Grafana security update fixes four high-severity Chromium flaws.

Grafana has released critical patches for its Image Renderer plugin and Synthetic Monitoring Agent to address four high-severity vulnerabilities in the embedded Chromium library, including a zero-day that enabled arbitrary read/write operations. The updates also remediate a second V8 type confusion, an integer overflow, and a Profiler use-after-free bug. Each flaw was exploitable remotely to execute code or corrupt memory. Administrators of on-premises and hybrid deployments must apply these fixes immediately, while Grafana’s cloud-hosted services have already been automatically updated.

Read more:

https://www.securityweek.com/grafana-patches-chromium-bugs-including-zero-day-exploited-in-the-wild/