CISA Warns of Vulnerabilities Affecting Google Chromium WebRTC and Excel

By

US agencies have until January 23, 2024 to mitigate the issues.

CISA has added two key vulnerabilities (tracked as CVE-2023-7024 and CVE-2023-7101) to the Known Exploited Vulnerabilities list, reports Jonathan Grieg.

Google Chromium WebRTC “contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution,” CISA says, and an emergency security fix for it was released in December.

The Spreadsheet::ParseExcel vulnerability “was discovered by researcher Le Dinh Hai within the open source Perl library,” Grieg notes. “The tool allows users to extract information from Excel spreadsheets and is embedded in a number of systems.”

Read more at The Record.
 
 
 

 
 
 

01/08/2024
comments powered by Disqus