Hackers are actively exploiting two of the vulnerabilities. One affects unpatched versions of Google Chrome, and the other concerns an open source library associated with Excel.
Cybercriminals actively exploit two bugs. The American warns against this Cybersecurity and Infrastructure Security Agency (Sissa). The first leak is in Google Chrome and has a label CVE-2023-7024. A critical bug allows attackers to execute remote code via a buffer overflow issue. The bug was discovered last year and Google released a patch on December 20. Not everyone has installed this patch and hackers are eagerly exploiting it.
Open source library
The other error is in an open source library: Spreadsheet::ParseExcel. This library allows, among other things, to import and export data from Excel. Developers use it as a compatibility layer for handling Excel files in Perl-based web applications. However, versions 0.65 and earlier of the library are vulnerable to a bug called CVE-2023-7101. This flaw allows attackers to execute their own code.
The library is used by Barracuda, among other companies, for their email security gateway. Chinese attackers targeted this product late last year. Barracuda released a patch before New Year's.
The general patching of the library vulnerability is of course a bit more complicated. Developers who have integrated the open source library should always update their applications to a version that is no longer vulnerable.
More Stories
Monster Jam Showdown Launch Trailer
The European Digital Twin Ocean prototype reveals many possibilities
Instagram now lets you add a song to your account