ISN 2023-03: Chromium Vulnerabilities

First published 22 March 2023

CVSS 3.1 High

CVSS:3.1 n/a

Summary

The Chromium browser in IGEL OS has been found to have several vulnerabilities rated high. This affects the following IGEL products:

• IGEL OS 11

Details

The Google Chrome project has reported numerous use-after-free vulnerabilities, among others in the Prompts component, which could allow a remote attacker to exploit heap corruption via a crafted HTML page (high, CVE-2023-0941). Further use-after-free weaknesses affect the Web Payments API, SwiftShader, Vulkan, Video and WebRTC.

Other issues include type confusions in the V8 JavaScript engine (high, CVE-2023-0696), Data Transfer (medium, CVE-2023-0702), and DevTools (medium, CVE-2023-0703).

Update Instructions

• Update to IGEL OS 11.08.290 (available in March 2023) which contains Chromium version 110.0.5481.177.

References

• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html