Govt cyber security agency alerts users against multiple vulnerabilities in Chrome, Mozilla web browsers

Bhubaneswar: The Indian computer emergency Response Team (CERT-In), the nodal cyber security agency under the Ministry of Electronics and Information Technology, has cautioned against several vulnerabilities in popular web browsers Google Chrome and Mozilla. While the severity rating of the vulnerability in Chrome has been categorized as severe, the vulnerability in Mozilla has been categorized as medium.

In an alert note, CERT-In has said “multiple vulnerabilities exist in Google Chrome due to Use after free in autofill, drag and drop, media, payments, safe browsing, Blink, audio, insufficient policy enforcement in webUI, Heap Buffer overflow in Skia, insufficient data validation in networking, Out of bounds write in V8,Heap buffer overflow in audio. An attacker can exploit these vulnerabilities by persuading a victim to visit a specially crafted website”

“Successful exploitation of these vulnerabilities could allow an attacker to execute the arbitrary code, could view, change or delete date in the targeted system” it added.

To overcome these threats, CERT-In has advised users to upgrade to Google Chrome version 87.0.4280.141.

On the other hand, on Mozilla Firefox, CERT-In has alerted that vulnerability has been reported in the Mozilla Firefox which could be exploited by an attacker to run arbitrary code on the targeted system.

“ This vulnerability exists in Mozilla Firefox due to use-after-free error when processing COOKIE-ECHO chunk in a SCTP packet. A remote attacker could exploit this vulnerability by passing specially crafter date to the browser. Successful exploitation of this vulnerability could allow the attacker to run arbitrary code on the targeted system” CERT-In said. CERT-In has advised to apply appropriate fix mentioned in Mozilla security advisory.