CERT-In finds vulnerabilities in Google Chrome, Siemens products
New Delhi: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, on Friday warned users of vulnerabilities in Google Chrome and Siemens products, which could allow an attacker to execute arbitrary code on the targeted system.
The affected software in Google Chrome includes -- Chrome versions prior to 125.0.6422.112/.113 for Windows and Mac and versions before 125.0.6422.112 for Linux.
The affected Siemens products include -- Parasolid, SIMATIC RTLS, Simcenter Nastran, SIMATIC CN 4100, RUGGEDCOM, Solid Edge, Teamcenter Visualisation, JT2Go, CPC80, CPCI85, and six more.
"A vulnerability has been reported in Google Chrome for Desktop which could be exploited by a remote attacker to execute arbitrary code on the targeted system," said the CERT-In advisory.
The 'Remote Code Execution' vulnerability exists in Google Chrome for Desktop due to the 'Type Confusion' flaw in V8. An attacker could exploit this vulnerability by sending a specially crafted request.
Moreover, the cyber agency said that the multiple vulnerabilities reported in Siemens Products could allow an attacker to execute arbitrary code, escalate privileges or perform denial of service (DoS) conditions on the targeted system.
The agency suggested users apply appropriate security updates as mentioned by the companies.