Google Chrome OS
The threat alerts released by the organisation under the Ministry of Electronics and Information Technology, Government of India, between 6 to 8 June, bring to light multiple vulnerabilities in Google Chrome OS, which can be used by attackers to successfully use execute arbitrary code on the targeted systems. The threat alert was rated as high by the agency and said it affects devices running Chrome OS versions prior to 96.0.4664.209. CERT-In in its threat assessment has advised users to update their OS versions to avoid risk.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
Mozilla products
Another high rated threat alert has been issued for Mozilla products, affecting the Mozilla Firefox iOS version prior to 101, Mozilla Firefox Thunderbird version prior to 91.10, Mozilla Firefox ESR version prior to 91.10 and Mozilla Firefox version prior to 101. The report stated that vulnerabilities in these products can be misused by attackers to successfully bypass security restrictions, sensitive information, execute arbitrary code and cause denial of service (DoS) attack on the targeted systems.
UNISOC chipsets
With a critical severity rating for UNISOC chipset based Android smartphones, the detailed report on their website noted that the vulnerability can be exploited by attackers to execute arbitrary code and perform denial of services in the targeted devices. It can also be used to deprive users of the possibility of communication. The vulnerability, however, as noted on their website was found in the “modem firmware, not in the Android OS itself”. Last year UNISOC, a fabless semiconductor company based in China had partnered with companies like Motorola, Micromax and Realme to power budget smartphones for the Indian market.