First published 15 April 2026
CVSS:3.1: 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
It has been discovered that Chromium’s Dawn, a WebGPU implementation, contains a use-after-free vulnerability (CVE-2026-5281). It could allow a remote attacker to execute arbitrary code via a crafted HTML page and is rated as high. Google is aware that an exploit for this issue exists in the wild.
The Dawn component is affected by two further use-after-free issues, which are rated high (CVE-2026-5284, CVE-2026-5286). Also, the PDF component suffers from this kind of vulnerability (CVE-2026-5287, high), and the JavaScript Engine V8 shows object corruption (CVE-2026-5279, high).
Google lists many further issues rated high, mostly memory management related, which can be found in the referenced blog post.
Update Instructions
-
OS 12: Update to the Chromium app in version 147.0.7727.55 or newer when available from the IGEL App Portal.
-
OS 11: IGEL is preparing an OS 11 release with a fixed Chromium version.