The US’s Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog.
The bug, tracked as CVE-2023-5217, received a patch from Google last week and was assigned a severity rating of 8.8 on the CVSS v3 scale.
With its addition to the KEV Catalog, CISA has effectively indicated that exploits for the vulnerability pose a “significant risk to the federal enterprise,” and agencies in the Federal Civilian Executive Branch (FCEB) have been set a three-week deadline of October 23 to apply the recommended fixes.
