The National Computer Emergency Response Team (NCERT) has issued a critical advisory about serious security flaws in the latest versions of Mozilla Firefox and Google Chrome browsers.
These zero-day vulnerabilities are already being actively exploited by hackers. Cybercriminals can use them to:
- Run dangerous code on your device
- Steal personal data and passwords
- Hijack your browser sessions
- Install malware, ransomware, or spyware
- Gain full access to your system
Details of the Threat
- Firefox vulnerabilities: CVE-2025-4918 and CVE-2025-4919, linked to JavaScript flaws, were exposed during the Pwn2Own hacking contest.
- Chrome vulnerability: CVE-2025-4664, found in the WebAssembly module, allows hackers to steal data from other websites (cross-origin attacks).
Because Firefox and Chrome are used widely on desktops and mobile devices, these flaws pose a serious security risk to millions of users.
What You Should Do:
- Immediately update to the latest version of Google Chrome and Mozilla Firefox.
- Avoid visiting untrusted websites or clicking on suspicious links.
- Stay away from unknown downloads and content that could be used to exploit these browser flaws.
NCERT urges all users—whether on PC, laptop, or smartphone—to secure their browsers right away to prevent hacking, identity theft, and data loss.
