The Indian Computer Emergency Response Team (CERT-In) has alerted users about vulnerabilities in Google Chrome and various Siemens products. These vulnerabilities could enable attackers to run arbitrary code on compromised systems. The Siemens products impacted include Parasolid, SIMATIC RTLS, Simcenter Nastran, SIMATIC CN 4100, RUGGEDCOM, Solid Edge, Teamcenter Visualization, JT2G, CPC80, CPCI85, along with six additional products.

The CERT-In, part of the Ministry of Electronics & Information Technology, has reported a vulnerability in Google Chrome for Desktop. This flaw could be exploited by a remote attacker to execute arbitrary code on the targeted system. The affected versions include 125.0.6422.112/.113 for Windows and Mac, and versions prior to 125.0.6422.112 for Linux. A report released on Friday indicated that malware poses a significant cyber threat. The ‘Remote Code Execution’ vulnerability in Google Chrome is believed to stem from a ‘Type Confusion’ flaw in V8, which could be exploited by an attacker through a specially crafted request.

In the first quarter of this year (January to March), nearly 25% of Indians experienced hacking attacks. Additionally, approximately 20.1% of users were vulnerable to local threats during this period. Cybercriminals appear to have carried out illegal activities through browsers and their plugins.

Kaspersky’s quarterly data indicates that approximately 22.9% of web users in India were targeted by web-borne threats. CERT-In advises users to apply the recommended security updates provided by the respective companies. Additionally, CERT-In highlighted that malware remains a significant threat in India, with targeted malware attacks being a major concern for both organizations and individual users.

A Siemens spokesperson stated via email, “Siemens typically addresses more vulnerabilities each month compared to other vendors. This reflects the company’s dedication to securing its products rather than indicating that its products are more vulnerable.” Siemens proactively published these issues in their security advisories on May 14, 2024, along with the corresponding fixes. Recommendations for fixes or mitigations have also been issued.

Reports indicated that file-less malware is currently seen as the most dangerous web threat, as it leaves no trace for static analysis. To avoid such threats, it is advised to steer clear of clickbait and avoid clicking on unnecessary or unknown links.