ISN 2023-24: Chromium Vulnerability

Updated 24 October 2023 (OS 11.09.110 available)

First published 13 October 2023

CVSS 3.1: 8.8 (High)

CVSS:3.1 /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Chromium web browser. This affects the following IGEL products:

IGEL OS 12
IGEL OS 11

Details

Google has reported a high vulnerability in Chromium (CVE-2023-5218). It is a use-after-free in the Site Isolation component, which could enable an attacker to execute arbitrary code via a crafted HTML page.

Update Instructions

OS 12: IGEL is preparing an updated Chromium app for OS 12.
OS 11: Update to IGEL OS 11.09.110 or newer.

References

Chrome Blog Stable Channel Update for Desktop: https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
CVE-2023-5218: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5218

Download PDF

ISN 2023-24: Chromium Vulnerability

Summary

Details

Update Instructions

References

Cookie Notice