New Delhi, June 9: The Indian government’s Computer Emergency Response Team (CERT-In) has flagged several vulnerabilities in Chrome and Mozilla products.
According to CERT-In, these vulnerabilities had been providing hackers with access to all of the users’ data and even executing arbitrary codes by bypassing all security mechanisms.
The vulnerabilities which have been marked as ‘high’ risk by CERT-In targeted Chrome OS versions prior to 96.0.4664.209. It further includes vulnerabilities marked under CVE-2021-43527, CVE-2022-1489, CVE-2022-1633, CVE-202-1636, CVE-2022-1859, CVE-2022-1867, and CVE-2022-23308 by Google.
The tech giant also acknowledged the vulnerabilities and stated that they had been resolved. To avoid these bugs, the company advised users to download the most recent version of Chrome OS.
Furthermore, CERT-In has flagged vulnerabilities in the Mozilla Firefox iOS version prior to 101, Mozilla Firefox Thunderbird version prior to 91.10, Mozilla Firefox ESR version prior to 91.10 and Mozilla Firefox version prior to 101.
All of the bugs are rated ‘high’ by Mozilla. The company also said that these vulnerabilities allowed a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, perform spoofing attacks and cause denial-of-service (DoS) attacks on the targeted system.
Mozilla has also made updates available for the affected products. To protect themselves from this vulnerability, users should download Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101.
According to CERT-In, these vulnerabilities allow attackers to perform a denial of service attack on targeted systems. A denial-of-service (DoS) attack occurs when hackers prevent users from accessing information systems, devices, or other resources. Email, websites, and online accounts are among the services that are commonly targeted by such attacks.
According to the government agency, an attacker may exploit these vulnerabilities to execute arbitrary code on the targeted system.
“These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalisation; use after free in Sharesheet, Performance Manager, Performance APIs; vulnerability reported in dev-libs/libxml2; Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf,” CERT-In stated.