Security News > 2022 > February > Emergency updates: Adobe, Chrome patch security bugs under active attack
Adobe has released an out-of-band security update for Adobe Commerce and Magento Open Source to address active exploitation of a known vulnerability, and Google has an emergency issue, too.
"Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the Silicon Valley stalwart said.
It was acquired by Adobe in May 2018 and has become the basis for Adobe Commerce.
Versions up to 2.3.7-p2 and up to 2.4.3-p1 for both Magneto and Adobe Commerce are affected.
The US Cybersecurity and Infrastructure Security Agency on Tuesday added both the Adobe and the Chrome zero-days, along with seven other CVEs dating back to 2013, to its Known Exploited Vulnerabilities Catalog.
The notification directs federal civilian executive branch agencies to fix the Adobe and Google bugs by March 1, 2022.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/16/adobe_chrome_patch/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Chrome to patch decades-old flaw that let sites peek at your history (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-24086 | Improper Input Validation vulnerability in multiple products Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 0.0 |