India's cybersecurity agency, CERT-In, has issued urgent alerts to millions of users of Google Chrome and Mozilla Firefox regarding critical security vulnerabilities.
These flaws affect Chrome versions prior to 141.0.7390.54/55 and Firefox versions prior to 143.0.3, impacting users across Windows, macOS, and Linux platforms. Immediate action is required to avoid exploitation.
CERT-In's advisories, published on October 3-4, classified these vulnerabilities as high severity, highlighting the risks of arbitrary code execution, data theft, and whole-device compromise.
Threats arise from flaws in Chrome's WebGPU and Firefox's Graphics Canvas2D component, among others, which hackers could exploit remotely.
What are the key vulnerabilities in Chrome and Firefox?
CERT-In identified multiple dangerous flaws in Chrome, including heap buffer overflow issues related to WebGPU and Video components (CVE-2025-11205 and CVE-2025-11206).
Firefox users face a critical sandbox escape vulnerability from an integer overflow in the Canvas2D graphics component (CVE-2025-11152). Additional flaws involve JIT miscompilation in Firefox’s JavaScript engine (CVE-2025-11153).
These vulnerabilities enable attackers to execute arbitrary code, crash browsers, leak sensitive information, or bypass security sandboxes, thereby increasing the potential for remote exploitation through malicious websites.
Did you know?
Google awarded a $25,000 bug bounty for discovering a critical WebGPU vulnerability in Chrome.
How do these vulnerabilities threaten users' security?
The security flaws enable remote attackers to gain control by tricking users into visiting crafted web pages. This can lead to arbitrary code execution with elevated privileges, data theft, or complete system takeover.
The risks involve crashing browsers, leaking sensitive browser data, and potentially installing malware invisibly.
Due to the high severity, the vulnerabilities could act as launchpads for broader attacks on system integrity, making timely updates crucial for all users.
What action has CERT-In recommended for affected users?
CERT-In urges all Chrome and Firefox users to update their browsers to the latest versions as soon as possible. Chrome users should go to Settings, then About Chrome, to trigger updates. Firefox users can update by visiting Menu, then Help, and About Firefox.
Ignoring these updates increases vulnerability to hacks. The agency emphasizes the urgent need to patch security gaps and mitigate exploitation risks until vendors release complete fixes.
ALSO READ | How Does ESA’s New AI Antenna Change Space Exploration?
What patches have Google and Mozilla released to address these flaws?
Google has released Chrome version 141, which includes fixes for 21 security vulnerabilities, including those highlighted by CERT-In. Mozilla released Firefox 143.0.3 specifically targeting the high-severity security threats, such as sandbox escape and JIT miscompilation.
Both vendors also paid bug bounties to security researchers who discovered these critical issues, underscoring their seriousness.
How can users protect themselves from future browser threats?
Besides prompt updates, users should consider enabling automatic updates on their browsers. Employing layered security, such as antivirus software and network firewalls, helps guard against exploitation through web browsers.
Awareness of phishing and malicious sites remains crucial, as attackers exploit browser vulnerabilities to initiate infiltration. Staying vigilant and informed through official advisories, such as those from CERT-In, is key to maintaining digital safety.
With these urgent updates deployed, users can significantly reduce their risk of falling victim to increasingly sophisticated browser-based attacks in the future.
Comments (0)
Please sign in to leave a comment