ISN 2025-50 Chromium Vulnerability Exploited in the Wild

First published 20 November 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Several security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

Two security issues from the Type Confusion category have been found in Chromium’s JavaScript engine V8, both rated as high (CVE-2025-13223 and CVE-2025-13224). They can be abused via malicious code on websites and could lead to the execution of arbitrary code. Google and CISA report that CVE-2025-13223 is being exploited in the wild.

Apart from these, two inappropriate implementations have been discovered in V8 (CVE-2025-12727 and CVE-2025-13042) and rated as high. Further highs are an out-of-bounds write in WebGPU (CVE-2025-12725) and an inappropriate implementation in the Views component (High CVE-2025-12726).

Update Instructions

• OS 12: Update to the Chromium app in version 142.0.7444.175 or newer when available from the IGEL App Portal.

• OS 11: Update to IGEL OS 11.11.100 when available.

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_11.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html

• CISA Known Exploited Vulnerabilities (KEV) Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-13223