Indian Computer Emergency Response Team (CERT-In) has recently issued advisories for Android, Chrome for desktop, and Mozilla Firefox users. The severity of the risks is high, and the threat can affect users nationwide, compromising sensitive data.
The Indian Computer Emergency Response Team (CERT-In) has recently issued an advisory for several vulnerabilities in Android, Google Chrome for desktop, and Mozilla Firefox.
According to CERT-In, Android versions 12, 12L, 13, and 14 are the most affected software. Multiple Vulnerabilities have been discovered in Android, which attackers could exploit to steal private data and gain access to the device.
The advisory states, "Multiple vulnerabilities have been reported in Android which could be exploited by an attacker to obtain sensitive information, gain elevated privileges and cause denial of service condition on the targeted system."
Framework, System, MediaTek components, Widevine, Qualcomm components and Qualcomm closed-source components are the flaws that have caused the vulnerabilities in Android.
The team has also alerted the public about the vulnerabilities of Chrome for desktop and Mozilla Firefox. For Chrome, the software which is affected are Google Chrome versions prior to 123.0.6312.105/.106/.107 for Windows and Mac and Google Chrome versions prior to 123.0.6312.105 for Linux.
The note states, "These vulnerabilities exist in Google Chrome due to Inappropriate implementation in V8, Use after free in Bookmarks and Out of bounds memory access in V8. A remote attacker could exploit these vulnerabilities by sending a specially crafted request on the targeted system."
"Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial of Service (DoS) condition, information disclosure and execute arbitrary code on the targeted system," it added.
For Mozilla Firefox, the software affected are Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions prior to 115.9.1. According to the advisory, the Out-of-bounds access via Range Analysis bypass and Privileged JavaScript Execution via Event Handlers are the reasons for the vulnerabilities in Mozilla Firefox.
The note states, "Successful exploitation of these vulnerabilities could allow a remote attacker to perform execute arbitrary code or cause denial of service condition on the targeted system."
Also Read: How to link RuPay credit card on UPI? A detailed guide and FAQs
Also Read: What is juice jacking? Learn how criminals use USB chargers to steal your data
Last Updated Apr 5, 2024, 11:22 AM IST