ISN 2025-23: Chromium Vulnerability Exploited in the Wild

First published 30 June 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

An out-of-bounds read has been found in V8, the JavaScript engine in Chromium. It could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This is rated as high and tracked as CVE-2025-5419.

Google reports that this issue is being exploited in the wild.

Other issues are a use-after-free in the Media component (CVE-2025-5958, high) and a type confusion in V8 (CVE-2025-5959, high).

Update Instructions

• OS 12: Update to the Chromium App in version 137.0.7151.103 or newer when available from the IGEL App Portal.

• OS 11: Update to IGEL OS version 11.10.410 when available (planned for July).

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html

• Chrome Released Blog: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html