Explore top 10 tips to secure your open-source projects now. Read More
×
Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7e82bf89f4 2026-07-12 01:10:38.798635+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 150.0.7871.114 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms *CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Than Ngo - 150.0.7871.114-1 - Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation inNavigation -------------------------------------------------------------------------------- References: [ 1 ] Bug #2498397 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498397 [ 2 ] Bug #2498398 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498398 [ 3 ] Bug #2498404 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498404 [ 4 ] Bug #2498405 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498405 [ 5 ] Bug #2498407 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498407 [ 6 ] Bug #2498408 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498408 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7e82bf89f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves 29 vulnerabilities can now be installed.. # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:2814-1 Release Date: 2026-07-09T12:26:39Z Rating: important References: * bsc#1268071 * bsc#1269226 Cross-References: * CVE-2026-12289 * CVE-2026-12290 * CVE-2026-12291 * CVE-2026-12292 * CVE-2026-12294 * CVE-2026-12295 * CVE-2026-12296 * CVE-2026-12297 * CVE-2026-12298 * CVE-2026-12299 * CVE-2026-12302 * CVE-2026-12304 * CVE-2026-12305 * CVE-2026-12306 * CVE-2026-12307 * CVE-2026-12308 * CVE-2026-12309 * CVE-2026-12310 * CVE-2026-12311 * CVE-2026-12312 * CVE-2026-12313 * CVE-2026-12314 * CVE-2026-12315 * CVE-2026-12324 * CVE-2026-12325 * CVE-2026-12327 * CVE-2026-12328 * CVE-2026-12329 * CVE-2026-12330 CVSS scores: * CVE-2026-12289 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12289 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12290 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12290 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12290 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12292 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-12292 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12292 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12294 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12294 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12294 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( NVD ): 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12296 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12296 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12296 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12297 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12297 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12297 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12298 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12298 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12302 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-12302 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-12304 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12304 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12305 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-12305 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-12306 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12306 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12307 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12307 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12308 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12308 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12309 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-12309 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-12310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12310 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12311 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12311 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12312 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12312 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12313 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12313 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12314 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12314 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12315 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12315 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12324 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-12324 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-12325 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-12325 