CVE-2023-45593

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A vulnerability in the embedded Chromium browser, concerning the handling of alternative URLs other than "http://localhost", allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device.

Recommendations For AiLux imx6 bundle versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Chromium browser until a patch is available. Avoid using alternative URLs other than "http://localhost" in the embedded browser until the issue is resolved.