wordpress blog stats
Connect with us

Hi, what are you looking for?

CERT-In warns of bugs in Chrome OS and Firefox browsers

CERT-In has said that it has found bugs in Google Chrome and Mozilla Firefox that can leak sensitive information and launch DDoS attacks

The Indian Computer Emergency Response Team (CERT-In), on June 6, flagged several bugs in Chrome OS and Mozilla products that may put various sensitive data at risk.

Advertisement. Scroll to continue reading.

In the notes attached, the agency mentioned that the bugs could allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code and perform multiple other kinds of attacks on the targeted system. Both Google and Mozilla bugs have been classified as highly severe threats.

Why it matters: Cyber-attacks have been on the rise since the pandemic started with the Ministry of Home Affairs reporting 12 lakh cyber security incidents in 2020 alone. Two common patterns in attacks all over the world are the exploitation of vulnerabilities in web browsers and operating systems. The fact that CERT-In has flagged these bugs in softwares used commonly around the country should prompt a deeper look into other browsers and OSs as well.

Google Chrome OS: CERT-In has flagged eight sensitive bugs in the Google Chrome operating systems prior to the newly released version 96.0.4664.209. If not fixed, these bugs can let an attacker trigger arbitrary code to harm the victim system.

“These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalisation; use after free in Sharesheet, Performance Manager, Performance APIs; vulnerability reported in dev-libs/libxml2; Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf,” the agency said in its report.

The Chrome OS is used to power a range of economic tabs, notebooks and laptops across multiple brands that are popular in smaller towns. CERT-In suggests an update to the May 31 release of the OS to get rid of these loopholes.

Mozilla web browsers: Four different internet browsers developed by Mozilla have been flagged as carrying sensitive bugs that could allow a remote attacker to not only inflict the harms listed above but also allows a launchpad for a denial of service (DoS) attack on the target.

Advertisement. Scroll to continue reading.

Affected versions:

  • Firefox iOS versions before 101
  • Firefox Thunderbird versions preceding 91.10 
  • Firefox ESR versions before 91.10
  • Firefox desktop versions older than 101 –  

“A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request,” the report notes. CERT-In asks users to upgrade these browsers to their latest versions in order to get rid of these bugs.

What other measures is CERT-In taking: On April 28, CERT-In issued new cybersecurity directions covering the timeframe for reporting cyber security incidents, maintenance of KYC and transaction information for crypto exchanges and wallets, maintenance of customer details by data centres, cloud services and VPN providers and maintenance of logs in Indian jurisdiction. These directions will become effective later in June.

Also read:

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...

News

Releasing the policy is akin to putting the proverbial 'cart before the horse'.

News

The industry's growth is being weighed down by taxation and legal uncertainty.

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