ISN 2024-14: Chromium Vulnerabilities

First published 18 June 2024

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in the Chromium web browser used in IGEL OS. This affects the following IGEL products:

• IGEL OS 12

• IGEL OS 11

Details

Type confusions have been discovered in the JavaScript engine V8 (CVE-2024-4947and CVE-2024-5274). They are rated high and could allow a remote attacker to execute arbitrary code. Google is aware that exploits for both these issues exist in the wild.

Furthermore, Google reports heap buffer overflows in ANGLE (CVE-2024-5159, high) and Dawn (CVE-2024-5160, high) as well as occurrences of use-after free in Dawn (CVE-2024-4948, high) and Scheduling (CVE-2024-5157, high).

Update Instructions

• OS 12: Update to the Chromium app version 125.0.6422.112 or newer from the App Portal.

• OS 11: Update to the upcoming IGEL OS 11.10.150.

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html