Indian govt issues high risk warning for Google Chrome and Apple iTunes. Here's what you must do

livemint.com:

Apple iTune exists due to improper checks in a component called 'CoreMedia', which could be exploited by hackers by sending a specially crafted request. The vulnerability affects users of Apple iTunes on Windows prior to version 12.13.2. Explaining the issue via a report, CERT stated, “This vulnerability exists in Apple Product due to improper checks in CoreMedia component.

A remote attacker could exploit this vulnerability by sending a specially crafted request. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system." CERT states that updating to the latest version of iTunes should help mitigate the potential vulnerabilities. To update their iTunes applications on Windows, users can go to the Help section and click Check for Updates.

CERT has found several vulnerabilities in Google Chrome that could be used by a potential hacker to gain access to a targeted system. The vulnerabilities in Chrome exist due to a bug in the Visuals and ANGLE components called 'use-after-free' and could be used by a hacker to execute a specially crafted HTML page to cause ‘heap corruption’. CERT also stated that the ‘vulnerability under CVE-2024-4671 is being exploited in the wild.

Users are advised to patch the vulnerable devices immediately.’ The vulnerabilities affect Google Chrome users on desktop prior to version 124.0.6367.201/.202 for Windows and Mac and version 124.0.6367.201 for Linux. Google Chrome users on Windows, Mac and Linux are advised to update to the latest version to mitigate potential vulnerabilities. To update to the latest version, users can navigate to the 'Help' option and click on 'About Google Chrome', which will automatically search for a new