First published 13 May 2026
CVSS:3.1: 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
An integer overflow has been found in Chromium’s rendering engine Blink. It could allow a remote attacker to exploit heap corruption via a crafted HTML page (CVE-2026-7896, high). The remote desktop component Chromoting contains a use-after-free. This could enable a remote attacker to execute arbitrary code via malicious network traffic.
Use-after-free vulnerabilities have also been discovered in the ANGLE (CVE-2026-7901, high), SVG (CVE-2026-7906, high), DOM (CVE-2026-7907, high) and Views (CVE-2026-7910, high) components.
In total, the referenced Chrome Releases Blog post lists 127 issues.
Update Instructions
-
OS 12: Upgrade the Chromium app to version 148.0.7778.96 or newer as soon as it is available on the IGEL App Portal.
-
OS 11: IGEL is working on a version with updated Chromium.
References
-
Chrome Releases Blog: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html