Hackers are actively exploiting two vulnerabilities. One affects unpatched versions of Google Chrome, the other affects an open source library linked to Excel.

Cybercriminals are actively exploiting two flaws. The American warns against this Cybersecurity and Infrastructure Security Agency (KAG). The first vulnerability is in Google Chrome and is called CVE-2023-7024. The fatal flaw allows attackers to remotely execute code via a buffer overflow issue. The flaw was discovered last year and Google released a patch on December 20th. Not everyone has this patch installed and hackers are eagerly exploiting it.

Open source library

The other error is in an open source library: Spreadsheet::ParseExcel. This library enables, among other things, the import and export of data from Excel. Developers use it as a compatibility layer for processing Excel files in Perl-based web applications. However, versions 0.65 and older of the library are vulnerable to a bug called CVE-2023-7101. The flaw allows attackers to execute their own code.

The library is used by Barracuda, among others, for its Email Security Gateway. Chinese attackers targeted this product late last year. Barracuda released a patch before the New Year.

A general patch for the library vulnerability is of course a bit more complex. Developers who have integrated the open source library must always update their applications to a version that is no longer vulnerable.