First published 28 April 2026
CVSS:3.1: 9.6 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
Google reports a total of five critical issues in Chromium: A heap buffer overflow in the WebGL backend ANGLE (CVE-2026-6296), a use-after-free in Proxy (CVE-2026-6297), a heap buffer overflow in the 2D graphics library Skia (CVE-2026-6298), a use-after-free in Prerender (CVE-2026-6299), and a use-after-free in the Extended Reality component XR (CVE-2026-6358).
Apart from these, several vulnerabilities with a rating of high have been found, among them a use-after-free in Video (CVE-2026-6359) and one in CSS (CVE-2026-6300). The PDFium component is affected by two heap buffer overflows (CVE-2026-6305 and CVE-2026-6306).
The referenced Chrome Releases blog post lists 31 issues in total.
Update Instructions
-
OS 12: Update to the Chromium app version 147.0.7727.101 or newer as soon as it is available on the IGEL App Portal.
-
OS 11: Update to IGEL OS 11.11.140 as soon as it is available.
References
-
Chrome Releases Blog: https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html