ISN 2026-29: Critical Chromium Vulnerabilities

First published 15 July 2026

CVSS:3.1: 9.6 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in Chromium, a web browser used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

Google reports a use-after-free issue in Chromium’s Browser component that could allow a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This is rated critical and tracked as CVE-2026-13782. Two other instances of use-after-free can be exploited if an attacker can convince a user to engage in specific UI gestures. They have been found in Views (CVE-2026-13783, critical and CVE-2026-13784, critical).

Other vulnerabilities are insufficient validation of untrusted input in the Skia (CVE-2026-13781, critical) and ANGLE components (CVE-2026-14382, critical). Downloads is affected by this kind of issue as well (CVE-2026-13791, high)

In total, Google has reported 433 CVEs of various severities which can be found in the References.

Update Instructions

  • OS 12: Upgrade the Chromium app to version 150.0.7871.46 as soon as it is available on the IGEL App Portal.

  • OS 11: IGEL OS 11 reached End of Maintenance in June 2026. To ensure continued access to security updates and support, we recommend migrating to IGEL OS 12.

References