Download page ISN 2023-05: Chromium Local File Access.
ISN 2023-05: Chromium Local File Access
First published 3 April 2023
CVSS 3.1: 6.6 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Summary
The Chromium web browser in IGEL OS has been found to allow access to the local filesystem under certain circumstances. This affects the following IGEL products:
IGEL OS 11
Details
A penetration test commissioned by IGEL has found that the Chromium browser on IGEL OS allows users to access the local filesystem even when it is forbidden in the profile settings – via downloads, bookmarks, and printing. This is fixed now, disabling downloads, bookmarks, and printing in Chromium when filesystem access is set to be blocked.