Friday, April 12, 2024
HomeNewsHigh-risk warning issued for Google Chrome and Mozilla by government

High-risk warning issued for Google Chrome and Mozilla by government

According to CERT-In, the vulnerabilities in Chrome and Mozilla gave the hackers access to users' sensitive data by allowing them to execute arbitrary codes and bypass all the security mechanisms in place.

The Computer Emergency Response Team (CERT-In) of the Indian government has flagged several vulnerabilities in Google Chrome and Mozilla products. According to CERT-In, these vulnerabilities gave the hackers access to the users’ sensitive data by allowing them to execute arbitrary codes by bypassing all the security mechanisms in place. 

Google Chrome OS versions before 96.0.4664.209 contained vulnerabilities marked as high-risk by CERT-In. Vulnerabilities in this criteria are labeled under CVE-2022-1633, CVE-202-1636, CVE-2021-43527, CVE-2022-1489, CVE-2022-1859, CVE-2022-1867, and CVE-2022-23308 by Google. 

In the case of Mozilla, CERT-In has detected and flagged bugs present in the Mozilla Firefox Thunderbird versions before 91.10, Mozilla Firefox iOS versions before 101, Mozilla Firefox versions before 101, and Mozilla Firefox ESR versions before 91.10. 

Read More: Apple MacBook Air and 13-inch MacBook Pro revamped with the latest M2 chip

Google acknowledged the bugs and later reported to have fixed them. The company also requested the users to update Chrome OS to the latest version to steer clear of those bugs. Similarly, Mozilla urged its users to download the latest versions, namely Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox 101 to avoid the vulnerabilities. 

According to CERT-In, these vulnerabilities posed a significant threat to the security and privacy of the users by allowing the hackers to start a denial-of-service (DoS) attack. The bugs also allowed the hackers to disclose sensitive information, break security restrictions, execute arbitrary codes, and inflict spoofing attacks. 

While explaining the vulnerabilities, CERT-In said that the bugs in Chrome OS are due to heap buffer overflow in V8 internalization, sharesheet, performance manager, and performance APIs. CERT-In added that the bugs reported in dev-libs/libxml2, insufficient validation of untrusted input in data transfer, and out of bounds memory access in UI Shelf contributed to the vulnerabilities. 

Subscribe to our newsletter

Subscribe and never miss out on such trending AI-related articles.

We will never sell your data

Join our WhatsApp Channel and Discord Server to be a part of an engaging community.

Sahil Pawar
Sahil Pawar
I am a graduate with a bachelor's degree in statistics, mathematics, and physics. I have been working as a content writer for almost 3 years and have written for a plethora of domains. Besides, I have a vested interest in fashion and music.


Please enter your comment!
Please enter your name here

Most Popular