CERT-In, which stands for Indian Computer Emergency Response Team is a part of the Ministry of Electronics & Information Technology. Recently it issued a warning regarding multiple security flaws in Microsoft Edge's Chromium-based browser, which has the potential to enable attackers to gain control of a compromised system.
Affected versions
The vulnerabilities are present in Microsoft Edge Stable versions which are earlier from 126.0.2592.68. Users who are running these versions of Edge are asked to update their software immediately to save themselves from any potential risks.
Nature of vulnerabilities
CERT-In has identified several critical issues in the Edge's Chromium-based browser, including:
- Type confusion in V8: This is a flaw in the JavaScript engine which could lead to erratic behaviour and security breaches.
- Inappropriate implementation in WebAssembly: It has the potential to enable malicious code execution.
- Out-of-bounds memory access in Dawn: this could lead to reading or writing beyond the buffer, which may cause crashes or exploitation.
- Use after free in Dawn: This vulnerability may occur when memory is accessed after it has been freed, and could potentially lead to arbitrary code execution.
How are hackers/attackers using the exploitation method?
As per the information, the attackers are capable of exploiting these vulnerabilities by convincing users to visit specially crafted web pages, which could lead them to malicious action-taking pages, without the knowledge of the victim.
Recommendations by CERT-In
CERT-In has advised the users to apply the latest security updates from Microsoft Edge to protect their systems. One has to keep up with the software as it is crucial to defend against any such threats.
Collaborative efforts in cybersecurity
In a recent development, CERT-In has partnered with financial services giant Mastercard to enhance cybersecurity in the financial sector. This collaboration further focuses on:
- Incident response: Coordinate efforts to mitigate and manage cybersecurity incidents.
- Capacity building: Strengthening skills and capabilities to handle cyber threats.
- Threat intelligence sharing: Exchanging information on cyber threats, especially to the financial industry.
- Advanced malware analysis: Collaborating on identifying and analyzing sophisticated malware which targets financial institutions.
This partnership has been aiming at leveraging both entities' expertise to bolster cybersecurity measures, to foster a more secure financial ecosystem.
ALSO READ: New AI system aims to reduce power outages and boost grid reliability
Inputs from IANS