Multiple vulnerabilities have been discovered in the Chromium web browser which is used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
Chromium has been found to contain an inappropriate implementation in the Payments component that allows a remote attacker to bypass XSS preventions via a malicious file. This is tracked as CVE-2023-5480 and rated as high. In Chromium’s USB component insufficient data validation (CVE-2023-5482, high) could allow out of bounds memory access via a crafted HTML page. Additionally, an integer overflow has been reported in USB that could be used to exploit heap corruption via a crafted web page (CVE-2023-5849, high).
Update Instructions
OS 12: IGEL is preparing an updated OS 12 Chromium app.
OS 11: IGEL is preparing an updated OS 11 version with an updated Chromium.