Indian government issues security alert for Microsoft Edge users
The Indian Computer Emergency Response Team (CERT-In) has issued a high severity warning to users of Microsoft Edge. This alert comes in response to multiple vulnerabilities identified in versions of the browser prior to 128.0.2739.42. The team, operating under the Ministry of Electronics and Information Technology, has warned that these security flaws could potentially allow remote attackers to execute arbitrary code on targeted systems.
Vulnerabilities and potential exploitation
The Chromium-based Microsoft Edge was discovered to have multiple vulnerabilities. These include memory-related issues like heap buffer overflow, out-of-bounds memory access, as well as coding errors such as inappropriate implementation, type confusion, and insufficient data validation. These vulnerabilities affected various components of the browser, including passwords, autofill, permissions, web app installs, custom tabs, extensions, Skia graphics library, and data transfer policies. The security flaws could be exploited by an attacker and make a victim visit a malicious webpage.
CERT-In's advice to Microsoft Edge users
In light of these security concerns, CERT-In has strongly advised Edge users to promptly apply the necessary updates provided by Microsoft. This recommendation underscores the importance of keeping software up-to-date as a key defense against potential cyber threats. The warning is particularly relevant for Indian users who are part of the global user base that makes Microsoft Edge one of the most widely used web browsers worldwide.
