India’s Computer Emergency Response Team (CERT-In) which tracks cybersecurity threats issued alerts on Wednesday on several vulnerabilities detected in Chrome and Edge browsers, and Android OS
India’s Computer Emergency Response Team (CERT-In) which tracks cybersecurity threats issued alerts on Wednesday on several vulnerabilities detected in Chrome and Edge browsers, and Android OS
These vulnerabilities can allow remote attackers to execute arbitrary code on targeted systems, compromising their security, CERT-In said.
(Sign up for our technology newsletter, Today’s Cache, for insights into emerging themes at the intersection of technology, business and politics. Click here to subscribe for free.)
Vulnerabilities have been detected in versions of Google Chrome earlier than 104.0.5112.79.
Improper implementation of several APIs such as Managed Device API, Nearby Share API, Fullscreen API, and Extensions led to these vulnerabilities.
An API is a programming interface that allows different software to use features built into the browser.
Vulnerabilities have also been reported in Use after free in Omnibox, Safe Browsing, Tab Strip, Overview Mode, Near Near Share, Input, Sign-In Flow, WebUI, and Insufficient policy implementation in Background Fetch and Cookies.
In Android OS, vulnerabilities have been reported in versions 10, 11, 12 and 12L.
These vulnerabilities exist due to flaws in the existing framework of the software, Google Play system, Imagination technologies, among others. These can allow attackers to access privileged information in Android OS smartphones, CERT-In said.
In Microsoft Edge, vulnerabilities have been detected in versions prior to 104.0.1293.47.
Attackers can exploit these vulnerabilities to bypass in-browser security restrictions and gain access to privileged resources on affected systems. They can then use it to evade the browser sandbox and target other areas of compromised systems, according to CERT-In.