CERT-In Warning: The Government of India’s cybersecurity agency, CERT-In, has issued a warning for Google and Apple users. The government agency has identified a threat in a service of Google Chrome and Apple. If users do not follow the instructions given by CERT-In, their devices may be hacked.

CERT-In Cyber Alert: If you use Google Chrome or are an Apple user, be cautious. The Indian Computer Emergency Response Team (CERT-In), the cybersecurity agency of the Government of India, has issued a warning to users of both companies. The government agency has detected vulnerabilities in Google Chrome and Apple iTunes. According to CERT-In, these vulnerabilities could be exploited by cyber hackers to attack your device and take control.

CERT-In has discovered vulnerabilities in Google Chrome and Apple iTunes desktop applications. These flaws provide hackers with an opportunity to infiltrate users’ devices. As a result, hackers can gain control over the device’s arbitrary code. The government agency, operating under the Ministry of Electronics and Information Technology, has provided guidance on how to mitigate this risk.

Error Found in Google Chrome

According to CERT-In, numerous vulnerabilities have been discovered in Google Chrome. A bug was identified in the Visuals and ANGLE components known as use-after-free. Hackers exploit these vulnerabilities through specially crafted HTML pages, leading to ‘heap corruption’.

These vulnerabilities affect Google Chrome users on desktop versions prior to 124.0.6367.201/.202 for Windows and Mac, and version 124.0.6367.201 for Linux. Users are advised to update their browsers immediately.

Risk in Apple iTunes as well

CERT-In clarified that the threat arises from “incorrect verification in CoreMedia component” in Apple iTunes. A remote attacker could exploit this vulnerability by sending a specially crafted request. If successful, the attacker can inject arbitrary code into the device.

This issue affects users of Apple iTunes on Windows versions before 12.13.2. CERT-In advises users to update their software as a precautionary measure.