ADVERTISEMENT

Bug fixes this week | Vulnerabilities in Google, Microsoft, and Mozilla products fixed 

February 11, 2023 01:45 pm | Updated 03:12 pm IST

Multiple security bugs were detected in Google’s Android and Chrome OS, Microsoft’s Edge, and Mozilla’s Thunderbird email application 

CERT-In released multiple vulnerability notes throughout the week for security bugs detected in Google’s Android and Chrome OS, Microsoft’s Edge, and Mozilla’s Thunderbird email application. | Photo Credit: Getty Images

Indian Computer Emergency Response Team (CERT-In), released multiple vulnerability notes throughout the week for security bugs detected in commonly used software. Amongst the affected software were Google’s Android and Chrome OS, Microsoft’s Edge, and Mozilla’s Thunderbird email application.

Google Android and Chrome OS

Multiple high-severity vulnerabilities were reported in Google’s Android OS which could be exploited by threat actors to obtain sensitive information, gain elevated privileges and cause a denial of services on targeted systems.

The bugs found to exist due to flaws in Android OS’ Framework, media framework, system components Google play systems, MediaTek components, Qualcomm components, and Unisoc components, could allow attackers to remotely bypass security restrictions thereby compromising the security of affected devices.

In Chrome OS multiple security bugs were detected which could be exploited by an attacker to cause a denial of service condition on targeted systems. These bugs could be exploited due to a heal buffer overflow in network services and use after free in web transport.

ADVERTISEMENT

(For top technology news of the day, subscribe  to our tech newsletter Today’s Cache)

A heap buffer overflow bug can be used by threat actors to use memory beyond the allocated space within a system and compromise the memory function and ability of software to function properly.

Security bugs in Android and Chrome OS were fixed with the release of updates from Google and users are advised to download and install them to ensure their security.

Microsoft Edge

A data manipulation vulnerability with low severity rating was detected in Microsoft Edge. The bug could allow remote threat actors to trigger a denial of service conditions on affected systems.

The bug in Microsoft Edge existed due to data manipulation which could be exploited by attackers by convincing users to open a maliciously crafted file, the vulnerability report shared from CERT-In shared.

Microsoft has released an update fixing the security bug and users should update their software to ensure security.

Mozilla Thunderbird

A high-severity security bug was reported in Mozilla’s Thunderbird email application due to a failure in checking the certificate OCSP revocation status when verifying S/Mime signatures. These signatures are a widely used protocol for digitally signed and encrypted messages used in encrypting emails.

Threat actors could use the security bug to bypass security restrictions compromising their security.

Mozilla has released an update fixing the security bug, and users are advised to update their devices for security.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
You have exhausted your free article limit.
Please support quality journalism.
You have exhausted your free article limit.
Please support quality journalism.
The Hindu operates by its editorial values to provide you quality journalism.
This is your last free article.

ADVERTISEMENT

ADVERTISEMENT