The National Computer Emergency Response Team (NCERT) has issued a critical nationwide advisory warning users about dangerous zero-day vulnerabilities discovered in the latest versions of two of the world’s most widely used web browsers—Google Chrome and Mozilla Firefox. These security flaws have already been exploited in the wild, making them particularly concerning for users across Pakistan. The vulnerabilities allow malicious actors to execute arbitrary code, hijack browser sessions, deploy malware, and steal sensitive data simply through users visiting malicious or compromised websites.
In its detailed alert, NCERT revealed that the Firefox vulnerabilities were recently demonstrated during the Pwn2Own hacking competition, a respected cybersecurity event where white-hat hackers showcase real-world exploits. Identified as CVE-2025-4918 and CVE-2025-4919, the Firefox flaws are rooted in JavaScript engine weaknesses that bypass Just-In-Time (JIT) compiler protections. These flaws enable attackers to gain unauthorized access to user sessions and system-level privileges, paving the way for malware installations, spyware activity, and other threats.
On the other hand, Google Chrome is found to be vulnerable due to a severe flaw in its WebAssembly module, cataloged as CVE-2025-4664. This vulnerability allows for cross-origin data theft, enabling attackers to hijack browser sessions and access sensitive user information without consent. Given the popularity of Chrome and Firefox among both desktop and mobile users, the threat has a broad impact, affecting millions of devices and users who rely on these browsers for everything from casual browsing to critical financial transactions and communication.
NCERT’s advisory underscored that the consequences of these vulnerabilities are significant. The potential outcomes include remote code execution, unauthorized access to active browser sessions, the compromise of entire operating systems, and the exposure of personal data stored in browsers. Moreover, there is an elevated risk of malicious payloads such as ransomware or spyware being delivered to unsuspecting users through these exploits. Since these vulnerabilities are already being exploited in the wild, the advisory describes them as urgent threats requiring immediate user action.
The government has urged all users to update their browsers to the latest patched versions released by Mozilla and Google. NCERT emphasized that updating is currently the most effective method to prevent these vulnerabilities from being exploited. In addition to software updates, users are advised to practice safe browsing habits, such as avoiding unfamiliar websites and refraining from clicking on suspicious links or pop-ups. Special caution is recommended for mobile users, who are often more vulnerable to such browser-based attacks due to limited visibility into their devices’ security status.
As the digital landscape in Pakistan continues to evolve, incidents like these highlight the pressing need for widespread cybersecurity awareness and timely protective measures. NCERT’s alert reflects the government’s ongoing commitment to improving national cyber resilience and safeguarding citizens against the growing sophistication of online threats. Users are encouraged to remain vigilant, stay informed through official advisories, and act swiftly in response to such critical warnings.