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-12327 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12327 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-12329 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-12329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12330 ( SUSE ): 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12330 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 29 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Removed obsolete mozilla-nss-certs and recommends p11-kit-nss-trust (bsc#1269226) Update to Firefox 140.12.0 ESR (MFSA 2026-58, bsc#1268071): * CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. * CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12291: Use-after-free in the Networking: HTTP component. * CVE-2026-12292: Incorrect boundary conditions in the Web Audio component. * CVE-2026-12294: Sandbox escape in the DOM: Workers component. * CVE-2026-12295: Sandbox escape in the DOM: Navigation component. * CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12297: Sandbox escape due toincorrect boundary conditions in the Networking component. * CVE-2026-12298: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component. * CVE-2026-12302: Mitigation bypass in the DOM: Security component. * CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component. * CVE-2026-12305: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12306: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12307: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12308: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12309: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12310: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12312: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12314: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12315: Mitigation bypass in the DOM: Security component. * CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component. * CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. * CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. * CVE-2026-12329: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12330: Incorrect boundary conditions in the Internationalization component. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2814=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2814=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2814=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2814=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2814=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2814=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2814=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2814=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 *MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) *MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * Desktop Applications Module 15-SP7 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 *MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 ## References: * https://www.suse.com/security/cve/CVE-2026-12289.html * https://www.suse.com/security/cve/CVE-2026-12290.html * https://www.suse.com/security/cve/CVE-2026-12291.html * https://www.suse.com/security/cve/CVE-2026-12292.html * https://www.suse.com/security/cve/CVE-2026-12294.html * https://www.suse.com/security/cve/CVE-2026-12295.html * https://www.suse.com/security/cve/CVE-2026-12296.html * https://www.suse.com/security/cve/CVE-2026-12297.html * https://www.suse.com/security/cve/CVE-2026-12298.html * https://www.suse.com/security/cve/CVE-2026-12299.html * https://www.suse.com/security/cve/CVE-2026-12302.html * https://www.suse.com/security/cve/CVE-2026-12304.html * https://www.suse.com/security/cve/CVE-2026-12305.html * https://www.suse.com/security/cve/CVE-2026-12306.html * https://www.suse.com/security/cve/CVE-2026-12307.html * https://www.suse.com/security/cve/CVE-2026-12308.html * https://www.suse.com/security/cve/CVE-2026-12309.html * https://www.suse.com/security/cve/CVE-2026-12310.html * https://www.suse.com/security/cve/CVE-2026-12311.html * https://www.suse.com/security/cve/CVE-2026-12312.html * https://www.suse.com/security/cve/CVE-2026-12313.html * https://www.suse.com/security/cve/CVE-2026-12314.html *https://www.suse.com/security/cve/CVE-2026-12315.html * https://www.suse.com/security/cve/CVE-2026-12324.html * https://www.suse.com/security/cve/CVE-2026-12325.html * https://www.suse.com/security/cve/CVE-2026-12327.html * https://www.suse.com/security/cve/CVE-2026-12328.html * https://www.suse.com/security/cve/CVE-2026-12329.html * https://www.suse.com/security/cve/CVE-2026-12330.html * https://bugzilla.suse.com/show_bug.cgi?id=1268071 * https://bugzilla.suse.com/show_bug.cgi?id=1269226 . SUSE offers an important update for MozillaFirefox addressing 29 issues including memory safety and sandbox escape vulnerabilities.. MozillaFirefox update, SUSE security advisory, browser security patch, important security updates. . Severity: Important. LinuxSecurity.com Team
Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-148601cd51 2026-06-29 00:57:02.525524+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 149.0.7827.200 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 26 2026 Than Ngo - 149.0.7827.200-1 - Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-148601cd51' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-15e444c3bb 2026-06-08 01:23:19.405842+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 149.0.7827.53 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Than Ngo - 149.0.7827.53-1 - Update to 149.0.7827.53 * CVE-2026-10881: Out of bounds read and write in ANGLE * CVE-2026-10882: Use after free in Network * CVE-2026-10883: Out of bounds write in ANGLE * CVE-2026-10884: Use after free in Chromecast * CVE-2026-10885: Use after free in Chrome for iOS * CVE-2026-10886: Use after free in FileSystem * CVE-2026-10887: Use after free in Chromoting * CVE-2026-10888: Use after free in Cast Streaming * CVE-2026-10889: Out of bounds read in ANGLE * CVE-2026-10890: Use after free in Cast * CVE-2026-10891: Use after free in GFX * CVE-2026-10892: Out of bounds write in GPU * CVE-2026-10893: Use after free in Chromoting * CVE-2026-10894: Use after free in Printing * CVE-2026-10895: Use after free in Ozone * CVE-2026-10896: Use after free in Chrome for iOS * CVE-2026-10897: Out of bounds write in GPU * CVE-2026-10898: Stack buffer overflow in GPU * CVE-2026-10899: Use after free in Ozone * CVE-2026-10900: Use after free in Passwords * CVE-2026-10901: Use after free in Passwords *CVE-2026-10902: Use after free in Ozone * CVE-2026-10903: Use after free in WebRTC * CVE-2026-10904: Inappropriate implementation in V8 * CVE-2026-10905: Use after free in Network * CVE-2026-10906: Use after free in WebAuthentication * CVE-2026-10907: Out of bounds write in ANGLE * CVE-2026-10908: Use after free in FullScreen * CVE-2026-10909: Use after free in Dawn * CVE-2026-10910: Type Confusion in V8 * CVE-2026-10911: Insufficient validation of untrusted input in Media * CVE-2026-10912: Insufficient validation of untrusted input in Extensions * CVE-2026-10913: Use after free in ANGLE * CVE-2026-10914: Use after free in ANGLE * CVE-2026-10915: Use after free in Core * CVE-2026-10916: Insufficient validation of untrusted input in DevTools * CVE-2026-10917: Insufficient validation of untrusted input in Media * CVE-2026-10918: Use after free in Viz * CVE-2026-10919: Use after free in ANGLE * CVE-2026-10920: Insufficient validation of untrusted input in WebShare * CVE-2026-10921: Integer overflow in Dawn * CVE-2026-10922: Insufficient validation of untrusted input in DevTools * CVE-2026-10923: Use after free in WebAppInstalls * CVE-2026-10924: Integer overflow in Chromecast * CVE-2026-10925: Out of bounds write in Skia * CVE-2026-10926: Use after free in Cast * CVE-2026-10927: Out of bounds read in Dawn * CVE-2026-10928: Script injection in Headless * CVE-2026-10929: Heap buffer overflow in ANGLE * CVE-2026-10930: Out of bounds read in ANGLE * CVE-2026-10931: Use after free in FileSystem * CVE-2026-10932: Use after free in UI * CVE-2026-10933: Use after free in Audio * CVE-2026-10934: Use after free in Autofill * CVE-2026-10935: Inappropriate implementation in V8 * CVE-2026-10936: Type Confusion in V8 * CVE-2026-10937: Inappropriate implementation in Passwords * CVE-2026-10938: Insufficient validation of untrusted input in Input * CVE-2026-10939: Use after free in WebRTC * CVE-2026-10940: Race inCodecs * CVE-2026-10941: Out of bounds memory access in Skia * CVE-2026-10942: Insufficient validation of untrusted input in UI * CVE-2026-10943: Use after free in WebRTC * CVE-2026-10944: Insufficient policy enforcement in Autofill * CVE-2026-10945: Use after free in PDF * CVE-2026-10946: Heap buffer overflow in Media * CVE-2026-10947: Use after free in WebRTC * CVE-2026-10948: Use after free in WebRTC * CVE-2026-10949: Heap buffer overflow in Video * CVE-2026-10950: Insufficient policy enforcement in Autofill * CVE-2026-10951: Use after free in Autofill * CVE-2026-10952: Use after free in Chrome for iOS * CVE-2026-10953: Use after free in Core * CVE-2026-10954: Use after free in Actor * CVE-2026-10955: Type Confusion in ANGLE * CVE-2026-10956: Use after free in MimeHandlerView * CVE-2026-10957: Use after free in Glic * CVE-2026-10958: Use after free in Chrome for iOS * CVE-2026-10959: Use after free in Input * CVE-2026-10960: Uninitialized Use in Codecs * CVE-2026-10961: