CISA added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024 due to evidence of ongoing exploitation. They are the Google Chromium WebRTC Heap Buffer Overflow Vulnerability (CVE-2023-7024) and the Spreadsheet::ParseExcel Remote Code Execution Vulnerability (CVE-2023-7101).
In December 2023, Google released an update to fix a vulnerability called CVE-2023-7024. This vulnerability has been actively exploited. It is the eighth zero-day vulnerability for Chromium-based web browsers in 2023.
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
* CVE-2023-7024: Google Chromium WebRTC Heap Buffer Overflow Vulnerability:
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Known To Be Used in Ransomware Campaigns?: Unknown Date Added: 2024-01-02 Due Date:2024-01-23
Source: CISA
* CVE-2023-7024: Google Chromium WebRTC Heap Buffer Overflow Vulnerability:
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Action:Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Known To Be Used in Ransomware Campaigns?: Unknown Date Added: 2024-01-02 Due Date: 2024-01-23