Google Chromium Mojo Flaw Added to CISA's Known Exploited Vulnerabilities Catalog

US CISA Adds Google Chromium, Mojo Flaw to Its Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Google Chromium and Mojo to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, identified as CVE-2021-37974, is a use-after-free flaw that affects Chromium-based browsers and Mojo, a framework used by Google to build and maintain Chromium.

The vulnerability was discovered by security researcher Clément Lecouvey and was initially reported in October 2021. It allows an attacker to execute arbitrary code on a targeted system by manipulating Mojo's internal data structures. The flaw is particularly dangerous because it can be exploited by an attacker without requiring user interaction, making it a high-severity vulnerability.

The CISA KEV catalog is a list of vulnerabilities that are known to be exploited in the wild and that pose a significant risk to the security of computer systems. The catalog is used by US federal agencies and other organizations to prioritize vulnerability remediation efforts and to ensure that systems are patched against known exploited vulnerabilities.

The addition of the Google Chromium and Mojo vulnerability to the KEV catalog underscores the importance of keeping software up to date and patching vulnerabilities in a timely manner. The vulnerability is particularly concerning because it can be exploited by an attacker without requiring user interaction, making it a high-severity vulnerability.

Organizations that use Chromium-based browsers and Mojo are advised to apply the necessary patches as soon as possible to protect against potential attacks. The CISA KEV catalog can be accessed on the agency's website, and organizations can use the catalog to prioritize vulnerability remediation efforts and ensure that systems are patched against known exploited vulnerabilities.