VULNERA Pulse

Google — Chromium V8 Engine

CVE-2022-4262 / Added: Dec. 5, 2022

HIGH CVSS 8.80

Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.

Headlines

• Dec. 9, 2022 - This Week in Security: Rackspace Falls Over, Poison Ping, and the WordPress Race
• Dec. 6, 2022 - CISA Issues Directive To Patch This Exploited Chrome Flaw By December 26
• Dec. 6, 2022 - Google Chrome Flaw Added to CISA Patch List
• Dec. 6, 2022 - Microsoft rolls out the last major Edge update of 2022
• Dec. 6, 2022 - Microsoft releases Edge 108 Stable, contains new features and a fix
• Dec. 6, 2022 - Security Expert Warns ‘Update Google Chrome Now’ As CISA 0Day Deadline Revealed
• Dec. 6, 2022 - Security Expert Warns ‘Update Google Chrome Now’ As CISA 0Day Deadline Revealed
• Dec. 5, 2022 - Latest Edge 108 Stable brings better privacy with ECH, adds another helpful feature
• Dec. 5, 2022 - Google Releases Chrome Emergency Fix For Ninth Zero-Day This Year
• Dec. 5, 2022 - Time to update: Google Chrome browser patches high-severity security flaw
• Dec. 5, 2022 - Google Patches Ninth Chrome Zero-Day of 2022
• Dec. 5, 2022 - Google Chrome Remote Code Execution Vulnerability
• Dec. 5, 2022 - Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet
• Dec. 4, 2022 - Why You Must Force Update Google Chrome Now: New 0Day Threat Confirmed
• Dec. 4, 2022 - Why You Must Force Update Google Chrome Now: New 0Day Threat Confirmed
• Dec. 3, 2022 - Google Chrome 108.0.5359.95 (offline installer)
• Dec. 3, 2022 - Google fixed the ninth actively exploited Chrome zeroday this year
• Dec. 3, 2022 - Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
• Dec. 3, 2022 - Google Chrome New Update Saves Billions of Users From 9th Zero-Day Security Flaw
• Dec. 2, 2022 - Google issues emergency Chrome update to patch zero-day exploit

Back to top ↑

CVE-2022-40259

CRITICAL CVSS 9.80

Risk Context N/A

Published: Dec. 5, 2022

AMI MegaRAC Redfish Arbitrary Code Execution

Vendor Impacted: Ami

Product Impacted: Megarac Sp-X

Quotes

• MegaRAC BMC is widely used by many leading server manufacturers to provide 'lights-out' management capabilities for their server products - iTnews - Security
• The password looked like a default, and we managed to find back references to it going as far back as 2014 by other people - CSO Online
• This firmware is a foundational component of modern computing found in hundreds of thousands of servers in data centers, server farms, and cloud infrastructure around the world. And since devices in these environments typically standardize on a hardware configuration, a vulnerable configuration could likely be shared across thousands of devices - SecurityWeek
• The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking) - The Hacker News

Headlines

• Dec. 8, 2022 - Vulnerabilities in "lights out" server management firmware
• Dec. 6, 2022 - Flaws in MegaRAC baseband management firmware impact many server brands
• Dec. 6, 2022 - Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks
• Dec. 5, 2022 - New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

CVE-2022-40242

CRITICAL CVSS 9.80

Risk Context N/A

Published: Dec. 5, 2022

MegaRAC Default Credentials Vulnerability

Vendor Impacted: Ami

Product Impacted: Megarac Sp-X

Quotes

• MegaRAC BMC is widely used by many leading server manufacturers to provide 'lights-out' management capabilities for their server products - iTnews - Security
• The password looked like a default, and we managed to find back references to it going as far back as 2014 by other people - CSO Online
• This firmware is a foundational component of modern computing found in hundreds of thousands of servers in data centers, server farms, and cloud infrastructure around the world. And since devices in these environments typically standardize on a hardware configuration, a vulnerable configuration could likely be shared across thousands of devices - SecurityWeek
• The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking) - The Hacker News

Headlines

• Dec. 8, 2022 - Vulnerabilities in "lights out" server management firmware
• Dec. 6, 2022 - Flaws in MegaRAC baseband management firmware impact many server brands
• Dec. 6, 2022 - Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks
• Dec. 5, 2022 - New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

