CERT-In issues alerts for vulnerabilities in Google Chrome OS, TP-link router and Atlassian Bitbucket Server and Data Center

Users are recommended to update their product and firmware in order to ensure their systems are secure

CERT-In on Thursday released notes for high severity vulnerabilities in Google Chrome OS, and critical vulnerabilities in TP-Link router and Bitbucket Server and Data Center. The reported vulnerabilities can be used by remote attackers to target affected systems and execute arbitrary codes, compromising their security.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Multiple vulnerabilities in Google Chrome OS LTS channel version have been reported due to use after free in Blink, browser creation, webUI, managed devices API and Chrome OS shell. 

Vulnerabilities also exist in the sign-in flow, extensions and extensions API, insufficient policy enforcement in cookies, inappropriate implementation in extensions API, heap buffer overflow in PDF and side-channel information leakage in keyboard input. 

The vulnerabilities affect most Chrome OS devices, according to Google’s security releases. They can be exploited by remote attackers by sending specially crafted requests to the targeted systems. 

Successful exploitation can allow attackers to execute arbitrary code or cause denial of services on the affected systems. 

Google has released security updates to fix the vulnerabilities and their implementation is suggested to secure vulnerable systems.