The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology (MeitY), has issued a high-risk security advisory for users of the Microsoft Edge browser. This warning highlights critical vulnerabilities that could allow attackers to gain unauthorized access to computer systems, steal sensitive data, install malware, or even crash systems. In severe cases, attackers could remotely execute code and control parts of a computer without permission.

The advisory specifically addresses vulnerabilities found in Chromium-based versions of Microsoft Edge, which are the versions most users currently use. These vulnerabilities, if exploited, could lead to data theft, system disruptions, or even ransomware attacks.

CERT-In has identified several underlying issues that contribute to these vulnerabilities:

• Insufficient data validation in Mojo: This vulnerability, identified as CVE-2024-9369, can allow attackers to send malicious data that bypasses security checks.
• Inappropriate implementation in the V8 JavaScript engine: Marked as CVE-2024-9370, this flaw could enable attackers to execute harmful code through manipulated JavaScript.
• Integer overflow in the Layout component: Labelled as CVE-2024-7025, this vulnerability can cause the browser to miscalculate memory allocation, potentially leading to arbitrary code execution.
• Use-after-free in ServiceWorker: This vulnerability can allow attackers to access memory after it has been freed, potentially leading to arbitrary code execution.

The government urges Microsoft Edge users to update their browsers to the latest version immediately to protect against these security flaws. CERT-In has confirmed that the flaws affect Edge versions prior to 141.0.3537.57. Users running older versions are strongly advised to take immediate action.

To update Microsoft Edge, follow these steps:

1. Open Microsoft Edge on your computer.
2. Click the three-dot menu at the top right corner.
3. Go to Help and Feedback → About Microsoft Edge.
4. The browser will automatically check for and install the latest version.

The vulnerabilities could be exploited by tricking users into visiting malicious websites or opening compromised HTML pages. These actions could expose sensitive personal data to serious risk. The vulnerabilities could be exploited without any interaction from the user, making it even more critical to address this issue promptly.

With the increasing reliance on web browsers for online activities, the security of these platforms is critical. Users should remain vigilant and prioritize regular updates to maintain a secure browsing experience.