Skip to main content
Skip table of contents

ISN 2025-12: Chromium Critical Vulnerability

First published 25 March 2025

CVSS 3.1: 9.6 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Chromium web browser used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

Chromium is affected by a use-after-free issue in the Lens component. A remote attacker could potentially exploit heap corruption via a crafted HTML page. This is rated as critical and tracked as CVE-2025-2476.

Mitigation

Deactivate Lens in a custom Chromium policy:

  1. In Setup, go to Chromium Browser > Global Settings > Custom Setup.

  2. Add a policy named LensOverlaySettings and set it to 1 (which means deactivated).

For more information, see Configuring Custom Settings and Chromium Policies for Chromium Browser Global in IGEL OS .

Update Instructions

  • OS 12: Update the OS 12 Chromium App to version 134.0.6998.117 or newer when available.

  • OS 11: Update to OS 11.10.270 when available (April 3rd)

References

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close