ISN 2026-28: Critical Chromium Vulnerabilities

First published 2 June2026

CVSS:3.1: 9.6 (Critical)

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

Google lists 15 critical and 70 high vulnerabilities in the Chromium browser. This is counted across all operating systems, but most also affect Linux.

Among the critical are use-after-free issues in Extensions (CVE-2026-13774), GPU (CVE-2026-13775), WebUSB (CVE-2026-13778), Browser (CVE-2026-13782), Views (CVE-2026-13783), Ozone (CVE-2026-13786) and Chromoting (CVE-2026-13787). Other vulnerabilities rated critical are a type confusion in Dawn (CVE-2026-13776) and insufficient validation of untrusted input in ANGLE (CVE-2026-13780).

In addition, there are issues rated high: side-channel information leakage in Safe Browsing (CVE-2026-13809), and Insufficient validation of untrusted input in Downloads (CVE-2026-13791).

For a full list of vulnerabilities refer to the References section in this ISN.

Update Instructions

  • OS 12: Upgrade the Chromium app to version 149.0.7827.200 or newer.

  • OS 11: IGEL OS 11 reached End of Maintenance in June 2026. To ensure continued access to security updates and support, we recommend migrating to IGEL OS 12.

References