Indian Government Issued High-Risk Warning To Google Chrome & Mozilla Users
The Computer Emergency Response Team (CERT-In) of the Indian government recently identified various vulnerabilities in Chrome and Mozilla products. According to CERT-In, these flaws allowed hackers to gain access to all of the users’ data and even execute arbitrary code by circumventing all security protections. According to CERT-In, these flaws allowed hackers to access all of the users’ data and even execute arbitrary code by circumventing all security safeguards.
CERT-In classified the vulnerabilities as ‘high’ risk because they affected Chrome OS versions prior to 96.0.4664.209. Google has classified the vulnerabilities as CVE-2022-1489, CVE-2022-1633, CVE-202-1636, CVE-2022-1859, CVE-2022-1867, and CVE-2022-23308. The tech behemoth recognized the flaws and stated that they had been resolved. To stay protected from these flaws, the company advised customers to download the most recent version of Chrome OS.
CERT-In also found problems in Mozilla Firefox iOS version 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101. Mozilla has categorized all of the vulnerabilities as ‘high.’ According to the firm, these flaws allowed a remote attacker to access sensitive data, bypass security limitations, execute arbitrary code, perform spoofing attacks, and cause denial-of-service (DoS) assaults on the targeted system.
The impacted Mozilla products have also received updates. To protect themselves from this vulnerability, users should download Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101.
According to CERT-In, these flaws allow attackers to carry out a denial of service attack on targeted systems. A denial-of-service (DoS) attack occurs when hackers prevent users from accessing information systems, devices, or other resources. Email, websites, and online accounts are among the services that are commonly targeted by such attacks.
An attacker might use these flaws to execute arbitrary code on the targeted system, according to the federal agency. “These security flaws exist in Google Chrome OS due to massive pile network congestion in V8 internalization; use after free in the Share sheet, Performance Manager, and Performance APIs; vulnerability reported in dev-libs/libxml2; insufficient validation of untrusted input in Data Transfer; and out of bounds memory access in UI Shelf,” according to CERT-In.