ISN 2025-44 Chromium Vulnerabilities

First published 13 October 2025

CVSS:3.1: 8.1 (High)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

Heap buffer overflows have been discovered in the components WebGPU (CVE-2025-11205, high), Video (CVE-2025-11206, high), and Sync (CVE-2025-11458, high). These may lead to crashes or execution of arbitrary code. Also, the V8 JavaScript engine is affected by two instances of heap buffer overflow, in WebGPU (CVE-2025-11205, high) and Video (CVE-2025-11206, high).

Apart from that, information can be leaked from V8 via a side channel (CVE-2025-10890). The Storage component contains a use-after-free, which could crash Chromium or execute arbitrary code (CVE-2025-11460, high).

Update Instructions

• OS 12: Update to the Chromium app in version 141.0.7390.65 or newer when available from the IGEL App Portal.

• OS 11: Update to IGEL OS version 11.11.100 when available.

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html