CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog

cisa Known Exploited Vulnerabilities RESURGE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Chrome and Redis flaws to its Known Exploited Vulnerabilities Catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chome zero-day (CVE-2022-1096) and a critical Redis vulnerability (CVE-2022-0543), along with other 30 vulnerabilities, to its Known Exploited Vulnerabilities Catalog.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

The new vulnerabilities added to the catalog have to be addressed by federal agencies by April 18, 2022.

Last week, Google fixed the actively exploited CVE-2022-1096 zero-day vulnerability with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux.

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address it.

The CVE-2022-1096 vulnerability is a Type Confusion in V8 JavaScript engine, the bug was reported by an anonymous on 2022-03-23.

The second issue added to the catalog, tracked as CVE-2022-0543, is a Lua sandbox escape flaw that impacts Debian and Debian-derived Linux distributions.

The vulnerability, which was rated 10 out of 10 for severity, could be exploited by a remote attacker with the ability to execute arbitrary Lua scripts to possibly escape the Lua sandbox and execute arbitrary code on the underlying machine.

Juniper Threat Labs researchers reported that the Muhstik botnet has been observed targeting Redis servers exploiting the CVE-2022-0543 vulnerability.

On March 27, the US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog.

One of the 66 flaws added to the catalog is the recently discovered Windows CVE-2022-21999 vulnerability, which is a Windows Print Spooler Elevation of Privilege bug. Microsoft addressed this bug with the release of the February 2022 Patch Tuesday updates.

Another issue added to the catalog, tracked as CVE-2022-26318, is an arbitrary code execution in WatchGuard Firebox and XTM Appliances.

The CISA Catalog has reached a total of 602 entries with the latest added vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.