The Computer Emergency Response Team (Cert-In) of the Ministry of Electronics and Information Technology has issued an alert warning to Google Chrome and Mozilla users in India, flagged multiple vulnerabilities in the browsers. The severity rating for these vulnerabilities was marked as ‘High’ by CERT-In, which also provided solutions to overcome them.

Highlighting the vulnerabilities present in Google Chrome OS, the CERT-In report targeted all the versions which are prior to 96.0.4664.209. These vulnerabilities are marked under 2021-4352, 2022-1489, 2022-1633, 202-1636, 202-1638 2022-1859, 2022-1867, and 2022-23308 of Common Vulnerabilities and Exposure (CVE.) These bugs were also acknowledged by Google which claims to have fixed them. Cert-In has recommended that users download the latest version of Chrome to stay protected. It stated that these vulnerabilities “could be exploited by an attacker to execute arbitrary code on the targeted system.”

Flagging the vulnerabilities in Mozilla products which includes Firefox iOS version prior to 101, Firefox Thunderbird version prior to 91.10, Firefox ESR version prior to 91.10, and Firefox version prior to 101, the CERT-In report stated that these vulnerabilities can “allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, perform spoofing attacks, and cause Denial of Service (DoS) attack on the targeted system.” The vulnerabilities are marked under CVE-2022-1834, CVE-2022-1887, CVE-2022-1919, CVE-2022-31736 to 31745, CVE-2022-31747, and CVE-2022-31748.

Mozilla has recognized the bugs as well and has released updates to the versions. Users have been advised to upgrade to Firefox iOS 101, Firefox Thunderbird version 91.10, Firefox ESR version 91.10, and Firefox version 101 to ensure safety.

Several reasons have been cited by Cert-In for these vulnerabilities including heap buffer overflow, use after free in Sharesheet, and Browser Window spoof, among others.

