SecurityWeek • 3h
CISA KEV Update: Active Exploitation of Google Chrome, Arista EOS, and Cisco Systems
CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in Google Chrome, Arista EOS, and Cisco Systems, transitioning these vulnerabilities from theoretical risks to confirmed active exploitations. The Chrome vulnerabilities involve sandbox escapes—addressed in the Stable Channel 149 update—allowing attackers to gain host-level execution from the browser process. Simultaneously, critical flaws in Arista EOS and Cisco networking hardware provide vectors for network-wide interception, disruption, and lateral movement. Immediate remediation via vendor patches is mandatory for federal agencies and critical for enterprise environments to mitigate the risk of perimeter breach and internal escalation.
Links:Securityweek, techjacksolutions.com, CISA Cybersecurity Advisories, Security Affairs, SC Media, Thehackernews, Securityboulevard, Mallory, Novee, Chromereleases, Palo Alto Unit 42, Supercybex, Socdefenders, Reddit, Docs, Youtube, feeds.feedburner.com, Infosecurity-magazine, Oodaloop, Akamai, Github, Kiteworks, Sentinelone, Rescana, Firecompass, Stellar, Isc, Aiweekly, Medium, Mashable, Securityaffairs, Cyberdefensemagazine, Cybersol, Cyberpress, Cypro, Fortiguard, Runzero, Hipaajournal, Cloud, Cve, Blogs, Nvd, Oracle, Dark Reading •