CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini February 07, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  a Google Chromium V8 Type Confusion bug, tracked as , to its .

The vulnerability impacts Google Chrome prior to 116.0.5845.179, it allows a remote attacker to execute arbitrary code via a crafted HTML page.

In September 2023, Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) were used to install Cytrox Predator spyware.

The experts reported that the exploit chain of the above flaws was delivered in two ways, one of them was exploiting .

“The attacker also had an exploit chain to install Predator on Android devices in Egypt. TAG observed these exploits delivered in two different ways: the MITM injection and via one-time links sent directly to the target. We were only able to obtain the initial renderer remote code execution vulnerability for Chrome, which was exploiting .” reads the analysis published by Google TAG. “We assess that Intellexa was also previously using this vulnerability as a 0-day.”

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by February 27, 2024.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – Hacking, Google Chromium)



you might also like

leave a comment