Matti Robinson
8 Jan 2021 12:02
Major web browser vulnerabilities have been discovered this week. The two separate security problems are found in Firefox and Chromium that is the basis for both Google Chrome and Microsoft Edge.
The former is a cookie-related vulnerability that makes Firefox a hazard for the entire system. The vulnerability is known as use-after-free and was notified about couple days ago by the Firefox team.
Use-after-free is a serious liability as the abuser can take full control of the computer, tablet or phone Firefox is installed on via the browser. Fortunately Firefox has already patched the problem and released an update. However, if you are using Android version 84.1.3 or desktop version 84.0.2 the vulnerability is still present, so update with haste.
The second exploit is found in open source Chromium browser that is the basis for Microsoft's Edge as well as Google's Chrome. Both browsers were affected by the security issue.
Both have also issued a patch to their respective browsers.
This one is serious too, and can be used to control the system. While the Android version of Chrome was fixed a while back, Linux, macOS, and Windows versions still had the vulnerability as recently as last week.
Microsoft issued a new update to remove the vulnerability, known as CVE-2020-15995, on both Android and Windows.
Both Microsoft and Google, as well as us, recommend you update your browsers immediately.