Vulnerabilities in Google Chrome and Zoho ManageEngine: India warns

There are multiple vulnerabilities in Google Chrome and Zoho ManageEngine ADAudit Plus, according to the Indian Computer Emergency Response Team (CERT-In).
India laptop users
The CERT-In, which comes under the IT Ministry, warned users of multiple vulnerabilities in Google Chrome which could allow a remote attacker to execute arbitrary code and denial-of-service (DoS) conditions on the targeted system.

A remote attacker could exploit these vulnerabilities by sending specially crafted requests on the targeted system.

“Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and denial-of-service (DoS) conditions on the targeted system,” said CERT-In the advisory.

These vulnerabilities exist in Google Chrome due to Heap Buffer overflow in WebRTC, Type Confusion in V8 and Use after Free in Chrome OS Shell.

The vulnerability (CVE-2022-2294) is being exploited in the wild, said the cyber agency, adding that the users are advised to apply patches urgently.

CERT-In also advised users against a Remote Code Execution vulnerability that has been reported in a Zoho Corporation software which could be exploited by an unauthenticated remote attacker to execute arbitrary code on the targeted system.

This vulnerability exists in Zoho ManageEngine ADAudit Plus due to a misconfigured XML parser that processes user-supplied input without sufficient validation.

Exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system. Users need to upgrade to the latest Zoho ManageEngine ADAudit Plus security build update.