Security Update Chromium Component (MINDBREEZE30280)
ID: MINDBREEZE30280
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.2 High
Status: Final
First published: March 18, 2024
CVEs: CVE-2024-1060 CVE-2024-1077 CVE-2024-1284 CVE-2024-1283 CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1674 CVE-2024-1676
Summary
Security Update Chromium Component
- CVE-2024-1060 chromium - Component: Use after free in Canvas.
- CVE-2024-1077 chromium - Component: Use after free in Network.
- CVE-2024-1284 chromium - Component: Use after free in Canvas.
- CVE-2024-1283 chromium - Component: Heap buffer overflow in Skia
- CVE-2024-1669 chromium - Component: Out of bounds memory access in Blink.
- CVE-2024-1670 chromium - Component: Use after free in Mojo.
- CVE-2024-1671 chromium - Component: Inappropriate implementation in Site Isolation.
- CVE-2024-1672 chromium - Component: Inappropriate implementation in Content Security Policy.
- CVE-2024-1674 chromium - Component: Inappropriate implementation in Navigation.
- CVE-2024-1676 chromium - Component: Inappropriate implementation in Navigation.
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 24.1 HF1 Release
- Mindbreeze InSpire SaaS 24.1 HF1 Release