Security Update Chromium Component (MINDBREEZE30280)

ID: MINDBREEZE30280 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 7.2 High 
Status: Final 
First published: March 18, 2024 
CVEs: CVE-2024-1060 CVE-2024-1077 CVE-2024-1284 CVE-2024-1283 CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1674 CVE-2024-1676 

Summary

Security Update Chromium Component

• CVE-2024-1060 chromium - Component: Use after free in Canvas.
• CVE-2024-1077 chromium - Component: Use after free in Network.
• CVE-2024-1284 chromium - Component: Use after free in Canvas.
• CVE-2024-1283 chromium - Component: Heap buffer overflow in Skia
• CVE-2024-1669 chromium - Component: Out of bounds memory access in Blink.
• CVE-2024-1670 chromium - Component: Use after free in Mojo.
• CVE-2024-1671 chromium - Component: Inappropriate implementation in Site Isolation.
• CVE-2024-1672 chromium - Component: Inappropriate implementation in Content Security Policy.
• CVE-2024-1674 chromium - Component: Inappropriate implementation in Navigation.
• CVE-2024-1676 chromium - Component: Inappropriate implementation in Navigation. 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.1 HF1 Release 
• Mindbreeze InSpire SaaS 24.1 HF1 Release