ISN 2022-08: Chromium JavaScript Vulnerability

Updated 29th April 2022 (IGEL OS 11.07.110 available)

First published 28th March 2022

Base Score: High

CVSS:3.1 vector not available yet

Summary

A vulnerability has been found in the Chromium browser. This affects the following IGEL products:

IGEL OS 11

Details

It has been discovered that Chromium’s JavaScript engine contains a vulnerability (CVE-2022-1096) that can be exploited when the user visits a web page that is under the control of an attacker. Google rates this issue as high and reports that it is being actively exploited in the wild.

Mitigation

Use the Firefox Browser in IGEL OS 11.07.100 as an alternative, which is secured by AppArmor.

Update Instructions

IGEL OS 11: Update to IGEL OS 11.07.110 or newer.

References

Chrome Team – Stable Channel Update for Desktop:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
CVE-2022-1096: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096

Download PDF