Skip to main content
Skip table of contents

ISN 2025-19: Chromium Vulnerability Exploited in the Wild

First published 3 June 2025

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Security vulnerabilities have been discovered in Chromium, a web browser used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

Chromium is affected by two security issues that Google rates as high: CVE-2025-4664 concerns insufficient policy enforcement in the Loader component. CVE-2025-4609 is an incorrect handle provided in unspecified circumstances in the Mojo component.

Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild and has not disclosed more details about the vulnerabilities so far.

Update Instructions

  • OS 12: Update to the OS 12 Chromium app in version 136.0.7103.113 or newer when available from the IGEL App Portal.

  • OS 11: Update to 11.10.310 when available (planned for 4 June).

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close