The Indian Government, after issuing a security warning to Apple users, has now put out two security alerts, highlighting “multiple security vulnerabilities” in Mozilla Products and Google Chrome OS. The CERT-In issued these warnings, an organisation operating under the Ministry of Electronics and Information Technology.
Apple devices were affected by an exploit targeting the Safari browser, using which the attacker could direct the users to “maliciously crafted web content”. However, in both these recent cases, the vulnerabilities take a different form.
CERT-In is the security alert regarding Mozilla Firefox browsers released on June 6 remarked, “Multiple vulnerabilities have been reported in Mozilla products which could allow a remote hacker to disclose sensitive information, bypass security restrictions, execute arbitrary code, perform spoofing attacks and cause denial of service (DoS) attack on the targeted system.”
Updates were released as soon as the issue was detected
Things are not much different for Chrome OS users. In the release about the OS, it was stated that the exploitation of the vulnerabilities found could allow the attacker to execute arbitrary code on the targeted system. This means that the users of the older versions of either of these pieces of software are exposed to significant risks.
As stated in the official release by CERT, the affected versions of both Mozilla and Chrome OS are as follows:
- Mozilla Firefox iOS version prior to 101,
- Mozilla Firefox Thunderbird version prior to 91.10,
- Mozilla Firefox ESR version prior to 91.10, and
- Mozilla Firefox version prior to 101
Google Chrome OS:
- Google Chrome versions prior to 96.0.4664.209
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” highlights Google.
Both Google and Mozilla got on top of this issue really quickly, as they have released software updates. All the users running the same or older versions of either Mozilla Firefox or Google Chrome OS have been asked to download and install these updates as soon as possible to prevent loss or damage of any kind.