Skip to main content
Skip table of contents

ISN 2024-07: Chromium Vulnerabilities

Updated 15 April 2024 (IGEL OS 11.09.310 available)

First published 25 March 2024

CVSS 3.1: 8.8 (high)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary                                                                                                       

Multiple security vulnerabilities have been found in the Chromium web browser used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11

Details

Out of the security issues found in the Chromium web browser, several affect the V8 JavaScript engine. They are all rated high and range from type confusion (CVE-2024-0518, CVE-2024-1938, CVE-2024-1939) over inappropriate implementation (CVE-2024-2174) to out-of-bounds memory access (CVE-2024-2173, CVE-2024-0519).

Use-after-free vulnerabilities rated high have been found in the Mojo (CVE-2024-1284, CVE-2024-1670), Performance Manager (CVE-2024-2400), WebAudio (CVE-2024-0807), Network (CVE-2024-1077), WebRTC (CVE-2024-1059), Canvas (CVE-2024-1060) and FedCM (CVE-2024-2176) components of the browser. These could allow a remote attacker to exploit heap corruption via crafted data.

Further issues are out-of-bounds memory access in Blink (CVE-2024-1669), heap buffer overflow in Skia (CVE-2024-1283), an inappropriate implementation in Accessibility (CVE-2024-0812) and an Integer underflow in WebUI (CVE-2024-0808). These are also rated high.

Update Instructions

  • OS 12: Update the OS 12 Chromium App to version 122.0.6261.128 when it is available on the IGEL App Portal.
  • OS 11: Update to IGEL OS version 11.09.310.

References


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.