CISA added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024 due to evidence of ongoing exploitation. They are the Google Chromium WebRTC Heap Buffer Overflow Vulnerability (CVE-2023-7024) and the Spreadsheet::ParseExcel Remote Code Execution Vulnerability (CVE-2023-7101).
In December 2023, Google released an update to fix a vulnerability called CVE-2023-7024. This vulnerability has been actively exploited. It is the eighth zero-day vulnerability for Chromium-based web browsers in 2023.
CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
* CVE-2023-7024: Google Chromium WebRTC Heap Buffer Overflow Vulnerability:
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Known To Be Used in Ransomware Campaigns?: Unknown Date Added: 2024-01-02 Due Date:2024-01-23
Source: CISA
* CVE-2023-7024: Google Chromium WebRTC Heap Buffer Overflow Vulnerability:
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Action:Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Known To Be Used in Ransomware Campaigns?: Unknown Date Added: 2024-01-02 Due Date: 2024-01-23