Update your browser! Critical vulnerabilities found in Microsoft Edge
The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk advisory, warning Windows users about security vulnerabilities in Microsoft Edge. The flaws could permit a remote attacker to bypass security measures, and execute harmful code on a user's system, compromising sensitive data. The vulnerabilities exist in Chromium-based Microsoft Edge versions prior to 129.0.2792.79, CERT-In's warning states.
Vulnerabilities stem from multiple issues
The vulnerabilities in Microsoft Edge stem from multiple issues including lack of data validation in Mojo, faulty implementation in the V8 JavaScript engine, and an integer overflow in the browser's layout process. Attackers could exploit such weaknesses by sending specially crafted requests to a user's system, or tricking them into visiting malicious websites or opening compromised HTML pages. This could lead to unauthorized control of systems and exposure of sensitive personal data.
Microsoft has addressed the vulnerabilities
Microsoft has already addressed such vulnerabilities in its latest updates—Microsoft Edge Stable Channel (version 129.0.2792.79) and Microsoft Edge Extended Stable Channel (128.0.2739.107). Users are strongly advised by CERT-In to update their browsers to these latest versions, as a step to protect their devices from potential attacks. The Indian government has also emphasized that outdated browsers pose significant risks and urged users to maintain security through regular updates.
CERT-In's previous warnings and recommendations
In a similar move last month, CERT-In flagged multiple high-risk issues in Apple products, including iPhones, Apple Watches, and Macs. Users were requested to update their devices to prevent unauthorized access and potential security breaches. CERT-In, a division of the Ministry of Electronics and Information Technology, has emphasized the importance of vigilance and regular updates for a secure browsing experience.
