Toggle light / dark theme

CISA orders agencies to fix actively exploited VMware, Chrome bugs

The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.

The VMware vulnerability (CVE-2022–22960) was patched on April 6th, and it allows attackers to escalate privileges to root on vulnerable servers due to improper permissions in support scripts.

A Chrome zero-day was also included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, a bug tracked as CVE-2022–1364 and allowing remote code execution due to a V8 type confusion weakness.