ISN 2022-15: Chromium Browser Vulnerabilities

Updated 1st July 2022 (IGEL OS 11.07.170 available)

First published 20th June 2022

CVSS 3.1 Critical

CVSS:3.1 n/a

Summary

The Chromium project has reported multiple vulnerabilities in its web browser. These affect the following IGEL products:

• IGEL OS 11

Details

It has been discovered that the Indexed DB component in Chromium contains a use-after-free error. The project rates this vulnerability as critical (CVE-2022-1853). Eight further memory management issues, mostly use-after-free, exist in several other Chromium components. These have been rated as high (CVE-2022-1854, CVE-2022-1855, CVE-2022-1856, CVE-2022-1857, CVE-2022-1858, CVE-2022-1859, CVE-2022-1860, CVE-2022-1861).

Besides that, several vulnerabilities rated as medium and low exist in Chromium. They are listed in the referenced update from the Chrome Team.

Update instructions

• IGEL OS 11: Update to IGEL OS 11.07.170, which contains Chrome 102.

References

• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
• CVE-2022-1853: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1853