Mozilla, Chrome OS prone to hacking, update immediately: CERT-In advisory

The Indian Computer Emergency Response Team (CERT-In) has raised several issues in Mozilla and Chrome OS products that could put various sensitive user data at risk.

The agency mentioned in a report that the bugs in the system could allow remote attackers to bypass security restrictions, disclose sensitive information, execute arbitrary code, perform spoofing attacks, and even cause a denial of service (DoS) attack.

CERT-In — the nodal agency for cybersecurity threats — said on its website: “These vulnerabilities exist in Mozilla Firefox due to SQL injection in the history tab, Cross-Origin resources length leaked, Heap buffer overflow in WebGL, Browser window spoof using full-screen mode…”

A remote attacker can exploit the system vulnerabilities by convincing victims to open a specially crafted web request.

“Successful exploitation of these vulnerabilities could allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, and cause a denial of service attack on the targeted system.”

CERT-In advised users to upgrade to Mozilla Firefox iOS 101, Firefox ESR 91.10, Firefox Thunderbird 91.10, and Mozilla Firefox 101 to improve security.

In March, the Centre said in Rajya Sabha that CERT-In had observed over 14 lakh cyber security incidents during 2021.

CERT-In also warned users about several vulnerabilities on the Google Chrome desktop application that allowed hackers to bypass security restrictions and access sensitive information.

In a note released, CERT-In advised Chrome users to update their browsers to avoid security issues. Google also acknowledged the loopholes in the browser and released an update.

Cybersecurity has become a major concern for corporations and individuals in recent years. However, CERT-In’s recent guidelines on new cybersecurity rules that mapped several domains, but mostly targeted at fighting cybercrime, divided opinion. While some experts said these regulations were a step towards strengthening India in the fight against cybercrime, others said these were neither transparent nor sensible.

Originally appeared on: TheSpuzz