ADVERTISEMENT

CERT-In detects multiple threats with high severity in Microsoft Edge and Drupal 

Updated - July 29, 2022 03:56 pm IST

CERT-In has detected multiple vulnerabilities in Microsoft Edge and Drupal Core allowing remote attackers to bypass security restrictions

Nabeel Ahmed

CERT-In detects multiple threats with high severity in Microsoft Edge and Drupal  | Photo Credit: Getty Images

The threat alert was shared in a report. It points to vulnerabilities that can be exploited by remote attackers to bypass security restrictions and execute arbitrary code or cause denial of service on the targeted systems. 

ADVERTISEMENT

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

The vulnerabilities affecting Microsoft Edge Versions prior to 103.0.1264.71, exist in Chromium open-Source Software which is used by Microsoft Edge (Chromium-based). 

ADVERTISEMENT

The threats can be used due to, Use after free in Guest View, Use after free in PDF, Use after free in Service Worker API, Use after free in Views and Insufficient validation of untrusted input in File. 

Sign up for newsletters, unlock features and do more on The Hindu
LOG IN
Support our reporting.
SUBSCRIBE NOW

The vulnerabilities can be exploited by remote attackers by sending specially crafted requests on the targeted system. And their successful exploitation can allow an attacker to bypass security restrictions and to execute arbitrary code.

According to the report, applying available software updates should be able to fix the vulnerabilities. 

ADVERTISEMENT

CERT-In has also issued vulnerability alerts for Drupal Core

Drupal Core 

Multiple vulnerabilities have been detected in Drupal Core which can allow remote attackers to execute arbitrary code, access sensitive information, and cause cross-site scripting attacks on the targeted systems. 

Kaspersky researchers discover firmware rootkit that stays even when system is rebooted

The vulnerability, according to the report, exists because the Image module does not properly verify access to image files not stored in the standard public files directory. 

ADVERTISEMENT

The vulnerability can be exploited by sending specially crafted requests on the targeted systems and their successful exploitation can allow attackers to access sensitive information. 

The Cross site scripting vulnerability in Drupal Core exists because the Media Embed frame route does not properly validate domain parameters. Successful exploitation of this vulnerability can allow an attacker to execute arbitrary HTML and script code in the user’s browser in the context of a vulnerable website. 

The vulnerabilities can be fixed by applying appropriate updates mentioned in the Drupal Security Advisory. 

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
unlock them all
GET YOUR DISCOUNTED ACCESS
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
GET YOUR DISCOUNTED ACCESS
or read this article by Downloading The Hindu News app
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
GET YOUR DISCOUNTED ACCESS
or read this article by Downloading The Hindu News app
If you're already a subscriber
The Hindu operates by its editorial values to provide you quality journalism.
Support our reporting.
SUBSCRIBE NOW
This is your last free article.
to read unlimited content from The Hindu
SUBSCRIBE NOW
Get The Hindu News App on
Get The Hindu News App on

Most Popular

ADVERTISEMENT

ADVERTISEMENT

To enjoy additional benefits

Make most of your subscription

Crossword+

CONNECT WITH US