CVE-2022-4262

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited

Published: Dec. 2, 2022

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor Impacted: Google

Product Impacted: Chromium V8 Engine

Quotes

• Specific impacts from exploitation are not available at this time - Dark Reading
• This newly discovered and exploited flaw in Google is important for several reasons. The Google Chrome browser has a global market share of ~63%, which is a massive Total Addressable Market (TAM) and one that malicious users will likely jump on the back of. This browser is popular on a variety of operating systems, again making it a formidable vulnerability for malicious users. A browser, by its very nature, must have internet connectivity, crossing a trust barrier, again making the delivery mechanism easier - this could be a malicious link or a phishing email. Add in the fact that users are slow to update and patch their browsers (both on desktops and mobile devices), and this creates a very dangerous situation for organizations and individuals alike. My opinion is that giving organizations three weeks to patch a vulnerability will likely mean that they patch said vulnerability in three weeks. This is too long. Organized and motivated attackers will weaponize this in a few short hours. Clearly, the onus here is on organizations and individuals to patch as quickly as they can; they should be given the tools and resources to do so, as we know that a vulnerability of this severity is going to be impactful - Forbes - Cybersecurity
• This fix addresses the ninth zero-day vulnerability in the browser this year. Moreover, it continues an odd pattern of Google fixing a zero-day vulnerability soon after a regular release - infosecurity-magazine.com
• Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed - Latest news
• Google is aware that an exploit for CVE-2022-4262 exists in the wild - SecurityWeek
• It is very likely that this vulnerability allows remote code execution - Forbes - Cybersecurity
• CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29 - Security Affairs
• Remote attacker to potentially exploit heap corruption via a crafted HTML page - The Hacker News

Headlines

• Dec. 9, 2022 - This Week in Security: Rackspace Falls Over, Poison Ping, and the WordPress Race
• Dec. 6, 2022 - CISA Issues Directive To Patch This Exploited Chrome Flaw By December 26
• Dec. 6, 2022 - Google Chrome Flaw Added to CISA Patch List
• Dec. 6, 2022 - Microsoft rolls out the last major Edge update of 2022
• Dec. 6, 2022 - Microsoft releases Edge 108 Stable, contains new features and a fix
• Dec. 6, 2022 - Security Expert Warns ‘Update Google Chrome Now’ As CISA 0Day Deadline Revealed
• Dec. 5, 2022 - Latest Edge 108 Stable brings better privacy with ECH, adds another helpful feature
• Dec. 5, 2022 - Google Releases Chrome Emergency Fix For Ninth Zero-Day This Year
• Dec. 5, 2022 - Time to update: Google Chrome browser patches high-severity security flaw
• Dec. 5, 2022 - A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
• Dec. 5, 2022 - Google Patches Ninth Chrome Zero-Day of 2022
• Dec. 5, 2022 - Google Chrome Remote Code Execution Vulnerability
• Dec. 5, 2022 - Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet
• Dec. 4, 2022 - Why You Must Force Update Google Chrome Now: New 0Day Threat Confirmed
• Dec. 4, 2022 - Why You Should Force Update Google Chrome Now: New 0Day Threat Confirmed
• Dec. 3, 2022 - Google Chrome 108.0.5359.95 (offline installer)
• Dec. 3, 2022 - Google fixed the ninth actively exploited Chrome zeroday this year
• Dec. 3, 2022 - Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
• Dec. 3, 2022 - Google Chrome New Update Saves Billions of Users From 9th Zero-Day Security Flaw

CVE-2022-4135

CRITICAL CVSS 9.60

CISA Known Exploited Actively Exploited

Published: Nov. 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendors Impacted: Google, Microsoft

Products Impacted: Edge, Edge Chromium, Chromium

Quotes

• This fix addresses the ninth zero-day vulnerability in the browser this year. Moreover, it continues an odd pattern of Google fixing a zero-day vulnerability soon after a regular release - infosecurity-magazine.com
• Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed - Latest news
• Google is aware that an exploit for CVE-2022-4262 exists in the wild - SecurityWeek

Headlines

• Dec. 5, 2022 - Google Releases Chrome Emergency Fix For Ninth Zero-Day This Year
• Dec. 5, 2022 - Time to update: Google Chrome browser patches high-severity security flaw
• Dec. 5, 2022 - Google Patches Ninth Chrome Zero-Day of 2022

CVE-2022-41128

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Nov. 9, 2022

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.

