Indian Computer Emergency Response Team (CERT-IN) has issued a warning for Microsoft Edge web browser users. The government body has found several vulnerabilities in the Chromium-based Edge browser. Also, the severity level of these vulnerabilities has been marked as ‘high’ which can allow remote hackers to bypass security restrictions and execute arbitrary code or cause a denial-of-service (DoS) condition on the targeted system.
CERT-IN is a nodal agency under the Ministry of Electronics and Information Technology. The government body is responsible for highlighting bugs and cybersecurity threats like phishing and hacking
What the government has said
CERT-IN has noted that “these vulnerabilities exist in Chromium Open-Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based) due to Use after free in Guest View, Use after free in PDF, Use after free in Service Worker API, Use after free in Views and Insufficient validation of untrusted input in File. A remote attacker could exploit these vulnerabilities by sending specially crafted request on the targeted system.”
Exploitation of these vulnerabilities can let hackers bypass security restrictions and execute arbitrary code or DoS conditions on the targeted system.
According to the warning page, everyone running Microsoft Edge web browser version prior to 103.0.1264.71.
What’s the solution
CERT-IN has advised users to apply appropriate update for the web browser. Thankfully, Microsoft has already rolled out an update for the Microsoft Edge which contains fixes to the mentioned vulnerabilities.
How to update Microsoft Edge
Click on the three dots at the top right corner
Head to Help and Feedback → About Microsoft Edge
Update the browser.