Affected software for Google Chrome for desktop includes Chrome versions prior to 126.0.6478.54 for Linux and Chrome versions prior to 126.0.6478.56/57 for Windows and Mac.
On the other hand, the affected SAP products include SAP Financial Consolidation, NetWeaver AS Java (Meta Model Repository), NetWeaver AS Java (Directed Processes), NetWeaver and ABAP Platform, Document Builder (HTTP Service), Bank Account Management, and others.
"Multiple vulnerabilities have been reported in Google Chrome that could allow a remote attacker to execute arbitrary code on a targeted system," the CERT-In advisory said.
According to the cyber agency, these vulnerabilities exist in Google Chrome due to type confusion in V8; Free use in Dawn, V8, BrowserUI, Audio; Improper implementation in Dawn, DevTools, Memory Allocator, Downloads; Heap buffer overflow in tab group, tab strip and policy bypass in CORS.
A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page. According to the cyber agency, the reported vulnerabilities in SAP products could allow an attacker to exploit cross-site scripting (XSS), missing authorization checks, file uploads, obtaining sensitive information or violating denial of service terms on the targeted system.
CERT-In suggests users to apply proper security updates recommended by companies to stay away from phishing attacks.
On the other hand, the affected SAP products include SAP Financial Consolidation, NetWeaver AS Java (Meta Model Repository), NetWeaver AS Java (Directed Processes), NetWeaver and ABAP Platform, Document Builder (HTTP Service), Bank Account Management, and others.
"Multiple vulnerabilities have been reported in Google Chrome that could allow a remote attacker to execute arbitrary code on a targeted system," the CERT-In advisory said.
According to the cyber agency, these vulnerabilities exist in Google Chrome due to type confusion in V8; Free use in Dawn, V8, BrowserUI, Audio; Improper implementation in Dawn, DevTools, Memory Allocator, Downloads; Heap buffer overflow in tab group, tab strip and policy bypass in CORS.
A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page. According to the cyber agency, the reported vulnerabilities in SAP products could allow an attacker to exploit cross-site scripting (XSS), missing authorization checks, file uploads, obtaining sensitive information or violating denial of service terms on the targeted system.
CERT-In suggests users to apply proper security updates recommended by companies to stay away from phishing attacks.
