Skip to main content
Skip table of contents

ISN 2023-05: Chromium Local File Access

First published 3 April 2023

CVSS 3.1: 6.6 (Medium)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Summary

The Chromium web browser in IGEL OS has been found to allow access to the local filesystem under certain circumstances. This affects the following IGEL products:

  • IGEL OS 11

Details

A penetration test commissioned by IGEL has found that the Chromium browser on IGEL OS allows users to access the local filesystem even when it is forbidden in the profile settings – via downloads, bookmarks, and printing. This is fixed now, disabling downloads, bookmarks, and printing in Chromium when filesystem access is set to be blocked.

Update Instructions

  • Update to IGEL OS 11.08.290
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.