The cyber security agency, which comes under the Ministry of Electronics & Information Technology, said that the vulnerabilities are present in the Microsoft Edge Stable versions prior to 125.0.2535.85.
“Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system,” said the CERT-In advisory.
An attacker could exploit these vulnerabilities by enticing a victim to open a specially crafted file, the agency noted, advising users to apply appropriate security updates as mentioned by the company.
According to the cyber agency, these vulnerabilities exist in Microsoft Edge (Chromium-based) due to ‘out of bounds’ memory access in keyboard inputs; out of bounds write in streams API; heap buffer overflow in WebRTC, use after free in dawn, media session and presentation API.
Vulnerabilities in Chrome and Android
The advisory comes days after Cert-In found multiple vulnerabilities in Android. It said that these loopholes allow an attacker to obtain sensitive information, gain elevated privileges and cause denial-of-service (DoS) conditions on the targeted system.
Earlier this month, the government body issued an advisory for multiple vulnerabilities in Google Chrome for Desktop which could execute arbitrary code on the targeted system.
The vulnerability can allow remote attackers to gain access to users’ data and this could include passwords, banking details and several other personal information and that could lead to scams and financial frauds, etc.
CERT-In’s report has mentioned that these vulnerabilities in Chrome for Desktop exist due to “use after free in Media Session, Dawn & Presentation API; Out of bounds memory access in Keyboard; Out of bounds write in Streams API and Heap buffer overflow in WebRTC. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted Web page”.
