Security News > 2024 > January > CISA warns of actively exploited bugs in Chrome and Excel parsing library
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel.
Spreadsheet::ParseExcel RCE. The first issue that CISA added to its Known Exploited Vulnerabilities is CVE-2023-7101, a remote code execution vulnerability that affects versions 0.65 and older of the Spreadsheet::ParseExcel library.
One product using the open-source library is Barracuda ESG, which has been targeted in late December by Chinese hackers who exploited the CVE-2023-7101 in Spreadsheet::ParseExcel to compromise appliances.
The latest actively exploited vulnerability added to KEV is CVE-2023-7024, a heap buffer overflow issue in WebRTC in Google Chrome web browser.
CISA warns of actively exploited Windows, Sophos, and Oracle bugs.
Google Chrome emergency update fixes 7th zero-day exploited in 2023.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-24 | CVE-2023-7101 | Code Injection vulnerability in multiple products Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. | 7.8 |
2023-12-21 | CVE-2023-7024 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |