The Ministry of Electronics & Information Technology’s Indian Computer Emergency Response Team (CERT-In) has alerted users about many vulnerabilities in GitLab and Google Chrome OS that could let an attacker run arbitrary code on the targeted system.
The impacted software is the LTS channel for Google ChromeOS versions earlier than 120.0.6099.315.
GitLab Community Edition (CE) versions before to 17.1.1, 17.0.3, and 16.11.5, as well as GitLab Enterprise Edition (EE) versions prior to 17.1.1, 17.0.3, and 16.11.5, on the other hand, are among the impacted GitLab software versions.
“Multiple vulnerabilities have been reported in LTS channel for ChromeOS which could be exploited by an attacker to execute arbitrary code on the targeted system,” stated the advisory from CERT-In.
The cyber agency claims that the Heap buffer overflow in WebRTC and the Use after free in Media Session are the causes of these vulnerabilities in Google Chrome OS.
An attacker might take advantage of these weaknesses by convincing a victim to visit a webpage that has been carefully designed.
Several GitLab Community Edition (CE) and Enterprise Edition (EE) components have the vulnerabilities that have been reported.
According to the cyber agency, a successful exploit of these vulnerabilities might provide a remote attacker access to sensitive data, the ability to execute arbitrary code, enable cross-site scripting, get around security measures, and cause a denial of service on the targeted system.
According to CERT-In, users should install the necessary security upgrades as advised by the respective companies.
