Indian Computer Emergency Response Team (CERT-in) has reported multiple security vulnerabilities in Google Chrome Operating system and Microsoft Edge web browser. According to the note published on CERT-in website, these vulnerabilities could be exploited by a remote attacker to bypass security restrictions and gain unauthorised access to users data in Chrome OS and run malicious code on Microsoft Edge.
CERT-in has rated the severity rating for vulnerabilities on both ChromeOS and Microsoft Edge browser as high, suggesting that security threat is high for users who are using outdated versions.
The notification states that due to insufficient data validation in Extensions on Chrome OS, any third-party could persuade a victim to visit a specially crafted web page to exploit these vulnerabilities.
CERT-in in a note recommended users using the Google Chrome OS and Microsoft Edge to immediately update to the latest version or install security patches that are provided by their respective companies.
Microsoft has already released stable channel updates for its Edge browser incorporating the latest security updates.
Earlier, Google released the latest version of the Chrome OS containing security fixes for vulnerabilities mentioned in the CERT-in alert such as insufficient data validation in Extensions.
More From This Section
Affected Microsoft Edge versions:
-
Microsoft Edge (Stable) prior to 121.0.2277.98
-
Microsoft Edge (Extended Stable) prior to 120.0.2210.167
Affected Google Chrome OS version:
-
Google Chrome OS LTS channel version prior to 114.0.5735.350 (Platform Version: 15437.90.0)