CISA Alerts on Exploited Chrome and D-Link Vulnerabilities

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its ‘Known Exploited Vulnerabilities’ (KEV) catalog, highlighting risks in Google Chrome and some D-Link routers.

By listing these vulnerabilities in the KEV catalog, CISA warns federal agencies and companies about active exploitation by threat actors and urges prompt application of security updates or mitigations.

Federal agencies in the U.S. have a deadline of June 6th to replace affected devices or implement measures to mitigate the risks.

The vulnerability in Google Chrome, identified as CVE-2024-4761, was confirmed by the vendor as actively exploited on May 13th. While technical details are not yet public, it is described as an out-of-bounds write vulnerability in Chrome’s V8 JavaScript engine, which executes JS code in the browser. The severity rating for this flaw is high.

Two days after disclosing CVE-2024-4761, Google announced another vulnerability (CVE-2024-4947) in Chrome’s V8 engine that has also been exploited in the wild. However, CISA has not yet added this to the KEV catalog.

CISA also warns of a decade-old vulnerability in D-Link DIR-600 routers, identified as CVE-2014-100005. This cross-site request forgery (CSRF) issue allows attackers to hijack administrator authentication requests, create their own admin accounts, change configurations, and take control of the device. Despite the D-Link DIR-600 reaching end-of-life (EOL) four years before the flaw was discovered, the vendor released a fix in firmware version 2.17b02 along with mitigation recommendations.

Another D-Link vulnerability added to the KEV catalog is CVE-2021-40655, affecting D-Link DIR-605 routers, which have been out of support since 2015. A proof-of-concept exploit for this flaw was released on GitHub in 2021, showing that an attacker could capture the admin’s username and password via a specially crafted request sent to the /getcfg.php page without authentication.

CISA has not provided specific background information on the exploitation of these D-Link flaws, leaving the timing and responsible parties unclear. Older vulnerabilities are often targeted by botnet malware, which incorporates extensive lists of exploitable issues without regard for the device type or age of the flaw.

For the D-Link DIR-600 and DIR-605 routers, it is recommended to replace these devices with newer models that receive ongoing performance and security updates from the vendor.

To prevent exploitation of the identified vulnerabilities, ensure that Google Chrome is always updated to the latest version to incorporate security patches. Replace outdated D-Link routers with newer models that receive regular security updates. For existing D-Link devices, apply the latest firmware updates and follow vendor-recommended mitigation steps. Additionally, implement network security measures such as firewalls and intrusion detection systems to monitor and block suspicious activities.