ISN 2024-20: Chromium Vulnerabilities

First published 23 October 2024

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Important security vulnerabilities have been found in the Chromium web browser used in IGEL OS. This affects the following IGEL products:

• IGEL OS 12

• IGEL OS 11

Details

Several type confusions have been found in the V8 JavaScript engine and rated high (CVE-2024-9602, CVE-2024-9603, CVE-2024-8638, CVE-2024-8904). In addition, inappropriate implementations exist in V8 (CVE-2024-9370, high, and CVE-2024-8905, medium).

Other vulnerabilities are use-after-free in the components Media Router (CVE-2024-8637, high) and Autofill (CVE-2024-8639, high) as well as an integer overflow in Layout (CVE-2024-7025, high) and a heap buffer overflow in Skia (CVE-2024-8636, high). In addition, there is insufficient data validation in Mojo (CVE-2024-9369, High).

Update Instructions

• OS 12: Update to the Chromium app with version 129.0.6668.100 as soon as it is available from the IGEL App Portal.

• OS 11: Update to IGEL OS version 11.10.190 as soon as it is available.

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html