Common Gateway Security Fixes

Resolved Chromium and Chrome Vulnerability in Synthetic Monitoring

OpsRamp resolved a critical Chromium and Chrome vulnerability that could result in browser crashes, memory corruption, or rendering issues in gateway environments using browser‑based capabilities. The issue affected both the NextGen Gateway and the Classic Gateway and is addressed in version 21.0.2 with gateway‑specific fixes. The secured browser and driver versions include:

  • Google Chrome and ChromeDriver 146.0.7680.177
  • Microsoft Edge and Edge WebDriver 146.0.3856.97

For NextGen Gateway (Synthetic Monitoring), the fix is included in WebProbe version 21.0.2, which updates the synthetic base image to patched and validated browser components.

For the Classic Gateway, the vulnerability affected the embedded Chromium browser runtime, specifically a use‑after‑free issue in the Chromium WebGPU (Dawn) component. This issue is fixed in Classic Gateway version 21.0.2 by updating the embedded Chromium components to patched versions 146.0.7680.177 or later.

These updates are security‑only, introduce no functional or behavioral changes, and ensure that both gateway architectures run on secured browser components.

Resolved Synthetic Monitoring Temporary File Growth

OpsRamp resolved an issue where Synthetic Monitoring using Chromium‑based browsers caused continuous growth of temporary files in the /tmp directory, leading to increased disk usage over time.

To address this issue, OpsRamp Gateway version 21.0.2 includes an improved gateway cleanup mechanism that runs every 20 minutes and removes synthetic‑related temporary Chromium files older than 15 minutes. Temporary disk usage may increase between cleanup cycles but is periodically reduced, ensuring stable /tmp and overall disk utilization under normal synthetic workloads.

Classic Gateway Security Fixes

Resolved snapd Privilege Escalation Vulnerability on Ubuntu 22.04

OpsRamp resolved a high‑severity local privilege escalation vulnerability in the snapd package affecting gateways running Ubuntu 22.04. The issue was introduced by a regression in OpsRamp Gateway version 21.0.1, which included a vulnerable snapd release.
OpsRamp Gateway version 21.0.2 restores the patched snapd version (2.73+ubuntu22.04.1 or later), mitigating the vulnerability and ensuring secure gateway operation.

For the above security fixes,

  • If you are planning to upgrade to version 21.0.2, no action is required. The patch will automatically update the package.
  • If you are not upgrading to 21.0.2, you must manually update the package using one of the following methods: