NCERT Issues Critical Warning on Firefox and Chrome Flaws

The National Computer Emergency Response Team (NCERT) has issued a high-severity advisory alerting users to zero-day vulnerabilities in the latest versions of Mozilla Firefox and Google Chrome. These flaws are already being exploited by attackers to execute remote code, steal data, hijack sessions, and install malware through malicious web content.

Mozilla Firefox is affected by CVE-2025-4918 and CVE-2025-4919, which allow attackers to bypass JavaScript JIT protections. Google Chrome’s vulnerability, CVE-2025-4664, involves a flaw in the WebAssembly module that facilitates cross-origin data theft. These risks affect both desktop and mobile platforms due to the browsers’ widespread usage.

NCERT highlights five major impacts: system compromise, session hijacking, malware installation, data theft, and ransomware delivery. Users are urged to update their browsers immediately, avoid untrusted websites, and restrict access to unknown online content to protect against active exploitation of these vulnerabilities.