ISN 2024-11: Chromium Critical Vulnerability

First published 30 April 2024

CVSS 3.1: n/a (critical)

CVSS:3.1 n/a

Summary

Multiple security vulnerabilities have been found in the Chromium web browser used in IGEL OS. This affects the following IGEL products:

• IGEL OS 12
• IGEL OS 11

Details

A type confusion in ANGLE, the WebGL component in Chromium, is rated as a critical vulnerability (CVE-2024-4058). In addition, issues rated high exist: An out-of-bounds read in the V8 JavaScript engine API (CVE-2024-4059) and a use-after-free in the WebGPU implementation Dawn (CVE-2024-4060).

Update Instructions

• OS 12: Update to the OS 12 Chromium app version 124.0.6367.78 or newer when it is available in the IGEL App Portal.
• OS 11: Update to OS 11.10.100 when it is available (mid-May)

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html