ISN 2025-02: Chromium Vulnerabilities

First published 21 January 2025

CVSS 3.1: 8.3 (High)

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Several security vulnerabilities have been identified in the Chromium web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

V8, Chromium’s JavaScript engine is affected by two type confusions, CVE-2025-0291 (high) and CVE-2024-12692 (high). In addition, an out-of-bounds memory access has been found in V8 (CVE-2024-12693, high) as well as an out-of-bounds write (CVE-2024-12695, high).

Finally, a use-after-free has been discovered in the Compositing component (CVE-2024-12694, high).

Update Instructions

• OS 12: Update to the OS 12 Chromium App in version 132.0.6834.83 as soon as it is available on the IGEL App Portal.

• OS 11: Update to IGEL OS version 11.10.250 (planned for 25 February 2025).

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html