ISN 2022-14: Chromium Browser Vulnerabilities

First published 3rd June 2022

CVSS 3.1 High

CVSS:3.1 n/a

Summary

The Chromium project has reported multiple vulnerabilities in its web browser. These affect the following IGEL products:

• IGEL OS 11

Details

An inappropriate implementation in Web Contents has been found in Chromium and has been rated as high (CVE-2022-1637). In addition, there are 6 issues of use-after-free which are rated high (CVE-2022-1633, CVE-2022-1634, CVE-2022-1635, CVE-2022-1636, CVE-2022-1639, CVE-2022-1640) and one such issue rated medium (CVE-2022-1641). Besides that, a heap buffer overflow has been found in V8 internationalization and rated high (CVE-2022-1638).

Update Instructions

• IGEL OS 11: Update to IGEL OS version 11.07.140, which contains Chromium version 101 or newer.

References

• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
• CVE-2022-1637: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1637
• CVE-2022-1638: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1638