Skip to main content
Skip table of contents

ISN 2025-26: Chromium Vulnerability Exploited in the Wild

Updated 9 July 2025 (Corrected Chromium fix version, OS 11 fix version)

First published 2 July 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

A type confusion has been found in V8, the JavaScript engine in Chromium. It can allow a remote attacker to perform arbitrary reads or writes via a crafted HTML page (CVE-2025-6554, high).
Google reports that an exploit for this vulnerability exists in the wild.

Update Instructions

  • OS 12: Update to the Chromium App in version 138.0.7204.92 or newer when available from the IGEL App Portal.

  • OS 11: Update to IGEL OS version 11.110.410 when available (planned for July).

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close