The Computer Emergency Response Team (CERT-In) of the Indian government has identified many vulnerabilities in Chrome and certain Mozilla products. According to CERT-In, these vulnerabilities allowed hackers to access all of the users’ data and even execute arbitrary code by circumventing all security protections.
CERT-In rated the vulnerabilities as ‘high’ risk since they affected Chrome OS versions prior to 96.0.4664.209. It has vulnerabilities identified by Google as CVE-2021-43527, CVE-2022-1489, CVE-2022-1633, CVE-2022-1636, CVE-2022-1859, CVE-2022-1867, and CVE-2022-23308. The tech titan acknowledged the problems and stated that they had been resolved. To avoid these vulnerabilities, the firm advised customers to download the most recent version of Chrome OS.
Furthermore, CERT-In identified problems in Mozilla Firefox iOS before to 101, Mozilla Firefox Thunderbird prior to 91.10, Mozilla Firefox ESR prior to 91.10, and Mozilla Firefox prior to 101. Mozilla has categorised all of the vulnerabilities as ‘high.’ According to the firm, these vulnerabilities allowed a remote attacker to divulge sensitive information, circumvent security constraints, execute arbitrary code, conduct spoofing attacks, and inflict denial-of-service (DoS) assaults on the targeted system.
Mozilla has also made updates available for the impacted products. To protect themselves from this issue, users should download Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101.
As per CERT-In, these vulnerabilities lead attackers to deliver a denial of service attack on targeted systems. A denial-of-service (DoS) attack happens when users are unable to access information systems, devices, or other resources owing to hackers. Services that are usually targeted using such attacks include email, websites, online accounts, among others.
The government agency said that these vulnerabilities can be exploited by an attacker to execute arbitrary code on the targeted system. “These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalisation; use after free in Sharesheet, Performance Manager, Performance APIs; vulnerability reported in dev-libs/libxml2; Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf,” CERT-In explained in an official post.