Home / Threat Intelligence bulletins / Critical vulnerabilities in Google Chrome and Perl library exploited

Overview

The Cybersecurity and Infrastructure Agency (CISA) has issued alerts about two significant vulnerabilities, CVE-2023-7024 and CVE-2023-7101, that have been exploited. CVE-2023-7024 affects the WebRTC component in Google Chrome, while CVE-2023-7101 impacts the Spreadsheet::ParseExcel Perl module, widely used for parsing Excel files. These vulnerabilities have raised concerns across the IT and cyber security sectors worldwide.

Impact

Exploitation of these vulnerabilities can lead to severe consequences, including remote code execution (RCE) and potential control over affected systems. The heap buffer overflow vulnerability in Google Chrome’s WebRTC component (CVE-2023-7024) could allow attackers to execute arbitrary code on a victim’s computer. Similarly, the RCE vulnerability in the Spreadsheet::ParseExcel Perl module (CVE-2023-7101) could enable attackers to manipulate or steal sensitive data, install malware, and gain extensive control over affected systems.

Vulnerability Detection

To detect the presence of these vulnerabilities in their systems, organisations should employ comprehensive vulnerability scanning tools. For CVE-2023-7024, security teams should verify the version of Google Chrome and Microsoft Edge being used across their networks, ensuring that all instances are updated to the versions that include the security patch.

For CVE-2023-7101, organisations should scan their systems for instances of the Spreadsheet::ParseExcel Perl module, particularly focusing on versions prior to 0.66.

Affected Products

CVE-2023-7024

  • Google Chrome versions prior to 120.0.6099.130
  • Microsoft Edge versions prior to 120.0.2210.91

CVE-2023-7101

  • Perl Module Spreadsheet::ParseExcel versions 0.66 and below.

Containment, Mitigations & Remediations

It is crucial for organisations to update to the patched versions of the affected software. Additionally, organisations should review their security posture and implement robust cyber security measures, including regular security audits, employee training, and incident response plans.

Indicators of Compromise

There are currently no publicly available Indicators of Compromise (IOCs) for both vulnerabilities. Quorum Cyber will monitor the ongoing exploitation of both vulnerabilities and release IOCs when they are made available to the public.

Threat Landscape

These incidents underscore the ongoing challenges in cyber security, with critical vulnerabilities being actively exploited by malicious actors. The situation highlights the need for constant vigilance, prompt software updates, and comprehensive cyber security strategies to protect against evolving threats.

Threat Group

The threat actor tracked as UNC4841 is believed to have exploited the RCE vulnerability in the Spreadsheet::ParseExcel Perl module (CVE-2023-7101) to deploy SeaSpy and Saltwater malware.

While specific threat actors exploiting CVE-2023-7024 have not been exclusively identified, the nature of the vulnerability suggests that both nation-state actors and independent cybercriminal groups could exploit it for various malicious purposes.