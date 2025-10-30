New Delhi, Oct 30 (PTI) Indian cyber security watchdog Cert-In on Thursday issued an alert about multiple vulnerabilities in Google Chrome desktop browser and developers' platform Gitlab, which could allow cyber criminals to steal users' data and carry out various types of attacks on the affected systems.

The Indian Computer Emergency Response Team has shared software patches or updates that can be used to plug the security loopholes in these platforms.

"Multiple vulnerabilities exist in Google Chrome due Type Confusion in V8, Inappropriate implementation in V8, Extensions, APP bound encryption, Autofill; object lifecycle issue in media, race in V8, storage; incorrect security UI in Omnibox, Fullscreen UI splitview; policy bypass in extensions, use after free in PageInfo, ozone and out of bounds read in V8, WebXR," Cert-In said.

V8 enables the Chrome browser to execute JavaScript-related work and the connection between the computer's technical language and text format.

The cybersecurity watchdog said that a remote attacker could exploit these vulnerabilities by persuading victims to visit a specially crafted web page.

"Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions, perform spoofing attacks or disclose sensitive information on the targeted system," Cert-In said on vulnerabilities in Chrome desktop browser.

For web-based developers' platform Gitlab, Cert-In said that multiple vulnerabilities exist in GitLab Community Edition (CE) and Enterprise Edition (ED) due to improper access control issues in various tools, including those that help in testing application interface, denial of service, validation of programmes and other software-related developments.

"An attacker could exploit these vulnerabilities by sending specially crafted payloads. Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions or cause denial of service (DoS) conditions on the targeted system," Cert-In said.

The cybersecurity watchdog has shared links to updates that have been released by Google and GitLab to fix vulnerabilities detected in them.