CERT-In detects multiple threats with high severity in Microsoft Edge and Drupal
The Hindu
CERT-In has detected multiple vulnerabilities in Microsoft Edge and Drupal Core allowing remote attackers to bypass security restrictions
The threat alert was shared in a report. It points to vulnerabilities that can be exploited by remote attackers to bypass security restrictions and execute arbitrary code or cause denial of service on the targeted systems.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
The vulnerabilities affecting Microsoft Edge Versions prior to 103.0.1264.71, exist in Chromium open-Source Software which is used by Microsoft Edge (Chromium-based).
The threats can be used due to, Use after free in Guest View, Use after free in PDF, Use after free in Service Worker API, Use after free in Views and Insufficient validation of untrusted input in File.
The vulnerabilities can be exploited by remote attackers by sending specially crafted requests on the targeted system. And their successful exploitation can allow an attacker to bypass security restrictions and to execute arbitrary code.
According to the report, applying available software updates should be able to fix the vulnerabilities.
CERT-In has also issued vulnerability alerts for Drupal Core