Hackers Are Actively Exploiting Security Holes In Chrome And Spreadsheet Parser, CISA Warns
CISA recently published a blog post explaining that it was pushing two new vulnerabilities to the KEV catalog. The first of these vulnerabilities is tracked as CVE-2023-7024 and is described as a Google Chromium WebRTC heap buffer overflow vulnerability. Given that that description is likely gibberish to most, what you need to know is that this vulnerability was discovered by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group. While it was unclear what threat actors were leveraging this vulnerability, it was clear that there was a significant level of severity with a patch from Google rolling in 24 hours from reporting.
Beyond that vulnerability, CVE-2023-7101 was also added to the KEV Catalog and is another interesting one with a bit more detail. This vulnerability lies with the Spreadsheet::ParseExcel version 0.65, a “Perl module used for parsing Excel files,” which has an issue where unvalidated input from a file into an “eval” statement could lead to arbitrary code execution. This vulnerability has already seen proof-of-concept exploits published and is quite the concern for a wide variety of folks, including those using the Barracuda ESG (Email Security Gateway). This is one of the higher-profile use cases for Spreadsheet::ParseExcel, which Chinese threat actors were exploiting.
Thankfully, most software utilizing Spreadsheet::ParseExcel have patched the problem, including Barracuda so this is less of a concern. Regardless, if you want to check out the living list of Common Vulnerabilities and Exposures (CVEs) that pose a risk to the federal government, you can do so on the CISA KEV Catalog webpage.
