Cyber agency flags multiple bugs in Chrome OS, Mozilla

The Indian Computer Emergency Response Team (CERT-In) has flagged several bugs in Chrome OS and Mozilla products that may put various sensitive data at risk.

In a report, the agency mentioned that the bugs could allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, perform spoofing attacks and cause a denial of service (DoS) attack on the targeted system.

“These vulnerabilities exist in Mozilla Firefox due to SQL injection in the history tab, Cross-Origin resources length leaked, Heap buffer overflow in WebGL, Browser window spoof using full-screen mode…” CERT-In said on its website.

A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

“Successful exploitation of these vulnerabilities could allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, and cause a denial of service (DoS) attack on the targeted system,” as per CERT-In.

Users can upgrade to Mozilla Firefox iOS 101, Firefox Thunderbird 91.10, Firefox ESR 91.10, and Mozilla Firefox 101 for better security.

Meanwhile, in March, the Central government said in the Rajya Sabha that the CERT-In has observed over 14 lakh cyber security incidents during 2021. DT Next