The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856<\/a> (CVSS score of 8.8) to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.
This week Google released a security update to address the Chrome zero-day vulnerability\u00a0CVE-2024-7965<\/a> that is actively exploited.<\/p>\n\n\n\n
\u201cGoogle is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild.\u201d reads<\/a> the advisory published by the company that did not share details about the attacks exploiting the issue. \u201cAccess to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven\u2019t yet fixed.\u201d.<\/em><\/p>\n\n\n\n
The security researcher TheDog reported the flaw on 2024-07-30.<\/p>\n\n\n\n
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the\u00a0Catalog<\/a>\u00a0and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
CISA orders federal agencies to fix this vulnerability by\u00a0September 18, 2024.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, CISA)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"