Use after free in Chrome for iOS * CVE-2026-10962: Type Confusion in Media * CVE-2026-10963: Integer overflow in V8 * CVE-2026-10964: Integer overflow in V8 * CVE-2026-10965: Integer overflow in DevTools * CVE-2026-10966: Insufficient validation of untrusted input in Codecs * CVE-2026-10967: Use after free in SurfaceCapture * CVE-2026-10968: Insufficient validation of untrusted input in Dawn * CVE-2026-10969: Insufficient validation of untrusted input in Extensions * CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups * CVE-2026-10971: Insufficient validation of untrusted input in Printing * CVE-2026-10972: Use after free in Ozone * CVE-2026-10973: Uninitialized Use in Dawn * CVE-2026-10974: Insufficient validation of untrusted input in ANGLE * CVE-2026-10975: Use after free in WebRTC * CVE-2026-10976: Uninitialized Use in Dawn * CVE-2026-10977: Uninitialized Use in Skia * CVE-2026-10978: Use after free inChromoting * CVE-2026-10979: Out of bounds read in ANGLE * CVE-2026-10980: Insufficient validation of untrusted input in DevTools * CVE-2026-10981: Insufficient validation of untrusted input in Codecs * CVE-2026-10982: Use after free in WebXR * CVE-2026-10983: Insufficient validation of untrusted input in Dawn * CVE-2026-10984: Inappropriate implementation in Accessibility * CVE-2026-10985: Out of bounds read in Skia * CVE-2026-10986: Integer overflow in Media * CVE-2026-10987: Integer overflow in V8 * CVE-2026-10988: Use after free in Views * CVE-2026-10989: Inappropriate implementation in V8 * CVE-2026-10990: Use after free in Glic * CVE-2026-10991: Use after free in V8 * CVE-2026-10992: Insufficient data validation in Animation * CVE-2026-10993: Heap buffer overflow in Skia * CVE-2026-10994: Uninitialized Use in ANGLE * CVE-2026-10995: Heap buffer overflow in TabStrip * CVE-2026-10996: Inappropriate implementation in Workers * CVE-2026-10997: Insufficient policy enforcement in Extensions * CVE-2026-10998: Out of bounds read in Media * CVE-2026-10999: Out of bounds memory access in ANGLE * CVE-2026-11000: Use after free in Fonts * CVE-2026-11001: Incorrect security UI in Payments * CVE-2026-11002: Use after free in Autofill * CVE-2026-11003: Use after free in WebRTC * CVE-2026-11004: Out of bounds read in ANGLE * CVE-2026-11005: Out of bounds read in ANGLE * CVE-2026-11006: Out of bounds read in Dawn * CVE-2026-11007: Insufficient validation of untrusted input in WebView * CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11009: Use after free in USB * CVE-2026-11010: Use after free in WebShare * CVE-2026-11011: Insufficient policy enforcement in Password Manager * CVE-2026-11012: Use after free in Serial * CVE-2026-11013: Insufficient validation of untrusted input in Network * CVE-2026-11014: Insufficient policy enforcement in Extensions * CVE-2026-11015: Out ofbounds read in WebGPU * CVE-2026-11016: Insufficient validation of untrusted input in Network * CVE-2026-11017: Inappropriate implementation in Link Preview * CVE-2026-11018: Insufficient policy enforcement in Actor * CVE-2026-11019: Inappropriate implementation in Payments * CVE-2026-11020: Inappropriate implementation in Extensions * CVE-2026-11021: Insufficient validation of untrusted input in GPU * CVE-2026-11022: Insufficient validation of untrusted input in DevTools * CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11024: Stack buffer overflow in Skia * CVE-2026-11025: Insufficient policy enforcement in Navigation * CVE-2026-11026: Insufficient policy enforcement in Extensions * CVE-2026-11027: Insufficient validation of untrusted input in Glic * CVE-2026-11028: Use after free in Media * CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop * CVE-2026-11030: Use after free in Network * CVE-2026-11031: Insufficient validation of untrusted input in Password Manager * CVE-2026-11032: Insufficient data validation in Password Manager * CVE-2026-11033: Uninitialized Use in WebML * CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync * CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs * CVE-2026-11036: Inappropriate implementation in DOM * CVE-2026-11037: Out of bounds write in Codecs * CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity * CVE-2026-11039: Uninitialized Use in Skia * CVE-2026-11040: Use after free in ANGLE * CVE-2026-11041: Insufficient validation of untrusted input in Media * CVE-2026-11042: Use after free in Views * CVE-2026-11043: Out of bounds write in ANGLE * CVE-2026-11044: Integer overflow in ANGLE * CVE-2026-11045: Insufficient validation of untrusted input in GPU * CVE-2026-11046: Insufficient validation of untrusted input in Media * CVE-2026-11047:Insufficient validation of untrusted input in Base * CVE-2026-11048: Inappropriate implementation