The Indian Computer Emergency Response Team (CERT-In), which comes under the IT Ministry, has warned users of multiple vulnerabilities in Google Chrome which could allow a remote attacker to execute arbitrary code and denial-of-service (DoS) conditions on the targeted system.
A remote attacker could exploit these vulnerabilities by sending specially crafted requests on the targeted system.
"Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and denial-of-service (DoS) conditions on the targeted system," said CERT-In the advisory late on Wednesday.
These vulnerabilities exist in Google Chrome due to 'Heap Buffer' overflow in 'WebRTC', 'Type Confusion in V8' and 'Use after Free' in Chrome OS Shell.
The vulnerability (CVE-2022-2294) is being exploited in the wild, said the cyber agency, adding that the users are advised to apply patches urgently.
CERT-In also advised users against a 'Remote Code Execution' vulnerability that has been reported in a Zoho Corporation software which could be exploited by an unauthenticated remote attacker to execute arbitrary code on the targeted system.
This vulnerability exists in 'Zoho ManageEngine ADAudit Plus' due to a 'misconfigured XML' parser that processes user-supplied input without sufficient validation.
"Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system," warned the cyber agency, advising the users to upgrade to the latest Zoho 'ManageEngine ADAudit Plus' security build update.
--IANS
na/dpb
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve hit your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Quarterly Starter
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Access to Exclusive Premium Stories Online
Over 30 behind the paywall stories daily, handpicked by our editors for subscribers


Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share


Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor


Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements


Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app