let Hackers Gain System Access

/in /tarafından

CERT-In Alerts Users to Critical Google Chrome Security Vulnerabilities

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory warning users about multiple security flaws identified in Google Chrome for Desktop. These vulnerabilities, if exploited, could expose users to significant cyber threats. The national cybersecurity agency urged all users and organisations to immediately update to the latest version of Google Chrome across Windows, macOS, and Linux platforms to ensure protection. According to the advisory, users running outdated versions of the browser are at heightened risk.

In its vulnerability note, CIVN-2025-0099, published on May 16, CERT-In detailed the nature and severity of the issues, assigning them a “high” severity rating. The affected versions include Chrome for Desktop prior to version 136.0.7103.113 for Mac and Linux, and 136.0.7103.114 for Windows systems. These flaws could potentially be exploited by attackers to execute unauthorized actions on a user’s system.

Among the vulnerabilities, CVE-2025-4664 involves insufficient policy enforcement in Chrome’s Loader component, which could allow attackers to leak cross-origin data through a specially crafted HTML page. Another flaw, CVE-2025-4609, relates to the improper handling of operations within Mojo, Chrome’s inter-process communication system. Exploiting these weaknesses would typically require the attacker to trick users into visiting a malicious website, making social engineering a key part of the attack strategy.

Google acknowledged the issues and released security patches on May 14 to address four identified flaws. The company credited two independent security researchers for uncovering the vulnerabilities, as noted in CERT-In’s advisory. Users are strongly advised to update their browsers without delay, as continued use of unpatched versions could leave systems exposed to malicious exploitation.

CERT-In Alerts Apple Users to Critical Security Vulnerabilities

/in /tarafından

CERT-In Issues Warning Over Critical Security Vulnerabilities in Apple Devices

The Indian Computer Emergency Response Team (CERT-In) has issued a significant security alert for Apple users following the discovery of multiple vulnerabilities in several Apple devices, including iPads, Macs, and iPhones. The warning, which was issued this week, highlights potential risks within the operating systems that power a wide range of Apple products. If exploited, these vulnerabilities could lead to unauthorized access to sensitive information, allowing attackers to compromise systems and perform a variety of malicious actions.

Security Risks in Apple Products

In its advisory dated January 28, CERT-In detailed several high-risk vulnerabilities that affect a wide range of Apple products. The flaws could allow attackers to execute arbitrary code, bypass security measures, manipulate data, and even escalate privileges on affected devices. Specific risks include denial of service (DoS) conditions, bypassing authentication protocols, and executing spoofing attacks. These vulnerabilities could significantly impact the privacy and functionality of the devices.

Affected Versions and Devices

The advisory identifies a number of Apple products that are susceptible to these vulnerabilities. The list includes several versions of macOS, including macOS Sequoia (prior to 15.3), macOS Sonoma (prior to 14.7.3), and macOS Ventura (prior to 13.7.3). Additionally, iPadOS (prior to 17.7.4), iOS, tvOS, and visionOS (prior to 18.3) are all impacted by these flaws. Apple’s Safari browser and watchOS (prior to 11.3) are also affected. CERT-In rates these vulnerabilities as “high risk,” urging Apple users to take immediate action to safeguard their devices.

Root Causes and Exploited Vulnerabilities

The vulnerabilities have been traced back to several technical issues such as null pointer dereference, type confusion errors, and use-after-free errors. Other issues include problems related to file handling, input validation, and the handling of user-sensitive data. Of particular concern is CVE-2025-24085, a critical vulnerability that is actively being exploited in the wild. This flaw affects devices running older versions of iOS, iPadOS, and macOS, making it especially important for users of older devices to update their software.

CERT-In’s Recommendations

To mitigate these risks, CERT-In strongly advises all Apple users to update their devices to the latest software versions. This follows a recent release from Apple, which issued an update aimed at patching many of these vulnerabilities. Apple has taken steps to address these issues, but it’s crucial that users stay proactive by applying security updates promptly. This advisory serves as a reminder of the importance of keeping devices up to date to prevent potential breaches and data compromises.

CERT-In Alerts Users to Critical Vulnerabilities Across Multiple Versions of Microsoft Windows OS

/in /tarafından

CERT-In Highlights Lack of Available Security Patches for Identified Vulnerabilities Devamını Oku