ISN 2022-08: Chromium JavaScript Vulnerability

Updated 29th April 2022 (IGEL OS 11.07.110 available)

First published 28th March 2022

Base Score: High

CVSS:3.1 vector not available yet

Summary

A vulnerability has been found in the Chromium browser. This affects the following IGEL products:

• IGEL OS 11

Details

It has been discovered that Chromium’s JavaScript engine contains a vulnerability (CVE-2022-1096) that can be exploited when the user visits a web page that is under the control of an attacker. Google rates this issue as high and reports that it is being actively exploited in the wild.

Mitigation

• Use the Firefox Browser in IGEL OS 11.07.100 as an alternative, which is secured by AppArmor.

Update Instructions

• IGEL OS 11: Update to IGEL OS 11.07.110 or newer.

References

• Chrome Team – Stable Channel Update for Desktop:
  https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
• CVE-2022-1096: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096