Chrome Users Issued Security Warning; Govt Asks Mozilla Users To Update Immediately!
Recently, Google released a security warning for Google Chrome users across Windows, Mac, and Linux with a new security fix urging the users to upgrade to keep their browser secure..
Similarly, Indian Computer Emergency Response Team (CERT-In) has issued an advisory alerting users about the multiple vulnerabilities in the Mozilla Firefox internet browser and asking them to update it immediately.
Google Urges Users to Upgrade Chrome to Secure Their Browser!
The security warning issued by Google revolves around a security vulnerability in Chrome and upgrade to the latest Google Chrome version 81.0.4044.113.
Google has revealed the codename for vulnerability – CVE-2020-6457 but hasn’t released any details yet about the security exploit. The only information mentioned around this vulnerability includes ‘use after free in speech recognizer.’
Google mentioned in a blog post that the new update includes security fixes and rewards. It read, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Users who want to check the version of Google Chrome they’re running to ensure secure browsing can do so by following some steps.
Click on the three vertical dots in the top right corner of the browser. Click on Help > About where you’ll be able to spot the version of your Chrome browser. If you don’t have the version updated, you must update it to keep your browser safe and secure.
Mozilla Firefox Rolls Out an Urgent Browser Update!
The CERT-In advisory reads, “Out-of-Bounds Read Vulnerability in Mozilla Firefox ( CVE-2020-6821 ). This vulnerability exists in Mozilla Firefox due to a boundary condition when using WebGLcopyTexSubImage method. A remote attacker could exploit this vulnerability by specially crafted web pages. Successful exploitation of this vulnerability could allow a remote attacker to disclose sensitive information.”
It also reads, “Information Disclosure Vulnerability in Mozilla Firefox ( CVE-2020-6824). This vulnerability exists in Mozilla Firefox to generate a password for a site but leaves Firefox open. A remote attacker could exploit this vulnerability by revisiting the same site of the victim and generating a new password. The generated password will remain the same on the targeted system.”
The advisory remarks that the browser vulnerabilities can be used to acquire sensitive information of the users by remote attackers via the browser and execute arbitrary code on the targeted system.
CERT-In aslo rated the severity as ‘High’ on all Mozilla Firefox browsers prior to version 75 and Mozilla Firefox ESR prior to version 68.7 which have been affected.
The advisory thus recommends that everyone update their browser to the latest version immediately.
Another vulnerability exists in Mozilla Firefox due to a boundary condition in GMP Decode Data. This involves processing images larger than 4GB on 32-bit builds.
A remote attacker can exploit this vulnerability by specially crafted images and trick the victim into opening it. Successful exploitation of the vulnerability allows an attacker to ‘execute arbitrary code on the target system’.
A remote attacker can also exploit another vulnerability by persuading a victim to install a crafted extension. If successful, the remote attacker can disclose sensitive information.
Other vulnerabilities include ‘Buffer Overflow Vulnerability in Mozilla Firefox (CVE-2020-6825)’ and ‘Memory Corruption Vulnerability in Mozilla Firefox (CVE-2020-6826)’.