CISA Adds Two Actively Exploited Flaws to its Catalog

About the flaw impacting Oracle

• It affects versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0 of Oracle Access Manager (OAM) and can be exploited by sending HTTP requests. In addition to OAM, the flaw also affects Oracle Weblogic Server11g (10.3.6.0) and OAM 11g (11.1.2.0.0), however, support for the same has stopped from January 1.
• Successful exploitation of the flaw can allow unauthenticated attackers with network access to completely compromise and take over Access Manager instances. 
• Several PoC codes to exploit the flaw has been published on GitHub since March but according to the CISA, successful exploitation attempts have been detected now. 

About the flaw impacting Chrome

• It is the eighth zero-day vulnerability to be discovered in the Chrome browser this year and affects versions prior to 107.0.5304.121 for Mac, Linux, and Windows.
• It can be exploited by remote attackers to launch DoS attacks by putting the program in an infinite loop. Attackers can also exploit the vulnerability to execute arbitrary code or bypass existing protection mechanisms via a specially crafted HTML page. 

Patch it to stay safe