in Extensions * CVE-2026-11049: Use after free in Password Manager * CVE-2026-11050: Use after free in V8 * CVE-2026-11051: Out of bounds read in ANGLE * CVE-2026-11052: Type Confusion in GPU * CVE-2026-11053: VULNERABILITY in WebRTC * CVE-2026-11054: Use after free in WebRTC * CVE-2026-11055: Use after free in ANGLE * CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-11057: Uninitialized Use in Skia * CVE-2026-11058: Integer overflow in CredentialProvider * CVE-2026-11059: Use after free in Blink * CVE-2026-11060: Use after free in Media * CVE-2026-11061: Out of bounds read in ANGLE * CVE-2026-11062: Insufficient policy enforcement in Extensions * CVE-2026-11063: Insufficient validation of untrusted input in WebNN * CVE-2026-11064: Uninitialized Use in GPU * CVE-2026-11065: Use after free in ANGLE * CVE-2026-11066: Insufficient validation of untrusted input in ANGLE * CVE-2026-11067: Uninitialized Use in Dawn * CVE-2026-11068: Use after free in WebSockets * CVE-2026-11069: Insufficient validation of untrusted input in Cast * CVE-2026-11070: Insufficient validation of untrusted input in Chromoting * CVE-2026-11071: Use after free in Base * CVE-2026-11072: Use after free in WebView * CVE-2026-11073: Use after free in WebGL * CVE-2026-11074: Use after free in WebRTC * CVE-2026-11075: Out of bounds read in V8 * CVE-2026-11076: Type Confusion in CSS * CVE-2026-11077: Out of bounds read in Dawn * CVE-2026-11078: Insufficient validation of untrusted input in FileSystem * CVE-2026-11079: Insufficient validation of untrusted input in Codecs * CVE-2026-11080: Use after free in WebView * CVE-2026-11081: Policy bypass in Canvas * CVE-2026-11082: Use after free in GPU * CVE-2026-11083: Inappropriate implementation in Password Manager * CVE-2026-11084: Inappropriate implementation inPassword Manager * CVE-2026-11085: Integer overflow in GPU * CVE-2026-11086: Insufficient validation of untrusted input in Dawn * CVE-2026-11087: Uninitialized Use in ANGLE * CVE-2026-11088: Integer overflow in ANGLE * CVE-2026-11089: Uninitialized Use in Media * CVE-2026-11090: Uninitialized Use in ANGLE * CVE-2026-11091: Inappropriate implementation in Dawn * CVE-2026-11092: Insufficient policy enforcement in DevTools * CVE-2026-11093: Insufficient validation of untrusted input in Printing * CVE-2026-11094: Use after free in Codecs * CVE-2026-11095: Insufficient validation of untrusted input in Codecs * CVE-2026-11096: Out of bounds read in WebRTC * CVE-2026-11097: Inappropriate implementation in WebView * CVE-2026-11098: Insufficient validation of untrusted input in GPU * CVE-2026-11099: Vulnerability in Skia * CVE-2026-11100: Use after free in File Input * CVE-2026-11101: Uninitialized Use in Dawn * CVE-2026-11102: Inappropriate implementation in Isolated Web Apps * CVE-2026-11103: Inappropriate implementation in Installer * CVE-2026-11104: Uninitialized Use in ANGLE * CVE-2026-11105: Insufficient validation of untrusted input in WebUI * CVE-2026-11106: Inappropriate implementation in Media * CVE-2026-11107: Inappropriate implementation in Downloads * CVE-2026-11108: Inappropriate implementation in NFC * CVE-2026-11109: Uninitialized Use in ANGLE * CVE-2026-11110: Uninitialized Use in ANGLE * CVE-2026-11111: Out of bounds read in ANGLE * CVE-2026-11112: Insufficient validation of untrusted input in Chromoting * CVE-2026-11113: Insufficient validation of untrusted input in ANGLE * CVE-2026-11114: Use after free in Device Trust * CVE-2026-11115: Use after free in Updater * CVE-2026-11116: Use after free in Chromoting * CVE-2026-11117: Use after free in Views * CVE-2026-11118: Use after free in WebRTC * CVE-2026-11119: Insufficient validation of untrusted input in GPU * CVE-2026-11120: Insufficientvalidation of untrusted input in Enterprise Reporting * CVE-2026-11121: Insufficient validation of untrusted input in Skia * CVE-2026-11122: Inappropriate implementation in Keyboard * CVE-2026-11123: Uninitialized Use in ANGLE * CVE-2026-11124: Heap buffer overflow in Skia * CVE-2026-11125: Use after free in Compositing * CVE-2026-11126: Insufficient validation of untrusted input in DevTools * CVE-2026-11127: Inappropriate implementation in WebAPKs * CVE-2026-11128: Insufficient validation of untrusted input in Web Share * CVE-2026-11129: Inappropriate implementation in Extensions * CVE-2026-11130: Use after free in Media * CVE-2026-11131: Use after free in Autofill * CVE-2026-11132: Policy bypass in Paint * CVE-2026-11133: Insufficient policy enforcement in Paint * CVE-2026-11134: Insufficient data validation in Media * CVE-2026-11135: Insufficient policy enforcement in Autofill * CVE-2026-11136: Use after free in Canvas * CVE-2026-11137: Uninitialized Use in ANGLE * CVE-2026-11138: Uninitialized