{"id":163285,"date":"2024-05-17T08:50:03","date_gmt":"2024-05-17T08:50:03","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=163285"},"modified":"2024-05-17T08:50:05","modified_gmt":"2024-05-17T08:50:05","slug":"cisa-google-chrome-zero-day-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/163285\/cyber-crime\/cisa-google-chrome-zero-day-known-exploited-vulnerabilities-catalog.html","title":{"rendered":"<\/gwmw>CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog<\/gwmw>"},"content":{"rendered":"
<\/div>\n

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog.<\/h2>\n\n\n\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added [1<\/a>,2<\/a>] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog<\/a>:<\/p>\n\n\n\n

CVE-2024-4761<\/a>\u00a0Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. The vulnerability was reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on May 13, 2024.<\/gwmw><\/p>\n\n\n\n

\u201cGoogle is aware that an exploit for CVE-2024-4947 exists in the wild,\u201d reads the advisory<\/a> published by Google.<\/em><\/p>\n\n\n\n

CVE-2024-4671<\/a>\u00a0Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.<\/p>\n\n\n\n

The flaw was reported by an anonymous researcher on May 7, 2024.<\/gwmw><\/p>\n\n\n\n

\u201cGoogle is aware that an exploit for CVE-2024-4671 exists in the wild.\u201d reads the\u00a0advisory<\/a>\u00a0published by Google. As usual, the IT giant has not revealed details about the attacks exploiting this vulnerability.<\/gwmw><\/gwmw><\/p>\n\n\n\n

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/gwmw><\/gwmw><\/p>\n\n\n\n

Experts recommend also private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n

CISA orders federal agencies to fix these vulnerabilities by:\u00a0<\/p>\n\n\n\n

CVE-2024-4671<\/a> June 3rd, 2024.<\/p>\n\n\n\n

CVE-2024-4761<\/a> June 6, 2024.<\/gwmw><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/gwmw><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, CISA)<\/strong><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added [1,2] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-4761\u00a0Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that […]<\/p>\n","protected":false},"author":1,"featured_media":106349,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,3,5],"tags":[2037,8913,4112,9508,9506,10918,12584,687,841,1533],"class_list":["post-163285","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-cyber-crime","category-hacking","tag-chrome","tag-cisa","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-known-exploited-vulnerabilities-catalog","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司