Cybersecurity and Infrastructure Security Agency (CISA) added the Google Chrome zero-day to its catalog of exploited vulnerabilities.
The bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.
An attacker could exploit the vulnerability and compromise a victim when they simply visit a website that hosts malicious HTML code.
Source: https://therecord.media/cisa-adds-google-zero-day-to-exploited-vulnerabilities-list/
TPRM report: https://scoringcyber.rankiteo.com/company/google-chrome
"id": "goo181291222",
"linkid": "google-chrome",
"type": "Vulnerability",
"date": "12/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Technology',
'name': 'Google',
'type': 'Corporation'}],
'attack_vector': 'Malicious Website',
'description': 'Cybersecurity and Infrastructure Security Agency (CISA) added '
'the Google Chrome zero-day to its catalog of exploited '
'vulnerabilities. The bug exists in a third-party library that '
'other projects similarly depend on, but haven’t yet fixed. An '
'attacker could exploit the vulnerability and compromise a '
'victim when they simply visit a website that hosts malicious '
'HTML code.',
'impact': {'systems_affected': ['Google Chrome']},
'initial_access_broker': {'entry_point': 'Malicious Website'},
'post_incident_analysis': {'root_causes': 'Third-party library bug'},
'references': [{'source': 'CISA'}],
'title': 'Google Chrome Zero-Day Vulnerability',
'type': 'Zero-Day Exploit',
'vulnerability_exploited': 'Third-party library bug in Google Chrome'}