CISA ADDS GOOGLE CHROME ZERO-DAYS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
17-May-24
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new Chrome zero-day vulnerabilities, CVE-2024-4761 and CVE-2024-4671, to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-4761 involves an out-of-bounds memory write in the Chromium V8 Engine, affecting browsers like Google Chrome, Microsoft Edge, and Opera, reported by Kaspersky researchers Vasily Berdnikov and Boris Larin. CVE-2024-4671 is a use-after-free vulnerability in Chromium Visuals, leading to heap corruption, reported by an anonymous researcher. Both vulnerabilities are being actively exploited. Federal agencies are required to patch CVE-2024-4671 by June 3, 2024, and CVE-2024-4761 by June 6, 2024, as per Binding Operational Directive (BOD) 22-01, with private organizations also urged to address these vulnerabilities.
