Two bugs related to Chrome and Excel have been actively exploited by hackers

Hackers are actively exploiting two of the vulnerabilities. One affects unpatched versions of Google Chrome, and the other concerns an open source library associated with Excel.

Cybercriminals actively exploit two bugs. The American warns against this Cybersecurity and Infrastructure Security Agency (Sissa). The first leak is in Google Chrome and has a label CVE-2023-7024. A critical bug allows attackers to execute remote code via a buffer overflow issue. The bug was discovered last year and Google released a patch on December 20. Not everyone has installed this patch and hackers are eagerly exploiting it.

Open source library

The other error is in an open source library: Spreadsheet::ParseExcel. This library allows, among other things, to import and export data from Excel. Developers use it as a compatibility layer for handling Excel files in Perl-based web applications. However, versions 0.65 and earlier of the library are vulnerable to a bug called CVE-2023-7101. This flaw allows attackers to execute their own code.

The library is used by Barracuda, among other companies, for their email security gateway. Chinese attackers targeted this product late last year. Barracuda released a patch before New Year’s.

The general patching of the library vulnerability is of course a bit more complicated. Developers who have integrated the open source library should always update their applications to a version that is no longer vulnerable.

See also  The iPhone 15 Pro Max doesn't seem like an easy fix yourself

Winton Frazier

 "Amateur web lover. Incurable travel nerd. Beer evangelist. Thinker. Internet expert. Explorer. Gamer."

Leave a Reply

Your email address will not be published. Required fields are marked *