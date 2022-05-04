India's cybersecurity watchdog on Wednesday issued advisory notes flagging medium-to-high security vulnerabilities in Microsoft's desktop browser, Edge, and Google's Chrome OS.

This advisory comes on the heels of another warning by the Indian Computer Emergency Response Team (CERT-In), which had discovered severe security vulnerabilities in Google's Chrome web browser and urged users to update the software.

It's important to note here that both Edge and Chrome OS are based on Chromium, Google's open-source web browser and operating system (OS) software. A few days ago, CERT-In had flagged over 20 vulnerabilities on Google's Chrome web browser and warned that these could affect others running on Chromium, such as Edge and Brave.

CERT-In — the cybersecurity watchdog that comes under the Union Ministry of Electronics and Technology — says Microsoft Edge, which runs on desktop platforms such as Windows, macOS and Linux, as well as mobile platforms such as iOS and Android, has 25 security vulnerabilities, which if exploited by a malicious actor, could allow them "to gain elevated privileges on the targeted system". Simply put, a hacker could gain access to sensitive areas of your laptop without your knowledge.

Also read:

The vulnerabilities, which CERT-In says are of "medium" severity, affect Microsoft Edge versions prior to 101.0.1210.32, which is the latest desktop version.

According to CERT-In, these vulnerabilities were caused by bugs, including improper implementation of certain types of code, unsecured downloads, and incorrect execution of 3D rendering software, among others.

How to update Microsoft Edge

1. Open the browser, go to 'Settings and more'

2. Select 'Help and feedback'

3. Select 'About Microsoft Edge', or enter this in the address bar, without the single quotes: 'edge://settings/help'.

4. If the 'About' page shows Microsoft Edge is up to date, you are sorted.

5. If it shows an update is available, then select 'Download and install'.

6. The browser will download the update and apply it the next time Edge is restarted.

Microsoft Edge also offers users the option of turning off automatic downloads. To do this, go to Settings and more>About Microsoft Edge and turn on 'Download and install updates automatically'.

Vulnerabilities in Chrome OS

Chrome OS is open-source and free to use and is used in Chromebook laptops that are aimed at school students.

In a separate advisory note, CERT-In has identified six "high" severity vulnerabilities that need immediate attention. These vulnerabilities were found in Google Chrome OS version 96.0.4664.207 and prior.

In the advisory, CERT-In said these vulnerabilities could be exploited to "allow an attacker to execute arbitrary code on the targeted system". In other words, a hacker can run unauthorised, often malicious code on the system, putting the user at risk.

How to check Chrome OS version and update

The latest public release of the Chrome OS is version 100.0.4896.133, rolled out on April 29. To check the version of Chrome OS you're running and to update it, follow these steps:

1. Turn on your Chromebook.

2. Connect your Chromebook to Wi-Fi.

3. At the bottom right, select the time.

4. Select Settings.

5. At the bottom of the left panel, select 'About Chrome OS'.

6. Under "Google Chrome OS," you'll find which version of the OS your Chromebook uses.

7. Select 'Check for updates'.

8. If your Chromebook finds a software update, it will start to download automatically.

Overall, it is advised that you constantly check to keep your desktop operating system, software, mobile OS and applications up to date as developers issue frequent security fixes.

Also read: Whatsapp bans over 18 lakh Indian accounts in March