The Indian Computer Emergency Response Team has found multiple vulnerabilities in the Microsoft Edge browser. As per the agency, these vulnerabilities could potentially be exploited by an attacker to compromise the targeted system.
After warning Android users of vulnerability, the Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics & Information Technology, issued a warning on Monday regarding multiple vulnerabilities in Microsoft Edge (Chromium-based). These vulnerabilities could potentially be exploited by an attacker to compromise the targeted system. The affected software includes Microsoft Edge Stable versions prior to 125.0.2535.85.
“Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system,” said the CERT-In advisory.
According to the cybersecurity agency, there are vulnerabilities in Microsoft Edge (Chromium-based) caused by ‘out of bounds’ memory access in keyboard inputs, out of bounds write in streams API, heap buffer overflow in WebRTC, use after free in dawn, media session, and presentation API.
An attacker could exploit these vulnerabilities by tricking a victim into opening a specifically crafted file, as mentioned by the agency. CERT-In advised users to install appropriate security updates as recommended by the company.
Furthermore, the cyber agency has warned users about multiple vulnerabilities in Android that could allow an attacker to obtain sensitive information, gain elevated privileges, and cause denial-of-service (DoS) conditions on the targeted system.
According to the advisory, these vulnerabilities exist in Android due to flaws in the Framework, System, Google Play system updates, Kernel, Arm components, MediaTek components, Imagination Technologies, and Qualcomm closed-source components.
Meanwhile, Cybersecurity researchers have discovered a potential data leak involving at least 100,000 Facebook (Meta) users. The leaked data, which includes full names, profiles, emails, phone numbers, and locations, appeared on a data breach forum. This exposure of personal information could make the affected users vulnerable to phishing attacks and other malicious activities. At the moment, it is unclear who is responsible for this breach.
