/>
GIFT a SubscriptionGift
HamberMenu
  1. Science
  2. Data
  3. Opinion
  4. Plutus IAS
  5. SEARCH Icon
  1. Science
  2. Data
  3. Opinion
  4. Plutus IAS
  5. SEARCH Icon

To enjoy additional benefits

GIFT a SubscriptionGift
ShowcaseCrossword+

CONNECT WITH US

CERT-In detects multiple threats with high severity in Microsoft Edge and Drupal 

CERT-In has detected multiple vulnerabilities in Microsoft Edge and Drupal Core allowing remote attackers to bypass security restrictions

Updated - July 29, 2022 03:56 pm IST

Nabeel Ahmed
CERT-In detects multiple threats with high severity in Microsoft Edge and Drupal 

CERT-In detects multiple threats with high severity in Microsoft Edge and Drupal  | Photo Credit: Getty Images

The threat alert was shared in a report. It points to vulnerabilities that can be exploited by remote attackers to bypass security restrictions and execute arbitrary code or cause denial of service on the targeted systems. 

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

The vulnerabilities affecting Microsoft Edge Versions prior to 103.0.1264.71, exist in Chromium open-Source Software which is used by Microsoft Edge (Chromium-based). 

The threats can be used due to, Use after free in Guest View, Use after free in PDF, Use after free in Service Worker API, Use after free in Views and Insufficient validation of untrusted input in File. 

The vulnerabilities can be exploited by remote attackers by sending specially crafted requests on the targeted system. And their successful exploitation can allow an attacker to bypass security restrictions and to execute arbitrary code.

According to the report, applying available software updates should be able to fix the vulnerabilities. 

CERT-In has also issued vulnerability alerts for Drupal Core

Drupal Core 

Multiple vulnerabilities have been detected in Drupal Core which can allow remote attackers to execute arbitrary code, access sensitive information, and cause cross-site scripting attacks on the targeted systems. 

Kaspersky researchers discover firmware rootkit that stays even when system is rebooted

The vulnerability, according to the report, exists because the Image module does not properly verify access to image files not stored in the standard public files directory. 

The vulnerability can be exploited by sending specially crafted requests on the targeted systems and their successful exploitation can allow attackers to access sensitive information. 

The Cross site scripting vulnerability in Drupal Core exists because the Media Embed frame route does not properly validate domain parameters. Successful exploitation of this vulnerability can allow an attacker to execute arbitrary HTML and script code in the user’s browser in the context of a vulnerable website. 

The vulnerabilities can be fixed by applying appropriate updates mentioned in the Drupal Security Advisory. 

Published - July 29, 2022 01:16 pm IST

Related Topics

technology (general) / internet / cyber crime

Top News Today

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.