CERT-In Alerts on Critical Vulnerabilities in Google Chrome and SAP Products

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics & Information Technology, has issued a warning regarding critical vulnerabilities found in Google Chrome for desktops and various SAP products. These vulnerabilities pose significant risks, potentially allowing attackers to execute arbitrary code or cause denial of service (DoS) conditions on affected systems.

Google Chrome Vulnerabilities

The vulnerabilities in Google Chrome are primarily due to several critical issues:

  • Type Confusion in V8: This can lead to unintended behaviour or crashes.
  • Use After Free in Dawn, V8, BrowserUI, and Audio: These issues arise when a program tries to use memory after it has been freed, potentially leading to arbitrary code execution.
  • Inappropriate Implementation in Dawn, DevTools, Memory Allocator, and Downloads: These flaws could lead to unexpected behaviour or security bypass.
  • Heap Buffer Overflow in Tab Groups and Tab Strip: This can cause data corruption or allow attackers to execute arbitrary code.
  • Policy Bypass in CORS (Cross-Origin Resource Sharing): This could enable malicious cross-origin requests, compromising user data.

These vulnerabilities affect Chrome versions prior to 126.0.6478.54 for Linux and versions before 126.0.6478.56/57 for Windows and Mac. An attacker can exploit these by tricking a user into visiting a specially crafted webpage.

SAP Product Vulnerabilities

The vulnerabilities in SAP products include:

  • SAP Financial Consolidation
  • NetWeaver AS Java (Meta Model Repository and Guided Procedures)
  • NetWeaver and ABAP Platform
  • Document Builder (HTTP Service)
  • Bank Account Management

These vulnerabilities could enable attackers to perform cross-site scripting (XSS), bypass authorization checks, upload malicious files, obtain sensitive information, or induce denial of service conditions.

CERT-In advises users to apply the latest security updates provided by Google and SAP to mitigate these vulnerabilities. Keeping software up to date is crucial in protecting systems from potential exploits and phishing attacks.

The discovery of these vulnerabilities underscores the importance of timely software updates and vigilance against potential cyber threats. Users and administrators are encouraged to stay informed and proactive in applying security patches to safeguard their systems from these critical issues.