
The Indian government’s Computer Emergency Response Team (CERT-In) has discovered many flaws in Google Chrome and Mozilla Firefox applications. According to CERT-In, these flaws allowed hackers to access users’ data and even execute arbitrary codes by breaching all security protections. CERT-In issued a ‘high’ risk rating to the vulnerabilities that affected Chrome OS and Mozilla Firefox iOS users. As a result of these flaws, attackers can perform a DoS (denial of service) attack on targeted systems.
A DoS attack occurs when hackers prevent users from accessing information systems, devices, or other resources. The most common victims of such attacks are targeted using email, websites, online accounts, and other sources.
How to protect yourself
CERT-In classified the vulnerabilities as ‘high’ risk because they affected Chrome OS versions before 96.0.4664.209. After recognising the flaws, the company resolved them immediately and has advised customers to download the most recent version of Chrome OS to stay protected from these flaws.
CERT-In also discovered bugs in Mozilla Firefox iOS version 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101. Mozilla categorised all of the vulnerabilities as ‘high.’ According to the firm, these flaws allowed a remote attacker to access sensitive data, bypass security limitations, execute arbitrary code, perform spoofing attacks, and cause DoS attacks on the targeted system.
The impacted Mozilla Firefox users have also received updates. The users should download Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101 to protect themselves from this vulnerability.
CERT-In said these vulnerabilities can be exploited by attackers to execute arbitrary code on the targeted system. “These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalisation; use after free in Sharesheet, Performance Manager, Performance APIs; vulnerability reported in dev-libs/libxml2; Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf,” CERT-In explained in an official post.