CERT-In detects multiple vulnerabilities in Chrome, Edge and Android OS

India’s Computer Emergency Response Team (CERT-In), which monitors cyber security threats, on Wednesday issued an alert on multiple vulnerabilities found in Chrome and Edge browsers and the Android operating system.

These vulnerabilities could allow remote attackers to execute arbitrary code on targeted systems, compromising their security, CERT-In said.

Vulnerabilities were found in versions of Google Chrome prior to version 104.0.5112.79.

Improper implementation of multiple APIs such as Managed Device API, Nearby Shared API, fullscreen, and extensions API led to these vulnerabilities.

An API is a programming interface that allows different software to use features built into the browser.

Vulnerabilities were also reported in Use after Free in Omnibox, Safe Browsing, Tab Panel, Overview Mode, Nearby Sharing, Login, Login Flow, WebUI, and Insufficient Policy Enforcement in Background Loading and Cookies.

In Android OS, vulnerabilities were reported in versions 10, 11, 12 and 12L.

These vulnerabilities exist due to, among other things, flaws in the existing software framework, the Google Play system, and imagination technologies. These can allow attackers to access privileged information in Android smartphones, CERT-In said.

Microsoft Edge was found to be vulnerable in versions prior to 104.0.1293.47.

Attackers can use these vulnerabilities to bypass browser security restrictions and gain access to privileged resources on affected systems. According to CERT-In, they can then use this to escape the browser sandbox and target other areas of the compromised systems.