The Indian government’s Computer Emergency Response Team (CERT-In) recently flagged several vulnerabilities in Chrome and some Mozilla products. 

CERT-In highlighted that these vulnerabilities were providing hackers with access to all of the users’ data and even executing arbitrary codes by bypassing all security mechanisms.

The vulnerabilities marked as ‘high’ risk by CERT-In targeted Chrome OS versions prior to 96.0.4664.209. It includes vulnerabilities marked under CVE-2021-43527, CVE-2022-1489, CVE-2022-1633, CVE-202-1636, CVE-2022-1859, CVE-2022-1867, and CVE-2022-23308 by Google. 

The tech giant acknowledged the bugs and said that it fixed all the bugs. The company urged users to download the latest version of Chrome OS to stay protected from these bugs.

In addition, CERT-In flagged bugs in the Mozilla Firefox iOS version prior to 101, Mozilla Firefox Thunderbird version prior to 91.10, Mozilla Firefox ESR version prior to 91.10, and Mozilla Firefox version prior to 101.

All of the vulnerabilities have been rated ‘high’ by Mozilla. These vulnerabilities, the company said, allowed a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, perform spoofing attacks and cause denial-of-service (DoS) attacks on the targeted system.

Mozilla has also released updates to the affected products. Users are asked to download Mozilla Firefox iOS 101, Mozilla Firefox Thunderbird version 91.10, Mozilla Firefox ESR version 91.10, and Mozilla Firefox version 101 to protect themselves from this vulnerability.

As per CERT-In, these vulnerabilities lead attackers to deliver a denial of service attack on targeted systems. 

A denial-of-service (DoS) attack happens when users are unable to access information systems, devices, or other resources owing to hackers. Services that are usually targeted using such attacks include email, websites, online accounts, among others.

The government agency said that these vulnerabilities can be exploited by an attacker to execute arbitrary code on the targeted system.

“These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalisation; use after free in Sharesheet, Performance Manager, Performance APIs; vulnerability reported in dev-libs/libxml2; Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf,” CERT-In explained in an official post.