ISN 2024-24: Chromium Vulnerability

First published 13 January 2025

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A security issue has been found in the Chromium web browser used in IGEL OS. This affects the following IGEL product versions:

• IGEL OS 12

• IGEL OS 11

Details

A type confusion has been discovered in V8, Chromium’s JavaScript engine. It could allow a remote attacker to exploit heap corruption via a crafted HTML page. This is tracked as CVE-2024-11395 and rated as high.

Update Instructions

• OS 12: Update to the OS 12 Chromium App version 131.0.6778.85 or newer, available from the IGEL App Portal.

• OS 11: Update to IGEL OS 11.10.250 when available.

References

• Chrome Releases Blog https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html

• CVE-2024-11395 Detail at NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11395