Use in ANGLE * CVE-2026-11139: Policy bypass in Paint * CVE-2026-11140: Insufficient validation of untrusted input in Chromecast * CVE-2026-11141: Uninitialized Use in Audio * CVE-2026-11142: Policy bypass in Paint * CVE-2026-11143: Heap buffer overflow in Extensions * CVE-2026-11144: Use after free in Media * CVE-2026-11145: Race in Geolocation * CVE-2026-11146: Insufficient validation of untrusted input in Chromoting * CVE-2026-11147: Use after free in WebML * CVE-2026-11148: Inappropriate implementation in Payments * CVE-2026-11149: Insufficient validation of untrusted input in Extensions * CVE-2026-11150: Inappropriate implementation in XML * CVE-2026-11151: Insufficient validation of untrusted input in Password Manager * CVE-2026-11152: Object lifecycle issue in Dawn * CVE-2026-11153: Side-channel information leakage in Forms * CVE-2026-11154: Use after free in Dawn * CVE-2026-11155: Insufficient policyenforcement in CSS * CVE-2026-11156: Inappropriate implementation in CSS * CVE-2026-11157: Script injection in Accessibility * CVE-2026-11158: Insufficient validation of untrusted input in Downloads * CVE-2026-11159: Uninitialized Use in Skia * CVE-2026-11160: Out of bounds read in Input * CVE-2026-11161: Insufficient data validation in DataTransfer * CVE-2026-11162: Insufficient policy enforcement in CSS * CVE-2026-11163: Use after free in Messages * CVE-2026-11164: Use after free in Blink * CVE-2026-11165: Use after free in WebMIDI * CVE-2026-11166: Inappropriate implementation in SVG * CVE-2026-11167: Inappropriate implementation in WebView * CVE-2026-11168: Insufficient policy enforcement in Extensions * CVE-2026-11169: Inappropriate implementation in XML * CVE-2026-11170: Inappropriate implementation in Chromoting * CVE-2026-11171: Integer overflow in Blink * CVE-2026-11172: Incorrect security UI in Contact Picker * CVE-2026-11173: Out of bounds write in V8 * CVE-2026-11174: Insufficient policy enforcement in Site Isolation * CVE-2026-11175: Incorrect security UI in Messages * CVE-2026-11176: Inappropriate implementation in Media * CVE-2026-11177: Use after free in Omnibox * CVE-2026-11178: Policy bypass in WebView * CVE-2026-11179: Inappropriate implementation in ORB * CVE-2026-11180: Policy bypass in SVG * CVE-2026-11181: Inappropriate implementation in Media Session * CVE-2026-11182: Inappropriate implementation in SVG * CVE-2026-11183: Out of bounds read in GWP-ASan * CVE-2026-11184: Insufficient policy enforcement in Actor * CVE-2026-11185: Use after free in V8 * CVE-2026-11186: Inappropriate implementation in CSS * CVE-2026-11187: Insufficient policy enforcement in Glic * CVE-2026-11188: Use after free in USB * CVE-2026-11189: Insufficient validation of untrusted input in DevTools * CVE-2026-11190: Insufficient policy enforcement in Extensions * CVE-2026-11191: Out of bounds memory access inANGLE * CVE-2026-11192: Insufficient validation of untrusted input in Password Manager * CVE-2026-11193: Insufficient policy enforcement in Password Manager * CVE-2026-11194: Inappropriate implementation in Network * CVE-2026-11195: Inappropriate implementation in MHTML * CVE-2026-11196: Type Confusion in XML * CVE-2026-11197: Insufficient policy enforcement in Workers * CVE-2026-11198: Insufficient validation of untrusted input in Codecs * CVE-2026-11199: Insufficient validation of untrusted input in WebRTC * CVE-2026-11200: Inappropriate implementation in WebRTC * CVE-2026-11201: Use after free in ServiceWorker * CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11203: Policy bypass in GPU * CVE-2026-11204: Inappropriate implementation in Signin * CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11206: Policy bypass in ServiceWorker * CVE-2026-11207: Insufficient validation of untrusted input in Autofill * CVE-2026-11208: Use after free in Codecs * CVE-2026-11209: Insufficient policy enforcement in Passwords * CVE-2026-11210: Insufficient policy enforcement in Safe Browsing * CVE-2026-11211: Integer overflow in V8 * CVE-2026-11212: Insufficient policy enforcement in DevTools * CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode * CVE-2026-11214: Inappropriate implementation in Chrome for iOS * CVE-2026-11215: Inappropriate implementation in Cronet * CVE-2026-11216: Incorrect security UI in File Input * CVE-2026-11217: Insufficient policy enforcement in Fenced Frames * CVE-2026-11218: Inappropriate implementation in PlatformIntegration * CVE-2026-11219: Insufficient data validation in Navigation * CVE-2026-11220: Insufficient validation of untrusted input in Navigation * CVE-2026-11221: Insufficient validation of untrusted input in PointerLock * CVE-2026-11222: Incorrect security UI in Tab Strip * CVE-2026-11223:Insufficient validation of untrusted