Multiple security vulnerabilities have been found in the Chromium web browser used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
An integer overflow has been found in Chromium’s 2D graphics library Skia that could allow a remote attacker to escape the sandbox via a malicious file. Google reports that there is an exploit for this issue being used in the wild, and the vulnerability is rated as high (CVE-2023-6345). Also, six further issues rated high have been reported that concern memory management vulnerabilities.
Update Instructions
OS 12: An updated Chromium app is available from the IGEL App Portal.
OS 11: Update to private build 11.09.151, which is available on request from IGEL Support or to IGEL OS 11.09.160, which is publicly available.