Vulnerability Management, Patch/Configuration Management

CISA adds NextGen Healthcare Mirth Connect, Google Chrome flaws to KEV list

The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include security issues impacting NextGen Healthcare Mirth Connect and Google Chrome instances, according to Security Affairs.

Attackers could target NextGen Healthcare Mirth Connect versions earlier than 4.4.1 with intrusions leveraging a deserialization of untrusted data flaw, tracked as CVE-2023-43208, which could facilitate code execution even without proper authentication.

On the other hand, Google has confirmed the existence of a public exploit for a type confusion issue in Google Chrome, tracked as CVE-2024-4947. Such a vulnerability was discovered by Kaspersky researchers Boris Larin and Vasily Berdnikov within the V8 JavaScript engine of Chromium.

Federal agencies have been urged to remediate both flaws by June 10 to mitigate potential attacks against their networks. Organizations in the private sector were also tasked to address both security issues within their network infrastructure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.