CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini May 17, 2024

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [,] the following vulnerabilities to its :

CVE-2024-4761 Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. The vulnerability was reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on May 13, 2024.

“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” reads the  published by Google.

CVE-2024-4671 Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

The flaw was reported by an anonymous researcher on May 7, 2024.

“Google is aware that an exploit for CVE-2024-4671 exists in the wild.” reads the  published by Google. As usual, the IT giant has not revealed details about the attacks exploiting this vulnerability.

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix these vulnerabilities by: 

June 3rd, 2024.

June 6, 2024.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, CISA)



you might also like

leave a comment