Updated 1st July 2022 (IGEL OS 11.07.170 available)
First published 20th June 2022
CVSS 3.1 Critical
CVSS:3.1 n/a
Summary
The Chromium project has reported multiple vulnerabilities in its web browser. These affect the following IGEL products:
-
IGEL OS 11
Details
It has been discovered that the Indexed DB component in Chromium contains a use-after-free error. The project rates this vulnerability as critical (CVE-2022-1853). Eight further memory management issues, mostly use-after-free, exist in several other Chromium components. These have been rated as high (CVE-2022-1854, CVE-2022-1855, CVE-2022-1856, CVE-2022-1857, CVE-2022-1858, CVE-2022-1859, CVE-2022-1860, CVE-2022-1861).
Besides that, several vulnerabilities rated as medium and low exist in Chromium. They are listed in the referenced update from the Chrome Team.
Update instructions
-
IGEL OS 11: Update to IGEL OS 11.07.170, which contains Chrome 102.
References
-
Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
-
CVE-2022-1853: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1853