The Government watchdog, Computer Emergency Response Team (CERT-In), has issued a warning flagging security issues regarding the native Windows web browser – Microsoft Edge. Classifying the vulnerabilities as of ‘High’ severity, the warning mentioned that attackers can exploit these vulnerabilities to gain access to the sensitive information on the targeted machines.
CERT-In flagged three issues within the Edge browser, including CVE-2024-9370, CVE-2024-7025, and CVE-2024-9369. The advisory stated that attackers could execute a remote attack by bypassing the security restrictions and executing arbitrary code on the targeted system.
The government body’s advisory reads, “The vulnerabilities exist in Microsoft Edge (Chromium-based) due to insufficient data validation in Mojo, Inappropriate implementation in V8 and Integer overflow in Layout. A remote attacker could exploit these vulnerabilities by sending a specially crafted request to the targeted system.”
The report clearly underscores that the issues found in Edge primarily affect the Version Microsoft Edge (Chromium-based) version before 129.0.2792.79.
The best way to fix this issue is to update the browser to its latest version. Follow these steps to update the browser:
– Open Edge Browser
– Navigate to Settings
– Go to ‘About Edge’
– Wait until it checks for the latest version
– Install the latest version
– After installing, restart the browser.
In other developments, the CERT-in recently issued ‘High’ severity vulnerability warning concerning Apple products like iOS, iPadOS and macOS. The government watchdog noted that the tech giant had fixed the issues with the latest software updates. To fix the issue, users were advised to update their devices with the latest software versions.
Earlier this year, CERT-in had also warned users of vulnerabilities regarding Apple iTunes and Google Chrome for desktops. The vulnerability could allow a hacker to execute arbitrary code on the targeted system.
The advisory issued by CERT-in stated that the ‘Remote Code Execution’ vulnerability exists in the Apple Product due to improper checks in the CoreMedia component. A remote attacker could leverage this vulnerability by sending a specially crafted request.