Centre warns of high-risk vulnerabilities in Google Chrome, Apple iTunes
What's the story
The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning about potential vulnerabilities, in Google Chrome and Apple iTunes desktop applications.
These weaknesses could potentially permit hackers to remotely access a user's device and execute arbitrary code.
CERT-In, which operates under the Ministry of Electronics and Information Technology, has urged users to apply proper security updates rolled out by the companies.
Technical breakdown
CERT-In details vulnerability in Apple iTunes
CERT-In has clarified that the vulnerability in Apple iTunes is due to "improper checks in CoreMedia component."
A remote attacker could exploit this by sending a crafted request.
Successful exploitation could permit the attacker to execute arbitrary codes on the targeted system.
This problem affects users of Apple iTunes on Windows prior to version 12.13.2. CERT-In advises users to update their software as a protective measure.
Security flaws
Issues identified in Google Chrome
CERT-In has also identified several vulnerabilities in Google Chrome.
They appear due to a bug in the Visuals and ANGLE components called 'use-after-free,' which can cause 'heap corruption' when a hacker executes a specially crafted HTML page.
The agency noted that the 'vulnerability under CVE-2024-4671 is being exploited in the wild.'
These vulnerabilities affect Google Chrome users on desktop prior to versions 124.0.6367.201/.202 for Windows and Mac, and version 124.0.6367.201 for Linux.
Users are advised to update their browsers immediately.