Multiple Threats were found in Google Chrome and Zoom. The Computer Emergency Response Team (CERT-In) released a notice on Friday of a vulnerability affecting the desktop version of Google Chrome for Mac and Linux users.
Google and Zoom have emitted installs resolving the defenselessness.
Vulnerabilities found in Zoom products
CERT-In also released an advisory on Monday regarding vulnerabilities found in Zoom products. These vulnerabilities were discovered in Zoom’s on-premises meeting connector and could be exploited by an attacker to gain access to meeting audio and video feeds while remaining invisible to meeting participants.
Vulnerabilities found in Google Chrome could be exploited remotely by an attacker to bypass security restrictions, execute arbitrary code, and cause a denial of service on the targeted system.
CERT-In Vulnerability in Desktop Version of Chrome Used After Free in PDF and Frames and Out-of-Bounds Write-in-Storage Allows Programs to Start Writing Outside the Limits of Allocated Memory I pointed out that it exists to A heap buffer overflow vulnerability also exists where a portion of memory is allocated on the heap and data is written out of bounds, affecting the entire system memory.
This vulnerability could be exploited by a remote attacker by tricking a user into visiting a specially crafted website.
Latest security update
Google noted on Wednesday that six vulnerabilities were brought to the attention of external researchers. Google also said its latest security update includes fixes for 11 vulnerabilities found affecting Chrome for Mac and Linux users.
CERT-In has reported vulnerabilities classified as moderate severity.
This vulnerability was found to affect the connector for local Zoom meetings. They exist because of improper access and control implementations.
Zoom’s website states that the vulnerability was first reported by the offensive security team. We released an update that fixes it.