The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics & Information Technology, issued a warning on Monday regarding multiple vulnerabilities in the Chromium-based Microsoft Edge browser. These vulnerabilities could potentially allow attackers to compromise targeted systems. The advisory specifically highlighted that Microsoft Edge Stable versions prior to 125.0.2535.85 are affected.
Nature of Vulnerabilities
CERT-In identified several issues within Microsoft Edge, including:
- Out-of-bounds memory access in keyboard inputs.
- Out-of-bounds write in the streams API.
- Heap buffer overflow in WebRTC.
- Use-after-free vulnerabilities in dawn, media session, and presentation API.
These vulnerabilities arise from improper handling of memory and inputs, which can be exploited by attackers. By enticing a victim to open a specially crafted file, an attacker could leverage these flaws to gain control over the system.
Advisory to Users
CERT-In has advised users to apply the necessary security updates provided by Microsoft to mitigate these risks. Updating to the latest version of Microsoft Edge is crucial to ensure protection against these vulnerabilities.
Android Vulnerabilities Warning
In addition to the Microsoft Edge warning, CERT-In also alerted users about multiple vulnerabilities in Android systems. These flaws could enable attackers to obtain sensitive information, gain elevated privileges, and cause denial-of-service (DoS) conditions.
Detailed Breakdown of Android Vulnerabilities
The vulnerabilities in Android are due to issues in various components, including:
- Framework and System components.
- Google Play system updates.
- Kernel.
- Arm components.
- MediaTek components.
- Imagination Technologies.
- Qualcomm closed-source components.
These vulnerabilities could be exploited to disrupt the normal operation of devices, extract sensitive data, or escalate privileges to gain deeper access to the system.
Recommendations for Android Users
CERT-In recommends that Android users promptly install the latest security patches and updates provided by Google and other relevant manufacturers. Keeping devices updated is vital to safeguard against potential threats and vulnerabilities.
