ISN 2024-01: Chromium Vulnerabilities

First published 22 January 2024

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple Security vulnerabilities have been discovered in the Chromium web browser used in IGEL OS. This affects the following IGEL products:

• IGEL OS 12
• IGEL OS 11

Details

Several memory management issues have been found and rated high: a use after free (CVE-2024-0222) and a heap buffer overflow in ANGLE (High CVE-2024-0223), a use after free in WebAudio (CVE-2024-0224), and a use after free in WebGPU (CVE-2024-0225). Additionally, there is insufficient data validation in Extensions (CVE-2024-0333), which is also rated as high.

Update Instructions

• OS 12: Upgrade to the OS 12 Chromium App version 120.0.6099.216 as soon as it is available from the IGEL App Portal.
• OS 11: Upgrade to OS 11.09.210.

References

• https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
• https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html