A critical vulnerability has been found in the Chromium web browser used in IGEL OS.
This affects the following IGEL products:
IGEL OS 11
IGEL OS 12
Details
The Chrome project has announced that a use-after-free error has been discovered in the Navigation component of the Chromium browser before version 113 (CVE-2023-2721). This vulnerability potentially allows a remote attacker to exploit heap corruption via a crafted HTML page. It is rated critical.
Mitigation
On IGEL OS 11, use Firefox as an alternative.
Update Instructions
IGEL OS 11: Update to the upcoming IGEL OS 11.08.x August release.
IGEL OS 12: Update the Chromium 114 app for OS 12 (available in the first week of August).