The Indian Computer Emergency Response Team (CERT-In), has issued a warning about issues in Google Chrome and Siemens products. These issues have the potential to allow fraudsters to execute arbitrary code on the targeted system.
Reportedly, the affected Siemens products include Parasolid, SIMATIC RTLS, Simcenter Nastran, SIMATIC CN 4100, RUGGEDCOM, Solid Edge, Teamcenter Visualisation, JT2G, CPC80, CPCI85, and six more.
What went wrong?
“A vulnerability has been reported in Google Chrome for Desktop which could be exploited by a remote attacker to execute arbitrary code on the targeted system,” the CERT-In, which falls under the Ministry of Electronics & Information Technology, advisory explained.
The affected versions of Google Chrome include the versions 125.0.6422.112/.113 for Windows and Mac, and versions before 125.0.6422.112 for Linux. A report released on Friday highlighted that malware can be a significant cyber threat.
From what it is understood the ‘Remote Code Execution’ vulnerability seems to be available in Google Chrome for Desktop due to the ‘Type Confusion’ flaw in V8. This can eventually enable an attacker to exploit this vulnerability by sending a specially crafted request.
During the first quarter of this year (January-March period), nearly one in four Indians experienced hacking attacks. In addition to this, during the January-March period, around 20.1 percent of users were susceptible to local threats. Cybercriminals seem to have executed illegal activities in the browsers and their plugins.
The safe road ahead
According to Kaspersky’s quarterly data, which is a global security company, about 22.9 percent of web users in the country were targeted by web-borne threats. CERT-In suggested that you should take appropriate security updates as mentioned by the companies.
Furthermore, “Malware remains a major threat to the users in India. Targeted malware attacks continue to be a major source of worry for organisations and users alike,” CERT-In explained.
“Siemens typically addresses a higher number of vulnerabilities each month compared to other vendors, this is an indication of the effort & focus the company put into securing its products rather than as evidence that its products are more vulnerable,” a Siemens spokesperson said in a statement sent over email. “Siemens has proactively published these issues in Siemens Security advisories on May 14, 2024 together with the fixes for them. Siemens has issued recommendations for fixes or mitigations.”
“File-less malware is being seen as the most dangerous web threat this quarter since it does not leave any trace for static analysis of the attack,” reports showed. In order to avoid these threats, you should avoid falling prey to clickbaits. Avoid clicking unnecessary and unknown links.
Follow FE Tech Bytes on Twitter, Instagram, LinkedIn, Facebook
