ISN 2025-29: Chromium Vulnerability in ANGLE Exploited in the Wild

First published 4 August 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

It has been discovered that Chromium’s Almost Native Graphics Layer Engine (ANGLE) and its GPU compositor do not correctly validate untrusted input. This is tracked as CVE-2025-6558 and rated as high. Google is aware that an exploit for CVE-2025-6558 exists in the wild.

Further highs concern an integer overflow in the V8 JavaScript engine (CVE-2025-7656) and a use-after-free in WebRTC (CVE-2025-7657).

Update Instructions

• OS 12: Update to the Chromium App in version 138.0.7204.157 or newer when available from the IGEL App Portal.

• OS 11: Update to IGEL OS version 11.11.100 when available.

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html