Centre alarms Microsoft Edge users of possible ‘high’ level hack threat
The Indian Computer Emergency Response Team (CERT-IN) has issued the note cautioning flaws in Microsoft Edge that could allow a remote attacker to execute arbitrary code or cause denial of service conditions on the targeted system.
The Centre has alarmed the users of Microsoft Edge to be cautious and take precautionary steps against probable hack attacks on the platform. The Indian Computer Emergency Response Team (CERT-IN) has issued the advisory with a high severity rating on September 20 against multiple vulnerabilities reported in the web browser.
From time to time, CERT-IN issues advisory and vulnerability notes on its website. In the latest vulnerability note, the agency cautioned, “Multiple vulnerabilities have been reported in Microsoft Edge.” It added the flaws “could allow a remote attacker to execute arbitrary code or cause denial of service conditions on the targeted system.”
Which versions are affected and why?
CERT-IN has stated that the vulnerabilities are found in the software running on updates prior to 105.0.1343.42.
As per the report, these flaws exist in Google Chrome for Desktop because of Use-after-free (arising from the operation of dynamic memory allocation) in PDF and Frames. Along with this, the vulnerabilities also stem due to the Heap-based buffer overflow.
How would it influence the system ?
These vulnerabilities will give access to the system to the attacker, bypassing the security restrictions in place in the device. A remote hacker then could execute arbitrary code and launch a denial of service attack, making the system inaccessible to the original user.
Users should upgrade to the latest stable channel update available for Microsoft Edge browser.
CERT-IN is a statutory body under the Information Technology (Amendment) Act of 2008. This nodal agency under the Ministry of Electronics and Information Technology looks after computer security incidents, reports on susceptibilities, and advocates powerful IT security practices throughout the country. It reports bugs and cybersecurity threats, including hacking and phishing attacks.
Designed and built by Microsoft, Microsoft Edge is a cross-platform web browser. It was first included with Windows 10 and Xbox One in 2015, and it was later made available for other platforms, including Android and iOS in 2017, macOS and earlier versions of Windows in 2019, and Linux in 2020.