The Indian government’s Computer Emergency Response Team (CERT-In) recently discovered several vulnerabilities in Chrome and Mozilla products.
According to CERT-In, these flaws allowed hackers to gain access to all of the users’ data and even execute arbitrary code by circumventing all security mechanisms.
The vulnerabilities marked as ‘high’ risk by CERT-In targeted Chrome OS versions prior to 96.0.4664.209. It includes vulnerabilities marked under CVE-2021-43527, CVE-2022-1489, CVE-2022-1633, CVE-202-1636, CVE-2022-1859, CVE-2022-1867, and CVE-2022-23308 by Google.
The company urged users to download the latest version of Chrome OS to stay protected from these bugs.
CERT-In also found bugs in Mozilla Firefox iOS version 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101. Mozilla has rated all of the vulnerabilities as ‘high.’
According to the company, these flaws allowed a remote attacker to access sensitive data, bypass security restrictions, execute arbitrary code, perform spoofing attacks, and cause denial-of-service (DoS) attacks on the targeted system.
The affected Mozilla products have also received updates. To protect themselves from this vulnerability, users should download Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101.
As per CERT-In, these vulnerabilities lead attackers to deliver a denial of service attack on targeted systems. Services that are usually targeted using such attacks include email, websites, online accounts, among others.
The government agency said that these vulnerabilities can be exploited by an attacker to execute arbitrary code on the targeted system. “These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalisation; use after free in Sharesheet, Performance Manager, Performance APIs; vulnerability reported in dev-libs/libxml2; Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf,” CERT-In explained in an official post.