The Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding significant vulnerabilities discovered in Google Chrome for desktop and several SAP products. These vulnerabilities could potentially allow attackers to execute arbitrary code or cause denial of service (DoS) conditions on targeted systems.
Google Chrome versions prior to 126.0.6478.54 for Linux and 126.0.6478.56/57 for Windows and Mac are affected. Cert-In has identified several sources of these vulnerabilities in Chrome, including type confusion in V8, use after free in Dawn, V8, BrowserUI, and Audio, inappropriate implementation in Dawn, DevTools, Memory Allocator, and Downloads, as well as heap buffer overflow in Tab Groups and Tab Strip, and policy bypass in CORS.
A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page, leading to arbitrary code execution on the target system.
In addition, multiple vulnerabilities have been reported in various SAP products, such as SAP Financial Consolidation, NetWeaver AS Java (Meta Model Repository), NetWeaver AS Java (Guided Procedures), NetWeaver and ABAP platform, Document Builder (HTTP service), and Bank Account Management. These vulnerabilities could allow attackers to perform cross-site scripting (XSS), bypass authorization checks, improperly upload files, obtain sensitive information, or cause denial of service conditions.
Cert-In has urged users to apply appropriate security updates recommended by Google and SAP to protect against potential exploits. The agency also advised users to stay alert to phishing attacks, which might exploit these vulnerabilities.