The vulnerabilities in Google Chrome for desktop affect versions prior to 126.0.6478.54 for Linux and versions before 126.0.6478.56/57 for Windows and Mac. For SAP products, the affected software includes SAP Financial Consolidation, NetWeaver AS Java (Meta Model Repository), NetWeaver AS Java (Guided Procedures), NetWeaver and ABAP platform, Document Builder (HTTP service), Bank Account Management, among others.
CERT-In’s advisory states, “Multiple vulnerabilities have been reported in Google Chrome that could allow a remote attacker to execute arbitrary code on the targeted system.” These issues in Google Chrome are due to Type Confusion in V8; Use after free in Dawn, V8, BrowserUI, Audio; Inappropriate implementation in Dawn, DevTools, Memory Allocator, Downloads; Heap buffer overflow in Tab Groups, Tab Strip; and Policy Bypass in CORS. Attackers could exploit these by convincing victims to visit specially crafted web pages.
In SAP products, the vulnerabilities could enable attackers to perform cross-site scripting (XSS), bypass authorization checks, upload unauthorized files, access sensitive information, or cause denial of service conditions.
CERT-In recommends users apply the necessary security updates provided by the companies to protect against these vulnerabilities and avoid phishing attacks.
, part of the Ministry of Electronics & Information Technology, has alerted users to vulnerabilities in Google Chrome for desktop and SAP products. These vulnerabilities could allow attackers to execute arbitrary code or cause denial of service conditions on the targeted systems.){kind=link}