May 19, 2024 at 01:50PM
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three vulnerabilities to its ‘Known Exploited Vulnerabilities’ catalog, one impacting Google Chrome and two affecting D-Link routers. Federal agencies have until June 6th to address these issues, including a 10-year-old vulnerability in D-Link routers. CISA has not provided further details on the D-Link vulnerabilities.
Takeaways from the meeting notes:
1. CISA has added three security vulnerabilities to its ‘Known Exploited Vulnerabilities’ catalog, with one impacting Google Chrome and two affecting D-Link routers.
2. The vulnerabilities in Google Chrome, tracked as CVE-2024-4761 and CVE-2024-4947, are actively exploited, with one being an out of bounds write vulnerability in Chrome’s V8 JavaScript engine.
3. A ten-year-old vulnerability impacting D-Link DIR-600 routers and a bug affecting D-Link DIR-605 routers have also been added to the KEV catalog, with proof-of-concept exploits available.
4. CISA recommends that federal agencies in the U.S. replace affected devices or implement defenses to reduce or eliminate the risk of an attack by June 6th.
5. For the D-Link vulnerabilities, it is recommended to replace the affected devices with newer models that the vendor still supports with performance and security updates due to their end-of-life status.
6. The agency has not provided background information about the D-Link flaws, and it is unclear who exploited them or when the attacks were recorded.
7. It is noted that older vulnerabilities are typically leveraged by botnet malware and that security updates or mitigations should be applied to affected devices.