"These vulnerabilities exist in Google Chrome OS due to heap buffer overflow in V8 internalisation use after free in Sharesheet, Performance Manager, Performance APIs vulnerability reported in dev-libs/libxml2 Insufficient validation of untrusted input in Data Transfer and Out of bounds memory access in UI Shelf," the agency said in its report. Naturally, you’d assume a Chromebookwhich runs Chrome OScan only use the Chrome browser. But what if you want to use another browser like Mozilla Firefox or Microsoft Edge The answer to that question is not as simple as you might think. If not fixed, these bugs can let an attacker trigger arbitrary code to harm the victim system. Chromebooks run Chrome OS, an operating system built around Google Chrome. Google Chrome OS: CERT-In has flagged eight sensitive bugs in the Google Chrome operating systems prior to the newly released version. However the Android Firerfox is made with tablets and phones in mind and not so much for Chromebooks. It may be possible to install and use the Android Firefox on some Chrome books depending on hardware. The fact that CERT-In has flagged these bugs in softwares used commonly around the country should prompt a deeper look into other browsers and OSs as well. The desktop Firefox for Windows, Mac OSX, and Linux will not work on Chrome OS. Two common patterns in attacks all over the world are the exploitation of vulnerabilities in web browsers and operating systems. Why it matters: Cyber-attacks have been on the rise since the pandemic started with the Ministry of Home Affairs reporting 12 lakh cyber security incidents in 2020 alone. Firefox OS has a lot in common with Chrome OS, Google’s browser-centric OS for laptops. Both Google and Mozilla bugs have been classified as highly severe threats. In the notes attached, the agency mentioned that the bugs could allow a remote attacker to disclose sensitive information, bypass security restrictions, execute arbitrary code and perform multiple other kinds of attacks on the targeted system. The Indian Computer Emergency Response Team (CERT-In), on June 6, flagged several bugs in Chrome OS and Mozilla products that may put various sensitive data at risk.
0 Comments
Leave a Reply. |