ISN 2023-24: Chromium Vulnerability

Updated 24 October 2023 (OS 11.09.110 available)

First published 13 October 2023

CVSS 3.1: 8.8 (High)

CVSS:3.1 /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Chromium web browser. This affects the following IGEL products:

• IGEL OS 12
• IGEL OS 11

Details

Google has reported a high vulnerability in Chromium (CVE-2023-5218). It is a use-after-free in the Site Isolation component, which could enable an attacker to execute arbitrary code via a crafted HTML page.

Update Instructions

• OS 12: IGEL is preparing an updated Chromium app for OS 12.
• OS 11: Update to IGEL OS 11.09.110 or newer.

References

• Chrome Blog Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
• CVE-2023-5218: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5218