Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42 Chromium Severe Heap Buffer Overflow CVE-2026-3913 Warning

fedora
Calendar Grey March 16, 2026
Dist Fedora Esm H88
Fedora 42 updates Chromium to fix critical vulnerabilities including heap buffer overflows and out of bounds reads.
Update to 146.0.7680.71 CVE-2026-3913: Heap buffer overflow in WebML CVE-2026-3914: Integer overflow in WebML CVE-2026-3915: Heap buffer overflow in WebML CVE-2026-3916: Out of bou...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update to 146.0.7680.71 CVE-2026-3913: Heap buffer overflow in WebML CVE-2026-3914: Integer overflow in WebML CVE-2026-3915: Heap buffer overflow in WebML CVE-2026-3916: Out of bounds read in Web Speech CVE-2026-3917: Use after free in Agents CVE-2026-3918: Use after free in WebMCP CVE-2026-3919: Use after free in Extensions CVE-2026-3920: Out of bounds memory access in WebML CVE-2026-3921: Use after free in TextEncoding CVE-2026-3922: Use after free in MediaStream CVE-2026-3923: Use after free in WebMIDI CVE-2026-3924: Use after free in WindowDialog CVE-2026-3925: Incorrect security UI in LookalikeChecks CVE-2026-3926: Out of bounds read in V8 CVE-2026-3927: Incorrect security UI in PictureInPicture CVE-2026-3928: Insufficient policy enforcement in Extensions CVE-2026-3929: Side-channel information leakage in ResourceTiming CVE-2026-3930: Unsafe navigation in Navigation CVE-2026-3931: Heap buffer overflow in Skia CVE-2026-3932: Insufficient policy enforcement in...

Topics%20covered

Topics Covered

security advisory fedora critical out-of-bounds read heap buffer overflow webml

Change Log

* Thu Mar 12 2026 Than Ngo - 146.0.7680.71-1 - Update to 146.0.7680.71 * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

References

Fedora Update Notification FEDORA-2026-e71e71d1fe 2026-03-16 01:10:09.534367+00:00 Name : chromium Product : Fedora 42 Version : 146.0.7680.71 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink).

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e71e71d1fe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 42
Version: 146.0.7680.71
Release: 1.fc42
URL: http://www.chromium.org/Home
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory fedora critical out-of-bounds read heap buffer overflow webml

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here