Multiple flaws in Chrome and other Mozilla products have recently been discovered by India’s Computer Emergency Response Team (CERT-In). Bypassing all security protections, hackers might gain access to all of the users’ data and even execute arbitrary code, according to the CERT-In report.
Prior to 96.0.4664.209, Chrome OS was vulnerable to CERT-high-risk In’s vulnerabilities. Google has assigned CVE numbers 2021-4357, 2022-1489, 2022-1633, 2022-1636, 2022-1859, 2022-1867, and 2022-23308 to the list of vulnerabilities. Despite the fact that it acknowledged the problems, the IT giant claimed to have resolved them all. In order to avoid these vulnerabilities, the company recommended customers download the most recent version of Chrome OS.
Mozilla Firefox iOS version 101, Mozilla Firefox Thunderbird version prior to 91.10, Mozilla Firefox ESR version prior to 91.10, and Mozilla Firefox previous to 101 were all detected by CERT-In as being vulnerable to attack. Mozilla has categorized all of the vulnerabilities as ‘high’. Hackers were able to get access to sensitive information, bypass security limitations and execute arbitrary code by exploiting these flaws. They may even initiate denial-of-service (DoS) attacks on the target system.
On Mozilla’s end, they’ve updated the problematic software. This issue can be avoided by downloading Mozilla Firefox iOS 101 and Thunderbird 91.10, Mozilla Firefox ESR 91.10, and Mozilla Firefox version 101.
Attackers can use these flaws to launch a denial of service assault on targeted systems, according to CERT-In. Users are prevented from accessing information systems, devices, or other resources by hackers in a denial of service (DoS) assault. Email, websites, and online accounts are just a few of the services that are frequently the target of such attacks.
An attacker might use these flaws to execute arbitrary code on a target system, according to the federal agency. Chrome OS has a heap buffer overflow in V8 internalization, use after free in the Share sheet, Performance Manager, and Performance APIs, a vulnerability reported in dev-libs/libxml2, insufficient validation of untrusted input in Data Transfer, an out-of-bounds memory access in UI Shelf, according to an official post from CERT-in.
Source: India Today