Several new vulnerabilities have been detected in two of the most commonly used internet browsers, all of which have been assigned a ‘High’ severity rating by the Indian Computer Emergency Response Team (CERT-In). If you use either of these browsers, it is recommended that you download the latest software updates immediately.
According to two separate advisories issued by CERT-In on Monday, a total of 15 vulnerabilities have been detected in Mozilla products, including Mozilla Firefox and Mozilla Thunderbird, while eight vulnerabilities have been found in Google Chrome. Firefox and Chrome are internet browsers used both on desktop and on mobile phones, while Thunderbird is an open source email service provider by Mozilla.
“Multiple vulnerabilities have been reported in Mozilla products which could allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, perform spoofing attacks and cause denial of service attack (DoS) on the targetted system,” CERT-In’s advisory on Mozilla products states.
Execution of arbitrary code implies that a malicious hacker can run any program of their choice on the hacked computer, while a spoofing attack means using the hacked device to impersonate the target while perpetrating future criminal activities. A DoS attack involves causing a target server to crash so that its services are denied to its users, and is typically aimed at service providers.
The eight Google Chrome vulnerabilities, too, can leave the target devices open to execution of arbitrary code, according to CERT-In. All the vulnerabilities have been classified as ‘High’, which is the second most serious severity rating assigned by the agency.
Both Chrome and Mozilla have acknowledged all the vulnerabilities on their respective websites, with a detailed note on each vulnerability and its implications. Both products have also released patches for all the bugs in their latest software update, and users are advised to update their browsers immediately to avoid falling prey to cyber attacks.
