{"id":167722,"date":"2024-08-28T21:01:51","date_gmt":"2024-08-28T21:01:51","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=167722"},"modified":"2024-08-28T21:01:53","modified_gmt":"2024-08-28T21:01:53","slug":"u-s-cisa-adds-google-chromium-v8-bug-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/167722\/security\/u-s-cisa-adds-google-chromium-v8-bug-known-exploited-vulnerabilities-catalog.html","title":{"rendered":"U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"
<\/div>\n

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog.<\/h2>\n\n\n\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856<\/a> (CVSS score of 8.8) to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/gwmw><\/p>\n\n\n\n

This week Google released a security update to address the Chrome zero-day vulnerability\u00a0CVE-2024-7965<\/a> that is actively exploited.<\/p>\n\n\n\n

The vulnerability is an Inappropriate implementation issue that resides in Chrome\u2019s V8 JavaScript engine.<\/p>\n\n\n\n

\u201cGoogle is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild.\u201d reads<\/a> the advisory published by the company that did not share details about the attacks exploiting the issue. \u201cAccess to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven\u2019t yet fixed.\u201d.<\/em><\/p>\n\n\n\n

\u201cWe will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven\u2019t yet fixed.\u201d<\/p>\n\n\n\n

The security researcher TheDog reported the flaw on 2024-07-30.<\/p>\n\n\n\n

Google addressed the vulnerability with the release of 128.0.6613.84\/.85 for Windows\/macOS and 128.0.6613.84 (Linux). The company will release versions for all users in the Stable Desktop channel over the coming weeks.<\/gwmw><\/p>\n\n\n\n

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n

Experts also recommend private organizations review the\u00a0Catalog<\/a>\u00a0and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n

CISA orders federal agencies to fix this vulnerability by\u00a0September 18, 2024.<\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, CISA)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8) to its Known Exploited Vulnerabilities (KEV) catalog. This week Google released a security update to address the Chrome […]<\/p>\n","protected":false},"author":1,"featured_media":106349,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[2037,8913,4112,9508,9506,10918,12584,687,841,1533],"class_list":["post-167722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-chrome","tag-cisa","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-known-exploited-vulnerabilities-catalog","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司