ISN 2025-51: Chromium Vulnerabilities

First published 23 December 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Several security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

Google reports multiple vulnerabilities rated high in Chromium. Among these is CVE-2025-14174, an out-of-bounds memory access in the ANGLE component, that an attacker can abuse via a crafted HTML page. Google is aware that this is being exploited in the wild.

Other highs are a type confusion in the V8 JavaScript engine (CVE-2025-13630), a use-after-free in the Digital Credentials component (CVE-2025-13631), and inappropriate implementations in DevTools (CVE-2025-13632) and Digital Credentials (CVE-2025-13633).

Update Instructions

• OS 12: Update to the Chromium app in version 143.0.7499.109 or newer when available from the IGEL App Portal.

• OS 11: IGEL is preparing an IGEL OS 11 release with an updated Chromium.

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html