CISA Warns of Vulnerabilities Affecting Google Chromium WebRTC and Excel
CISA has added two key vulnerabilities (tracked as CVE-2023-7024 and CVE-2023-7101) to the Known Exploited Vulnerabilities list, reports Jonathan Grieg.
Google Chromium WebRTC “contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution,” CISA says, and an emergency security fix for it was released in December.
The Spreadsheet::ParseExcel vulnerability “was discovered by researcher Le Dinh Hai within the open source Perl library,” Grieg notes. “The tool allows users to extract information from Excel spreadsheets and is embedded in a number of systems.”
Read more at The Record.
01/08/2024