Skip to main content
Skip table of contents

ISN 2025-13: Chromium Critical Vulnerability

Updated 22 April 2025 (Fix available in OS 11.10.290)

First published 17 April 2025

CVSS 3.1: 9.0 (Critical)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

One of the security issues found in Chromium is a heap buffer overflow in the Codec component. Attackers could use fabricated media files to exploit this vulnerability and potentially execute code. This is tracked as CVE-2025-3619 and rated critical. The other vulnerability is a use-after-free in the USB component (CVE-2025-3620, high).

Update Instructions

  • OS 12: Update the OS 12 Chromium App to version 135.0.7049.95 or newer when available.

  • OS 11: Update to OS 11.10.290 when available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close