The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified two Actively Exploited Bugs in Chrome and Excel Parsing Library and has included them in the Known Exploited Vulnerabilities catalog (KEV). The vulnerabilities which are Google Chrome and Perl Library Flaws, are tracked as CVE-2023-7024 and CVE-2023-7101.
Google Chrome and Perl Library Flaws
The first vulnerability is related to a recently patched flaw in Google Chrome, while the second vulnerability affects an open-source Perl library called Spreadsheet::ParseExcel, which is used for reading information in Excel files.
To ensure the security of federal agencies, CISA has set a deadline of January 23 for mitigating these vulnerabilities. The affected products should either be updated according to the instructions provided by the vendors or discontinued if they cannot be made secure.
Perl Library Flaws – Spreadsheet::ParseExcel RCE
The first issue that CISA added to its Known Exploited Vulnerabilities (KEV) is CVE-2023-7101, a remote code execution vulnerability that affects versions 0.65 and older of the Spreadsheet::ParseExcel library.
“Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval.” Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic,”
Describes CISA’s explanation of the flaw.
Spreadsheet::ParseExcel is a versatile library that allows data import/export operations, analysis, and automation scripts for Excel files. Additionally, it offers a compatibility layer for processing Excel files in Perl-based web applications.
One specific product utilizing this open-source library is Barracuda ESG (Email Security Gateway). Unfortunately, in late December, Chinese hackers targeted Barracuda ESG and exploited the CVE-2023-7101 vulnerability in Spreadsheet::ParseExcel. This allowed them to compromise the security appliances.
Barracuda collaborated with cybersecurity firm Mandiant to investigate the attacks. They have determined that the threat actor responsible for the attacks is identified as UNC4841. This actor exploited the vulnerability to deploy two types of malware known as ‘SeaSpy’ and ‘Saltwater’.
To address the issue, Barracuda implemented mitigations for their Email Security Gateway (ESG) on December 20. Furthermore, a security update was released on December 29, 2023, with the version 0.66 of Spreadsheet::ParseExcel. This update specifically addressed the CVE-2023-7101 vulnerability.
Google Chrome Bugs Stems from Google Chrome Heap Buffer Overflow Issue
The latest actively exploited vulnerability added to KEV is CVE-2023-7024, a heap buffer overflow issue in WebRTC in Google Chrome web browser.
“Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution,”
“This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome,”
Reads CISA’s summary of the bug.
The flaw was discovered by Google’s Threat Analysis Group (TAG) and was promptly addressed through an emergency update on December 20. The fix was implemented in versions 120.0.6099.129/130 for Windows and 120.0.6099.129 for Mac and Linux operating systems.
It is worth noting that this marks the eighth zero-day vulnerability that Google has addressed in Chrome throughout 2023. This underscores the persistent efforts and dedication that hackers invest in discovering and exploiting vulnerabilities in this widely used web browser.
USE CISA’s KEV to Track Actively Exploited Bugs
The CISA KEV (Known Exploited Vulnerabilities) catalog provided by CISA is a highly valuable resource for organizations to check for, open-source vulnerabilities, malicious exploits, and major actively exploited bugs.
It serves as a crucial tool for enhancing vulnerability management and prioritization efforts. By leveraging the information in the KEV catalog, organizations can effectively identify and address vulnerabilities, ultimately strengthening their overall cybersecurity posture.
