Indian Government Issues Warning Regarding Google Chrome and GitLab Vulnerabilities

The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics & Information Technology, has issued a cautionary advisory regarding potential vulnerabilities in Google Chrome and GitLab software. These vulnerabilities could pose significant risks to user data security and system integrity, potentially leading to exploitation by malicious actors.

Understanding the Vulnerabilities

Vulnerable Software Versions

• Google Chrome: Versions before 124.0.6367.118/.119 (Mac & Windows) and 124.0.6367.118 (Linux).

• GitLab: Community Edition (CE) and Enterprise Edition (EE) versions before 16.11.1, 16.10.4, and 16.9.6.

Google Chrome Vulnerabilities:

According to Indian Computer Emergency Response Team (CERT-In, multiple vulnerabilities have been identified in Google Chrome, particularly affecting versions prior to 124.0.6367.118/.119 for Mac and Windows, and versions before 124.0.6367.118 for Linux. These vulnerabilities could be exploited by remote attackers to execute arbitrary code and cause denial-of-service (DoS) conditions on targeted systems.

GitLab Vulnerabilities:

Similarly, GitLab, an open-core company, is also vulnerable to security threats. CERT-In highlights vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 16.11.1, 16.10.4, and 16.9.6. These vulnerabilities include authentication bypass, security restriction bypass, and denial of service, which could compromise user data security and system functionality.

Potential Risks and Exploitation

Google Chrome Exploitation:

The vulnerabilities in Google Chrome stem from flaws in Dawn and Picture in Picture components, including a use-after-free flaw. Cyber attackers could exploit these weaknesses to initiate remote code execution attacks and disrupt system operations, posing severe risks to user privacy and data confidentiality.

GitLab Vulnerability Exploitation:

In the case of GitLab, the vulnerabilities arise from improper authentication mechanisms and flaws in email address processing, among others. Malicious actors could leverage these vulnerabilities to bypass security measures and orchestrate denial-of-service attacks, compromising the integrity of GitLab instances and user data.

Recommended Mitigation Measures

Applying Security Updates:

CERT-In advises users to promptly apply security updates provided by Google and GitLab to address the identified vulnerabilities. These updates contain patches and fixes aimed at mitigating the risks associated with the reported vulnerabilities, enhancing the overall security posture of the affected software.

How to Stay Protected: Apply Updates Immediately

CERT-In strongly urges users of Google Chrome and GitLab to update their software to the latest versions as soon as possible. These updates address the identified vulnerabilities and significantly improve system security.

Staying Vigilant:

Users are urged to remain vigilant and exercise caution while browsing the internet, especially when accessing potentially malicious websites. By adopting proactive security measures and staying informed about emerging threats, users can minimize their exposure to cybersecurity risks and safeguard sensitive information effectively.

Conclusion:

The warning issued by CERT-In underscores the critical importance of addressing vulnerabilities in Google Chrome and GitLab to mitigate potential security risks. By staying proactive and applying recommended security updates, users can enhance their resilience against cyber threats and protect their data from exploitation by malicious actors.