Indian Cyber Security Agency Alerts Users to Update Microsoft Edge Due to Multiple Bugs

The Ministry of Electronics & Information Technology, through its Indian Computer Emergency Response Team (CERT-In), has issued a warning to Microsoft Edge users about multiple vulnerabilities in the browser.

These security flaws could potentially allow hackers or cyber attackers to gain unauthorized access to users' systems. According to CERT-In, Microsoft Edge Stable versions lower than 125.0.2535.85 include the vulnerabilities.

Details of the Vulnerabilities

In its advisory, CERT-In specified, "Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system."

The agency highlighted that attackers could exploit these vulnerabilities by tricking users into opening malicious files, which could then grant them access to the user's PC. CERT-In stressed the importance of installing the recommended security updates to protect against such phishing attacks.

Technical Causes of the Vulnerabilities

The vulnerabilities in Microsoft Edge stem from several technical issues. These include heap buffer overflow in WebRTC, "out of bounds" memory access in keyboard inputs, and use after free problems in Dawn, Media Session, and Presentation API.

These technical flaws create opportunities for attackers to execute arbitrary code, leading to potential system compromise.

Past Security Flaws in Android

This is not the first time CERT-In has identified significant security vulnerabilities. The agency previously discovered multiple security flaws in the Android operating system.

These vulnerabilities allowed attackers to gain sensitive information due to issues in various components, including the Framework, System, Google Play system updates, Kernel, Arm components, MediaTek components, Imagination Technologies, and Qualcomm closed-source components.

Recent Facebook Data Leak

In another significant cybersecurity incident, researchers have uncovered a potential data leak involving at least 1 lakh Facebook users. The leaked data includes full names, profiles, emails, phone numbers, and locations.

This information appeared on a data breach forum, putting the personal details of these users at risk of malware or phishing attacks. This incident underscores the growing need for stringent cybersecurity measures across all platforms.

Conclusion

The recent advisories from CERT-In emphasize the critical importance of keeping software up to date to mitigate security risks. Users of Microsoft Edge are strongly advised to update their browsers to the latest version to protect against potential exploits.

Similarly, users should remain vigilant about potential data breaches and employ robust security practices to safeguard their personal information. As cyber threats continue to evolve, staying informed and proactive about cybersecurity is essential for individuals and organizations alike.