The Indian Computer Emergency Response Team (CERT-In) issued a warning regarding multiple vulnerabilities in Android OS, posing risks of sensitive information exposure. The affected software versions include 'Android 12, 12L, 13, 14'. According to CERT-In's advisory, successful exploitation of these vulnerabilities could lead to the attacker gaining sensitive information, elevated privileges, and triggering a denial-of-service situation on the targeted system. These vulnerabilities stem from flaws in Framework, System, MediaTek components, Widevine, Qualcomm components, and Qualcomm closed-source components.
CERT-In has also released advisories for Google Chrome and Firefox users. Notably, the advisory pertains specifically to the desktop version of Google's web browser.
For Google Chrome:
- Versions affected include those preceding 123.0.6312.105.106.107 for Windows and Mac, as well as versions preceding 123.0.6312.105 for Linux.
- Several vulnerabilities have been identified in Google Chrome, potentially enabling a remote attacker to trigger a Denial of Service (DoS) situation, disclose information, and execute arbitrary code on the targeted system.
- These vulnerabilities are attributed to improper implementation in V8, Use-after-free in Bookmarks, and Out-of-bounds memory access in V8. A remote attacker could exploit these flaws by sending a specifically crafted request.
For Mozilla Firefox:
- Affected versions encompass those preceding 124.0.1 for Mozilla Firefox and versions before 115.9.1 for Mozilla Firefox ESR.
- Vulnerabilities in Mozilla Firefox arise from out-of-bounds access via Range Analysis bypass and Privileged JavaScript Execution via Event Handlers.
- Users are advised by the cyber agency to apply appropriate updates as soon as they become available.
