Skip to main content
Skip table of contents

ISN 2024-21: Chromium Critical Vulnerability

First published 5 November 2024

CVSS 3.1: 9.8 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A critical security vulnerability has been found in the Chromium web browser used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12

  • IGEL OS 11

Details

An out-of-bounds write has been found in Dawn, the WebGPU implementation in Chromium. It allows a remote attacker to write to memory out of bounds via a crafted HTML page. This is tracked as CVE-2024-10487 and rated critical.

In addition, a use-after-free has been discovered in the WebRTC component of Chromium. A remote attacker could potentially use it for heap corruption via an HTML page (CVE-2024-10488, high).

Update Instructions

  • IGEL OS 12: Update to the IGEL OS app with Chromium version 130.0.6723.91 as soon as it is available from the IGEL App Portal.

  • IGEL OS 11: Update to IGEL OS version 11.10.210 as soon as it is available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close