Indian Cyber Agency Finds Multiple Bugs In Microsoft Edge, Advises Users To Update

New Delhi: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, on Monday, warned users of multiple vulnerabilities in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system.

The affected software includes Microsoft Edge Stable versions prior to 125.0.2535.85. "Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system," said the CERT-In advisory.

According to the cyber agency, these vulnerabilities exist in Microsoft Edge (Chromium-based) due to 'out of bounds' memory access in keyboard inputs; out of bounds write in streams API; heap buffer overflow in WebRTC, use after free in dawn, media session and presentation API.

An attacker could exploit these vulnerabilities by enticing a victim to open a specially crafted file, the agency mentioned. Cert-In advised users to apply appropriate security updates as mentioned by the company.

Meanwhile, the cyber agency warned users of multiple vulnerabilities in Android which could allow an attacker to obtain sensitive information, gain elevated privileges and cause denial-of-service (DoS) conditions on the targeted system.

As mentioned in the advisory, these vulnerabilities exist in Android due to flaws in the Framework, System, Google Play system updates, Kernel, Arm components, MediaTek components, Imagination Technologies and Qualcomm closed-source components.