First published 15 July 2026
CVSS:3.1: 9.6 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
Google reports a use-after-free issue in Chromium’s Browser component that could allow a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This is rated critical and tracked as CVE-2026-13782. Two other instances of use-after-free can be exploited if an attacker can convince a user to engage in specific UI gestures. They have been found in Views (CVE-2026-13783, critical and CVE-2026-13784, critical).
Other vulnerabilities are insufficient validation of untrusted input in the Skia (CVE-2026-13781, critical) and ANGLE components (CVE-2026-14382, critical). Downloads is affected by this kind of issue as well (CVE-2026-13791, high)
In total, Google has reported 433 CVEs of various severities which can be found in the References.
Update Instructions
-
OS 12: Upgrade the Chromium app to version 150.0.7871.46 as soon as it is available on the IGEL App Portal.
-
OS 11: IGEL OS 11 reached End of Maintenance in June 2026. To ensure continued access to security updates and support, we recommend migrating to IGEL OS 12.