CISA Urges Organizations to Patch Recent Chrome, Magento Zero-Days


One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication.

On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086.

The second zero-day vulnerability is CVE-2022-0609, a high-severity security defect in the Chrome browser that Google describes as a use-after-free issue in Animation, and which could also lead to code execution attacks.