The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include security issues impacting NextGen Healthcare Mirth Connect and Google Chrome instances, according to Security Affairs.
Attackers could target NextGen Healthcare Mirth Connect versions earlier than 4.4.1 with intrusions leveraging a deserialization of untrusted data flaw, tracked as CVE-2023-43208, which could facilitate code execution even without proper authentication.
On the other hand, Google has confirmed the existence of a public exploit for a type confusion issue in Google Chrome, tracked as CVE-2024-4947. Such a vulnerability was discovered by Kaspersky researchers Boris Larin and Vasily Berdnikov within the V8 JavaScript engine of Chromium.
Federal agencies have been urged to remediate both flaws by June 10 to mitigate potential attacks against their networks. Organizations in the private sector were also tasked to address both security issues within their network infrastructure.