ISN 2023-08: Chromium Critical Vulnerability

Updated 26 July 2023 (updated timelines)

First published 25 May 2023

CVSS 3.1: 9.8 (critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A critical vulnerability has been found in the Chromium web browser used in IGEL OS.

This affects the following IGEL products:

• IGEL OS 11
• IGEL OS 12

Details

The Chrome project has announced that a use-after-free error has been discovered in the Navigation component of the Chromium browser before version 113 (CVE-2023-2721). This vulnerability potentially allows a remote attacker to exploit heap corruption via a crafted HTML page. It is rated critical.

Mitigation

• On IGEL OS 11, use Firefox as an alternative.

Update Instructions

• IGEL OS 11: Update to the upcoming IGEL OS 11.08.x August release.
• IGEL OS 12: Update the Chromium 114 app for OS 12 (available in the first week of August).

References

• Chrome Team – Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html