CERT-In, the Indian government’s nodal agency for responding to computer security incidents as and when they occur, is reporting multiple vulnerabilities Apple Safari and Google Chrome.

The severity rating in both cases is high.

The vulnerabilities in Apple Safari could allow an attacker to execute arbitrary code and spoof user interface on the targeted system.

CERT-In notes that these vulnerabilities exist in Apple Safari due to improper iframe sandbox enforcement checks, memory handling within the WebKit component and improper state management. An attacker could exploit these vulnerabilities by persuading a victim to visit specially crafted web content.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and spoof the user interface on the targeted system.

In case of the vulnerabilities in Google Chrome, CERT-In notes that these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions or cause a denial-of-service condition on the targeted system.

The vulnerabilities exist in Google Chrome due to heap buffer overflow in vp8 encoding in libvpx; use-after-free error in Passwords and Extensions. A remote attacker could exploit these vulnerabilities by executing a specially crafted HTML page.

CERT-In says that the Google Chrome vulnerability under CVE-2023-5217 is being exploited in the wild. Users are advised to patch the vulnerable devices immediately.