{"id":138190,"date":"2022-04-16T01:02:48","date_gmt":"2022-04-16T06:02:48","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/04\/cisa-orders-agencies-to-fix-actively-exploited-vmware-chrome-bugs"},"modified":"2022-04-16T01:02:48","modified_gmt":"2022-04-16T06:02:48","slug":"cisa-orders-agencies-to-fix-actively-exploited-vmware-chrome-bugs","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/04\/cisa-orders-agencies-to-fix-actively-exploited-vmware-chrome-bugs","title":{"rendered":"CISA orders agencies to fix actively exploited VMware, Chrome bugs"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/cisa-orders-agencies-to-fix-actively-exploited-vmware-chrome-bugs2.jpg\"><\/a><\/p>\n<p>The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.<\/p>\n<p>The VMware vulnerability (CVE-2022\u201322960) was <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/vmware-warns-of-critical-vulnerabilities-in-multiple-products\/\" target=\"_blank\">patched on April 6th<\/a>, and it allows attackers to escalate privileges to root on vulnerable servers due to improper permissions in support scripts.<\/p>\n<p>A Chrome zero-day was also included in CISA\u2019s <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"nofollow noopener\">Known Exploited Vulnerabilities<\/a> (KEV) catalog, a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-chrome-emergency-update-fixes-zero-day-used-in-attacks\/\" target=\"_blank\">bug tracked as CVE-2022\u20131364<\/a> and allowing remote code execution due to a V8 type confusion weakness.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. The VMware vulnerability (CVE-2022\u201322960) was patched on April 6th, and it allows attackers to escalate privileges [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-138190","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/138190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=138190"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/138190\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=138190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=138190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=138190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}