The Indian Government’s Computer Emergency Response Team (CERT-In) on Monday issued a warning on multiple vulnerabilities found in popular internet browser Microsoft Edge (Chromium based). Giving it a ‘high’ severity rating, it stated that the issues affected Microsoft Edge browser versions prior to 103.0.1264.71. 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

As per the advisory, multiple vulnerabilities have been observed in Microsoft Edge. These could allow a remote attacker to bypass security restrictions and execute an arbitrary code or cause denial of service (DoS) attack on the affected system. 

Describing the threat, the advisory observed that these vulnerabilities exist in Chromium Open-Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based) due to: 

  • Use after free in Guest View
  • Use after free in PDF
  • Use after free in Service Worker API
  • Use after free in Views 
  • Insufficient validation of untrusted input in File

These vulnerabilities could be exploited by hackers remotely by sending a specially crafted request to the affected device.  

CERT-In also mentioned the solution in its threat report. It asked users to apply appropriate updates as mentioned in Release notes for Microsoft Edge Security Updates.

READ | Gmail space full? Here’s how to easily delete unnecessary emails in Gmail to free up space