Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CISA orders agencies to patch exploited Google Chrome bug by Dec 26th

The Cybersecurity and Infrastructure Security Agency (CISA) has added one more security vulnerability to its list of bugs known to be exploited in attacks.

The flaw (tracked as CVE-2022-4262) was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users.

In a security advisory published right before the weekend, Google said it “is aware of reports that an exploit for CVE-2022-4262 exists in the wild.”

This is the ninth Chrome zero-day exploited in the wild that Google has patched since the start of the year.

The bug is caused by a high-severity type confusion weakness in the Chromium V8 JavaScript engine reported by Clement Lecigne of Google’s Threat Analysis Group.

Although type confusion flaws would generally lead to browser crashes following successful exploitation by reading or writing memory out of buffer bounds, attackers can also exploit them for arbitrary code execution.

While the company said it detected attacks exploiting this zero-day, it is yet to share technical details or information regarding these incidents likely to allow the security update to roll out to all impacted systems and provide users with enough time to upgrade their browsers before more attackers develop their own CVE-2022-4262 exploits.

Federal agencies ordered to patch within the next three weeks

According to a November 2021 binding operational directive (BOD 22-01), all Federal Civilian Executive Branch Agencies (FCEB) agencies now must patch their systems against this bug according to the timeline provided by CISA.

They were given three weeks, until December 26th, to patch all vulnerable Chrome installations on their systems to ensure that ongoing exploitation attempts would be blocked.

Even though the BOD 22-01 directive only applies to US FCEB agencies, the DHS cybersecurity agency also strongly urged all U.S. organizations from both private and public sectors to prioritize patching this actively exploited bug.

Taking this advice to heart would help decrease the attack surface threat actors can exploit in attempts to breach the agencies’ networks.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” the U.S. cybersecurity agency explained.

Since the binding directive was issued, CISA has added hundreds of security bugs to its catalog of known exploited vulnerabilities, ordering U.S. federal agencies to patch them as soon as possible to block potential security breaches.

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exploited-google-chrome-bug-by-dec-26th/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Bureaucracy and dispersed authorities hinder the Cybersecurity and Infrastructure Security Agency’s ability to carry out its mission as network cyber lead, according to an...

Cyber Security

Agency resources are intended to address the longstanding challenges health systems and hospitals have faced from increasingly advanced cyberattacks. The Cybersecurity and Infrastructure Security...

Cyber Security

The nation’s cyber defense agency wants to play a key role in hardening the broader open source software security ecosystem. The Cybersecurity and Infrastructure...

Cyber Security

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO