The Indian cyber security watchdog, CERT-In, has identified “numerous vulnerabilities” within the widely-used Google Chrome operating system (OS), enabling potential security bypass on the targeted system. In an advisory addressing the issue, CERT-In noted that an attacker could potentially “execute arbitrary code or induce a denial of service (DoS) condition, thereby circumventing security measures on the targeted system” due to these vulnerabilities.
The identified weaknesses in the Google Chrome OS are attributed to various factors, including “use after free” in profiles, inappropriate implementation in downloads, heap buffer overflow in PDF, and an issue in the Linux Kernel. To exploit these vulnerabilities, an attacker could manipulate a victim into visiting a specially-crafted request on the targeted system.
CERT-In routinely conducts assessments for vulnerabilities across devices and operating systems, issuing public warnings to inform both users and companies about potential weaknesses in cybersecurity.