This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.
Category: Arbitrary Code Execution
Other Chromium-based browsers including Brave, Falkon, Bromite, Blisk, Epic, Opera and more may also potentially be affected.
A Type Confusion vulnerability exists in the V8 component of Google Chrome prior to 125.0.6422.112 , which can be triggered by an attacker via a crafted HTML page. The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. Google has not shared technical details about the flaw to protect users from potential exploitation attempts from other threat actors.
When the product accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties, which can lead to out-of-bounds memory access.
Customers are requested to upgrade to the latest stable channel version 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux.
Updates to Chrome are available via the built-in system package managers on some desktop and server operating systems, or alternatively may be downloaded via the relevant application store on certain mobile devices (e.g. Apple App Store, or Google Play Store). See How to update Google Chrome for more information.
Chrome typically updates automatically, but users can manually check for updates by navigating to “Settings” > “About Chrome”.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
Category: Memory Access Violation
This vulnerability affects a common open-source component (the Linux kernel) that is incorporated into many different products such as different Linux operating system distributions from vendors including Red Hat, Fedora, Debian, Ubuntu and SuSE Linux.
A use-after-free vulnerability exists in the Linux kernel’s netfilter: nf_tables component. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
Use-after-free errors have two common and sometimes overlapping causes: (1) error conditions and other exceptional circumstances; and (2) confusion over which part of the program is responsible for freeing the memory. The memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process.
We recommend upgrading to kernel version 6.7.3 or newer, i.e. past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
This vulnerability affects a common open-source component (the Linux kernel) that is incorporated into many different products such as different Linux operating system distributions from vendors including Red Hat, Fedora, Debian, Ubuntu and SuSE Linux: please check with specific vendors for information on patching status for your specific system.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
Category: Path Traversal
This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances. Versions R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20 are all vulnerable.
A vulnerability exists in multiple Check Point product lines that allow an attacker to gain unauthorised access to sensitive information from arbitrary files from impacted Check Point devices connected to the internet and enabled with IPSec VPN, remote Access VPN or Mobile Access Software Blades. The vulnerability exists because the system fails to properly sanitise user-provided input, leaving it vulnerable to path traversal attacks.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
A Security fix that mitigates this vulnerability is available. Update to the latest version.
For online Security Gateways, the Hotfix is available for you in CPUSE. To obtain the Hotfix:
The hotfix is also available for manual (.tar file) download from https://support.checkpoint.com/results/sk/sk182336.
Important extra measures:
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)