ISN 2026-02: Chromium Vulnerabilities

First published 17 February 2026

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

Google reports multiple highs in Chromium’s JavaScript engine V8: a race condition (CVE-2026-1220), an out-of-bounds memory access (CVE-2026-0899), an inappropriate implementation (CVE-2026-0900), and an out-of-bounds read and write (CVE-2025-14766).

Further issues are an inappropriate implementation in Blink (CVE-2026-0901), insufficient policy enforcement in the WebView tag (CVE-2026-0628), and a use-after-free in WebGPU (CVE-2025-14765). These are all rated as high.

Update Instructions

• OS 12: Update to the Chromium app in version 144.0.7559.96 or newer from the IGEL App Portal.

• OS 11: Update to IGEL OS 11.11.150.

References

• Chrome Releases Blog: https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_20.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html

• Chrome Releases Blog: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html