ISN 2022-17: Chromium WebRTC Vulnerability

Updated 30 August 2022 (IGEL OS 11.08.100 available)

First published 22 July 2022

CVSS 3.1 High

CVSS: n/a

Summary

Multiple vulnerabilities have been found in the Chromium web browser. This affects the following IGEL products:

• IGEL OS 11

Details

Google has reported a heap buffer overflow in the WebRTC component (CVE-2022-2294), which is used for multimedia and video conferencing. Google has rated this as high and states that an exploit for this issue exists in the wild. The other vulnerability rated high is a type confusion in the V8 JavaScript engine (CVE-2022-2295).

Update Instructions

• IGEL OS 11: Update to IGEL OS version 11.08.100 or newer.

References

• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html