Security News > 2022 > September > CISA orders agencies to patch Chrome, D-Link flaws used in attacks

CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two zero-days in Google Chrome and the Photo Station QNAP software.

The Google Chrome zero-day was patched on September 2nd via an emergency security update after the company was made aware of in-the-wild exploitation.

On Monday, QNAP network-attached storage appliance maker warned its customers that it patched a zero-day bug in the widely used Photo Station software, tracked as CVE-2022-27593, and actively exploited in widespread DeadBolt ransomware attacks.

After being added to CISA's to its Known Exploited Vulnerabilities catalog, all Federal Civilian Executive Branch Agencies agencies now must patch their systems against these security bugs exploited in the wild according to a binding operational directive published in November.

The federal agencies were given three weeks, until September 29th, to ensure that exploitation attempts would be blocked.

Since this binding directive was issued in November, CISA has added more than 800 security flaws to its catalog of bugs exploited in attacks, requiring federal agencies to patch them on a tighter schedule to block security breaches.

News URL

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-chrome-d-link-flaws-used-in-attacks/