The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has recently added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog. These vulnerabilities include one impacting Google Chrome and two affecting certain models of D-Link routers. By including these issues in the catalog, CISA aims to warn federal agencies and companies about ongoing attacks exploiting these vulnerabilities. It emphasizes the need for immediate security updates or mitigations to protect against potential attacks.

Federal agencies in the United States have been given until June 6th to either replace the affected devices or implement necessary defenses to minimize or eliminate the risk of an attack. Failure to comply with this directive could leave government agencies and companies vulnerable to cyber threats.

The vulnerability affecting Google Chrome, known as CVE-2024-4761, was confirmed as actively exploited by the vendor on May 13th. However, no specific technical details about the vulnerability have been made publicly available at this time. This vulnerability is described as an out of bounds write vulnerability in Chrome's V8 JavaScript engine, which executes JavaScript code in the browser. Its severity rating is classified as high.

Shortly after disclosing CVE-2024-4761, Google also announced the exploitation of another vulnerability in Chrome's V8 engine, identified as CVE-2024-4947. However, CISA has not yet added this specific vulnerability to the 'Known Exploited Vulnerabilities' catalog.

In addition to the Chrome vulnerabilities, CISA has issued a warning regarding an ongoing exploitation of a ten-year-old vulnerability (CVE-2014-100005) affecting D-Link DIR-600 routers. This flaw, categorized as a cross-site request forgery (CSRF) issue, permits attackers to hijack administrator authentication requests to the device's web admin panel. Consequently, attackers gain the ability to create their own admin accounts, alter configurations, and take control of the device. Although the D-Link DIR-600 routers have reached end-of-life status, a fix was released by the vendor in firmware version 2.17b02 when the flaw was discovered. The vendor also provided a security bulletin with recommended mitigations.

Furthermore, another bug impacting D-Link products has recently been included in the 'Known Exploited Vulnerabilities' catalog. This vulnerability, designated as CVE-2021-40655, affects D-Link DIR-605 routers, which have been out of support since 2015. A proof-of-concept exploit for this flaw was published on GitHub in 2021, illustrating that an attacker can obtain the admin's username and password through a specially crafted request sent to the /getcfg.php page, without requiring authentication.

CISA has not disclosed any additional information regarding the exploitation of these two D-Link vulnerabilities. It remains unclear who exploited these flaws and when the attacks were recorded. However, it is important to note that older vulnerabilities are often targeted by botnet malware, which indiscriminately exploit a range of security issues without considering the device or issue's age.

To safeguard against potential attacks, it is strongly recommended for users of D-Link 600 and 605 routers to replace these devices with newer models that are still supported by the vendor. These updated models offer enhanced performance and receive regular security updates, ensuring a higher level of protection against emerging threats.

In light of the increasing cyber threats, CISA's timely warning underscores the importance of maintaining up-to-date security measures and promptly addressing known vulnerabilities to safeguard critical infrastructure and sensitive data.