The Indian government’s CERT-in recently noticed several vulnerabilities in Chrome and some Mozilla products. CERT-In highlighted that these vulnerabilities were availing hackers with reach to all of the users’ data and even performing arbitrary codes by bypassing all security systems.
The vulnerabilities marked as ‘high’ risk by CERT-In targeted Chrome OS versions before 96.0.4664.209. It includes vulnerabilities marked under CVE-2021-43527, CVE-2022-1489, CVE-2022-1633, CVE-2022-1867, and CVE-2022-23308 by Google. The tech giant recognized the bugs and said that it fixed all the bugs. The company urged users to download the latest version of Chrome OS that’s why users can stay protected from these bugs.
In addition, CERT-In flagged bugs in the Mozilla Firefox iOS version before 101, Mozilla Firefox Thunderbird version before 91.10, Mozilla Firefox ESR version before 91.10, and Mozilla Firefox version before 101. All of the loopholes have been rated ‘high’ by Mozilla. These vulnerabilities, the company said, allowed a remote attacker to reveal sensitive data, bypass security restrictions, perform arbitrary code, execute spoofing attacks and cause denial-of-service attacks on the targeted system.
Mozilla has also released updates to the affected products. Users are asked to download Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101 to protect themselves from this vulnerability.
As per CERT-In, these vulnerabilities tend attackers to deliver a denial of service attack on targeted systems. A denial-of-service attack happens when users are unable to access information systems, devices, or other resources owing to hackers. Services that are usually targeted using such attacks include email, websites, and online accounts, among others.
The government agency said that these vulnerabilities can be used by an attacker to perform arbitrary code on the targeted system. “These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalization; use after free in Share Sheet, Performance Manager, Performance APIs; vulnerability reported in dev-libs/libxml2; Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf,” CERT-In explained in an official post.