The National Computer Emergency Response Team (NCERT) has issued a critical advisory warning users of serious zero-day vulnerabilities discovered in the latest versions of Mozilla Firefox and Google Chrome browsers.
These flaws have already been exploited in the wild, enabling cybercriminals to execute arbitrary code, steal sensitive data, hijack browser sessions, and deploy malware through malicious websites or content.
According to the advisory, vulnerabilities in Firefox were demonstrated during the Pwn2Own hacking contest, while a severe flaw in Chrome’s WebAssembly module allows for cross-origin data theft.
These issues pose a major risk due to the widespread usage of both browsers across desktop and mobile devices. Attackers can gain unauthorized access, execute remote code, and compromise entire systems, putting user credentials, stored data, and online activities at risk.
NCERT’s advisory outlines five major impacts of these vulnerabilities: remote code execution through malicious scripts, unauthorized session access, system compromise leading to malware installation, exposure of personal or stored data, and the possibility of ransomware or spyware delivery via browser-based attacks.
According to technical details, Mozilla Firefox is affected by CVE-2025-4918 and CVE-2025-4919, which involve JavaScript-related flaws that bypass JIT compiler protections. Google Chrome is vulnerable under CVE-2025-4664 due to a WebAssembly flaw that enables session hijacking and unauthorized data access. These vulnerabilities are actively being exploited, making it essential for users to take immediate action.
The advisory strongly recommends that users install the latest versions of Firefox and Chrome to mitigate the threat. Additionally, users are advised to avoid visiting unverified websites and restrict access to unknown online sources to prevent potential hacking attempts.
The threat applies to both desktop and mobile device users, underlining the urgency of securing web browsing environments.