The Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns regarding hackers exploiting vulnerabilities in Google Chrome and outdated D-Link routers that have reached End-of-Life (EoL). These vulnerabilities can potentially be exploited by malicious actors to gain unauthorized access to systems and compromise sensitive data. In light of the increasing trend of remote work and online activities, it is essential for both individuals and organizations to take proactive measures to safeguard themselves against these cyber threats. This article aims to explore the specific vulnerabilities identified by CISA and provide recommendations on how to mitigate the associated risks.
CISA’s Identification of Exploited Vulnerabilities
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has recently added three security vulnerabilities to its ‘Known Exploited Vulnerabilities’ list. Among these, one vulnerability affects Google Chrome, while the other two impact certain D-Link routers. The inclusion of these vulnerabilities in the KEV list serves as a warning to federal agencies and businesses that threat actors are actively exploiting them in cyber attacks. It emphasizes the urgent need for implementing security updates and mitigations to address these vulnerabilities effectively.
Actively Exploited Flaws
One of the vulnerabilities identified by CISA affects Google Chrome and is tracked as CVE-2024-4761. While the technical details of this vulnerability have not been publicly disclosed, it has been confirmed by the vendor as actively exploited. This vulnerability is described as an out-of-bounds write vulnerability in Chrome’s V8 JavaScript engine, posing a high severity risk. Additionally, CISA has highlighted another vulnerability, CVE-2024-4947, in Chrome’s V8 engine that has also been exploited in the wild.
CISA has also issued a warning about a ten-year-old vulnerability affecting D-Link DIR-600 routers, known as CVE-2014-100005. This vulnerability involves a cross-site request forgery (CSRF) scenario, enabling attackers to manipulate administrator authentication requests, create unauthorized admin accounts, modify configurations, and take control of the device. Despite these routers being EOL for four years, the vendor released a firmware fix in version 2.17b02 along with mitigation recommendations.
Mitigation Strategies and Recommendations
Another vulnerability affecting D-Link products, CVE-2021-40655, has been recently added to the KEV list. This vulnerability impacts D-Link DIR-605 routers that have been out of support since 2015. A proof-of-concept exploit for this flaw demonstrated the potential for attackers to obtain admin credentials via a crafted request to the /getcfg.php page without authentication.
It is crucial for users of D-Link DIR-600 and DIR-605 routers to consider replacing these outdated devices with newer models that are still supported by the vendor. Older vulnerabilities like these are often exploited by botnet malware, emphasizing the importance of upgrading to devices that receive regular performance and security updates.
staying informed about known vulnerabilities and promptly applying security patches and updates is key to protecting against cyber threats. By taking proactive measures and staying vigilant, individuals and organizations can enhance their cybersecurity posture and mitigate the risks associated with evolving cyber threats.
