The Cybersecurity and Infrastructure Security Agency (CISA) has taken proactive steps to enhance cybersecurity by adding a recently exploited vulnerability, identified as CVE-2023-5217 Google Chrome libvpx Heap Buffer Overflow Vulnerability, to its Known Exploited Vulnerabilities Catalog. This action is in response to concrete evidence of active exploitation, emphasizing the urgency of addressing such vulnerabilities.
Furthermore, such heap buffer overflow vulnerabilities, like the one in Google Chrome libvpx, are commonly targeted by malicious cyber actors, posing significant threats to the federal enterprise.
Additionally, the Known Exploited Vulnerabilities Catalog was established under Binding Operational Directive (BOD) 22-01, which aims to reduce the substantial risk posed by known CVEs to the federal enterprise. FCEB (Federal Civilian Executive Branch) agencies are mandated by BOD 22-01 to remediate identified vulnerabilities within specified timelines to protect FCEB networks against active threats.
At the same time, while this directive primarily applies to FCEB agencies, CISA strongly encourages all organizations, regardless of their sector, to prioritize the timely remediation of vulnerabilities listed in the catalog as part of their comprehensive vulnerability management practices.
Finally, CISA’s commitment to bolstering cybersecurity readiness extends to its ongoing efforts to identify and include vulnerabilities in the catalog that meet specific criteria, thereby helping organizations better fortify their defenses against cyberattacks.