ISN 2022-07: Chromium Browser Vulnerabilities

First published 22nd March 2022

CVSS 3.1 Base Score: 9.8 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The Chromium project has reported multiple vulnerabilities in its web browser. These affect the following IGEL products:

• IGEL OS 11

Details

It has been discovered that the renderer in Chromium contains a use-after-free vulnerability which is rated critical (CVE-2022-0971). Eight further memory corruption issues have been reported which are rated high (CVE-2022-0972, CVE-2022-0973, CVE-2022-0974, CVE-2022-0975, CVE-2022-0976, CVE-2022-0977, CVE-2022-0978, CVE-2022-0979), and one medium (CVE-2022-0980).

Update Instructions

• IGEL OS 11: Update to IGEL OS 11.07.100 (to be released on March 29th)

References

• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
• CVE-2022-0971: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0971