The Indian government has flagged vulnerabilities in Google Chrome and Mozilla Firefox products on Thursday. According to Centre's Indian Computer Emergency Response Team (CERT-In), Chrome versions prior to 96.0.4664.209 are affected by vulnerabilities that could be exploited by hackers. Besides, attackers can disclose sensitive information, and bypass security restrictions due to vulnerabilities in Firefox.
The government said, "Multiple vulnerabilities have been reported in Google Chrome OS which could be exploited by an attacker to execute arbitrary code on the targeted system".
The CERT-In said that the vulnerabilities exist due to 'heap buffer overflow in V8 internationalization; use after free in the share sheet, performance manager, performance APIs, vulnerability reported in dev-libs; insufficient validation of untrusted input in data transfer and out of bounds memory access in UI shelf".
Successful exploitation of vulnerabilities could allow attackers to execute arbitrary code on the targeted system, it added.
The Centre's CERT-In said that vulnerabilities in Mozilla products can affect software such as--Mozilla Firefox IOS version prior to 101; Mozilla Firefox Thunderbird version prior to 91.107; Mozilla Firefox ESR version prior to 91.10, and Mozilla Firefox version prior to 101.
"These vulnerabilities exist in Mozilla Firefox due to SQL Injection in history tab, Cross-Origin resources length leaked, H overflow in WebGL, Browser window spoof using full-screen mode...," the CERT-In added.
Successful exploitation of vulnerabilities could allow a remote attacker to disclose sensitive information, bypass restrictions, and cause denial of service (DoS) attack on the targeted system, the Centre's agency said.
Providing a solution, the CERT-In has advised Firefox users to upgrade it to OS 101, Firefox Thunderbird 91.10, Firefox ESR 91.10 and Mozilla Firefox 101.