Vendor Impacted: Microsoft

Products Impacted: Windows 7, Windows Server 2012, Windows Server 2022, Windows Server 2016, Windows, Windows 10, Windows 8.1, Windows Server 2008, Windows Server 2019, Windows 11

Quotes

• This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident - Dark Reading
• Delivering IE exploits via this vector has the advantage of not requiring the target to use Internet Explorer as its default browser, nor to chain the exploit with an EPM sandbox escape - Latest news
• These malicious documents exploited an Internet Explorer 0-day vulnerability in the JScript engine, CVE-2022-41128. Our policy is to quickly report vulnerabilities to vendors, and within a few hours of discovering this 0-day, we reported it to Microsoft and patches were released to protect users from these attacks - Security Affairs
• 221031 Seoul Yongsan Itaewon accident response situation (06:00).docx - Graham Cluley
• The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists - The Hacker News
• . The Seoul Yongsan Itaewon accident took place in late October and saw over 150 people crushed to death when Halloween celebrations went very wrong. Hundreds more were injured, many seriously. South Korea declared a week of national mourning after the incident. And now APT37 has used it - while memories are still very, very, raw in the South - to distribute malware - The Register - Security
• This vulnerability requires that a user with an affected version of Windows accesses a malicious server. An attacker would have to host a specially crafted server share or website - SecurityWeek

Headlines

• Dec. 8, 2022 - APT37 Uses Internet Explorer Zero-Day to Spread Malware
• Dec. 8, 2022 - Hackers are still finding - and using - flaws in Internet Explorer
• Dec. 8, 2022 - APT37 used Internet Explorer Zero-Day in a recent campaign
• Dec. 8, 2022 - Google says North Korea targeted an Internet Explorer zero-day vulnerability
• Dec. 8, 2022 - North Korean hackers exploit Seoul Halloween tragedy in zero-day attack
• Dec. 8, 2022 - North Korean hackers exploited Internet Explorer zero-day to spread malware
• Dec. 8, 2022 - Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
• Dec. 8, 2022 - North Korea hits new low by using Seoul Halloween tragedy to exploit Internet Explorer zero-day
• Dec. 7, 2022 - Google Documents IE Browser Zero-Day Exploited by North Korean Hackers

CVE-2022-31199

CRITICAL CVSS 9.80

Remote Code Execution

Published: Nov. 8, 2022

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.

Quotes

• While we don't have enough information to say that there is a specific focus on a sector, we noticed a number of compromised education sector organizations - infosecurity-magazine.com
• Post-compromise activity included data theft and the execution of Clop ransomware - The Hacker News
• Netwrix Auditor is vulnerable to an insecure object deserialization issue that is caused by an unsecured .NET remoting service. An attacker can submit arbitrary objects to the application through this service to achieve remote code execution on Netwrix Auditor servers - Cisco Talos Blog

Headlines

• Dec. 9, 2022 - Truebot Malware Activity Increases With Possible Evil Corp Connections
• Dec. 9, 2022 - New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm
• Dec. 8, 2022 - Breaking the silence - Recent Truebot activity

CVE-2021-44228

CRITICAL CVSS 10.00

CISA Known Exploited Actively Exploited Public Exploits Available

Published: Dec. 10, 2021

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Vendors Impacted: Snowsoftware, Percussion, Fedoraproject, Siemens, Bentley, Debian, Netapp, Intel, Apache, Cisco

