Security News > 2021 > January > Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software.
The Mozilla Firefox vulnerability is separate from a bug reported in Google's browser engine Chromium, which is used in the Google Chrome browser and Microsoft's latest version of its Edge browser.
Impacted are Firefox browser versions released prior to the recently released Firefox desktop 84.0.2, Firefox Android 84.1.3 edition and also Mozilla's corporate ESR 78.6.1 version of Firefox.
Because Microsoft's latest Edge browser is based on Google Chromium browser engine, Microsoft also urged its users to update to the latest 87.0.664.75 version of its Edge browser.
While the technical specifics of the bug are not available, similar out of bounds write in V8 bugs have allowed remote attackers to exploit a heap corruption via a crafted HTML page.
The majority of the bugs were rated high-severity and tied to use-after-free bugs.
News URL
https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/
Related news
- 18-year-old security flaw in Firefox and Chrome exploited in attacks (source)
- “0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox (source)
- New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions (source)
- Chrome, Edge users beset by malicious extensions that can’t be easily removed (source)
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)