Products Impacted: Gma-Manager, Connected Mobile Experiences, Cyber Vision, Logo\! Soft Comfort, Workload Optimization Manager, Video Surveillance Manager, Smart Phy, Unity Connection, Secure Device Onboard, Firepower 2140, Optical Network Controller, Prime Service Catalog, Vesys, Xpedition Package Integrator, Xpedition Enterprise, Firepower 4110, Virtual Topology System, Firepower 1150, Contact Center Domain Manager, Fog Director, Oneapi Sample Browser, Siveillance Viewpoint, Dna Spaces Connector, Firepower 2120, Unified Computing System, Unified Intelligence Center, Iot Operations Dashboard, Unified Contact Center Express, Cyber Vision Sensor Management Exten, Firepower 4145, Log4j, Ucs Central, Finesse, System Debugger, Business Process Automation, Industrial Edge Management Hub, Snapcenter, Dna Spaces\, Unified Sip Proxy, Paging Server, Connected Analytics For Network Depl, Dna Center, Common Services Platform Collector, Cloudcenter Workload Manager, Unified Contact Center Enterprise, Crosswork Zero Touch Provisioning, Unified Workforce Optimization, Navigator, Audio Development Kit, Enterprise Chat And Email, Firepower 2130, Ucs Central Software, Intersight Virtual Appliance, Head-End System Universal Device Int, Network Dashboard Fabric Controller, Mobility Services Engine, Firepower 4150, Firepower 4112, Video Surveillance Operations Manage, Firepower 1120, Siveillance Command, Mendix, Packaged Contact Center Enterprise, Unified Customer Voice Portal, System Studio, Fxos, Sipass Integrated, Genomics Kernel Library, Customer Experience Cloud Agent, Energyip, Advanced Malware Protection Virtual , Contact Center Management Portal, Sd-Wan Vmanage, Cx Cloud Agent, Siveillance Control Pro, Oncommand Insight, Energy Engage, Cloud Secure Agent, Firepower 4140, Cloudcenter Suite Admin, Operation Scheduler, Comos, Spectrum Power 4, Crosswork Data Gateway, Firepower 1140, Computer Vision Annotation Tool, Ontap Tools, Firepower 9300, Firepower 1010, Sppa-T3000 Ses3000, Crosswork Network Automation, Active Iq Unified Manager, Debian Linux, Wan Automation Engine, Solid Edge Harness Design, Crosswork Platform Infrastructure, Emergency Responder, Fedora, Network Assurance Engine, Siveillance Vantage, Broadworks, Log4j2, Synchro, Firepower Threat Defense, Sensor Solution Firmware Development, Ucs Director, Teamcenter, Captial, Virtualized Voice Browser, Desigo Cc Advanced Reports, Mindsphere, Integrated Management Controller Sup, Firepower 4115, Crosswork Optimization Engine, Dna Spaces, Energyip Prepay, Firepower 4120, Opcenter Intelligence, Unified Communications Manager, Unified Contact Center Management Po, Synchro 4d, Unified Communications Manager Im An, Virtualized Infrastructure Manager, Cloudcenter Suite, Data Center Network Manager, Nexus Insights, Spectrum Power 7, Firepower 2110, Industrial Edge Management, Unified Communications Manager Im \&, Data Center Manager, Desigo Cc Info Center, Solid Edge Cam Pro, Nexus Dashboard, Identity Services Engine, Siguard Dsa, Evolved Programmable Network Manager, Sentron Powermanager, Siveillance Identity, Automated Subsea Tuning, Nx, Cloud Insights, Firepower 4125, Cloudcenter, Vm Access Proxy, Crosswork Network Controller, Cloud Connect, E-Car Operation Center, Cloud Manager, Webex Meetings Server, Rhythmyx, Network Services Orchestrator, Snow Commander, Sppa-T3000 Ses3000 Firmware, Cloudcenter Cost Optimizer, Network Insights For Data Center

Quotes

• The C2 server information is stored on a cloud service in an account that is either preconfigured in the malware or that can be deterministically located by the malware - Dark Reading
• The use of GitHub as a virtual dead drop helps the malware blend in - The Hacker News
• Never Gonna Give You Up - Kaspersky official blog
• One of the most serious that I've seen in my entire career, if not the most serious - Latest news

Headlines

• Dec. 9, 2022 - Iranian APT Targets US With Drokbk Spyware via GitHub
• Dec. 9, 2022 - Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
• Dec. 9, 2022 - Intel Data Center Manager
• Dec. 8, 2022 - What is Log4Shell and why is it still dangerous a year later?
• Dec. 7, 2022 - For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers
• Dec. 6, 2022 - We are Still Failing to Learn the Most Important Lesson in Cybersecurity.
• Dec. 4, 2022 - We are still failing to learn the most important lesson in cybersecurity. That needs to change, fast