input in Network * CVE-2026-11224: Use after free in Chromoting * CVE-2026-11225: Incorrect security UI in WebUI * CVE-2026-11226: Insufficient policy enforcement in PreviewTab * CVE-2026-11227: Incorrect security UI in Tab Hover Cards * CVE-2026-11228: Incorrect security UI in File Input * CVE-2026-11229: Insufficient policy enforcement in Enterprise * CVE-2026-11230: Use after free in Extensions * CVE-2026-11231: Inappropriate implementation in Safe Browsing * CVE-2026-11232: Inappropriate implementation in TabGroups * CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs * CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs * CVE-2026-11235: Insufficient validation of untrusted input in Compositing * CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth * CVE-2026-11237: Insufficient validation of untrusted input in Media * CVE-2026-11238: Inappropriate implementation in DevTools * CVE-2026-11239: Insufficient validation of untrusted input in Extensions * CVE-2026-11240: Insufficient validation of untrusted input in Loader * CVE-2026-11241: Insufficient validation of untrusted input in Cast * CVE-2026-11242: Insufficient validation of untrusted input in Plugins * CVE-2026-11243: Incorrect security UI in Downloads * CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication * CVE-2026-11245: Inappropriate implementation in Payments * CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB * CVE-2026-11247: Insufficient policy enforcement in CustomTabs * CVE-2026-11248: Policy bypass in Google Lens * CVE-2026-11249: Use after free in Network * CVE-2026-11250: Inappropriate implementation in DevTools * CVE-2026-11251: Insufficient validation of untrusted input in Password Manager * CVE-2026-11252: Policy bypass in Content Settings * CVE-2026-11253: Race in Permissions * CVE-2026-11254: Inappropriateimplementation in Permissions * CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API * CVE-2026-11256: Out of bounds read in GPU * CVE-2026-11257: Inappropriate implementation in Browser * CVE-2026-11258: Inappropriate implementation in File System Access * CVE-2026-11259: Insufficient validation of untrusted input in Cast * CVE-2026-11260: Policy bypass in Permissions * CVE-2026-11261: Insufficient validation of untrusted input in PDF * CVE-2026-11262: Use after free in TabStrip * CVE-2026-11263: Insufficient policy enforcement in WebAuthentication * CVE-2026-11264: Policy bypass in Content Security Policy * CVE-2026-11265: Insufficient data validation in Autofill * CVE-2026-11266: Policy bypass in SafeBrowsing * CVE-2026-11267: Insufficient policy enforcement in Extensions * CVE-2026-11268: Uninitialized Use in ANGLE * CVE-2026-11269: Inappropriate implementation in Extensions * CVE-2026-11270: Inappropriate implementation in UI * CVE-2026-11271: Incorrect security UI in Passwords * CVE-2026-11272: Insufficient validation of untrusted input in Reading List * CVE-2026-11273: Insufficient validation of untrusted input in Omnibox * CVE-2026-11274: Inappropriate implementation in DOM Distiller * CVE-2026-11275: Insufficient policy enforcement in Page Info * CVE-2026-11276: Inappropriate implementation in Cast * CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11278: Inappropriate implementation in CustomTabs * CVE-2026-11279: Out of bounds read in DevTools * CVE-2026-11280: Insufficient validation of untrusted input in Signin * CVE-2026-11281: Integer overflow in Chromoting * CVE-2026-11282: Policy bypass in Sandbox * CVE-2026-11283: Policy bypass in Shortcuts * CVE-2026-11284: Side-channel information leakage in PerformanceAPIs * CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11286: Insufficient validation of untrusted input inWallet * CVE-2026-11287: Insufficient validation of untrusted input in Navigation * CVE-2026-11288: Policy bypass in CSS * CVE-2026-11289: Side-channel information leakage in Paint * CVE-2026-11290: Integer overflow in WebView * CVE-2026-11291: Policy bypass in Android Autofill * CVE-2026-11292: Policy bypass in Blink * CVE-2026-11293: Use after free in Input * CVE-2026-11294: Inappropriate implementation in Passwords * CVE-2026-11295: Inappropriate implementation in WebView * CVE-2026-11296: Inappropriate implementation in ImageCapture * CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode * CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11299: Out of bounds read in Fonts * CVE-2026-11300: Inappropriate implementation in Permissions * CVE-2026-11301: Out of bounds read in LiveCaption * CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11303: Use after free in PDFium * CVE-2026-11304: Use after free in PDFium * CVE-2026-11305: Use after free in PDFium * CVE-2026-11306: Use after free in PDFium * CVE-2026-11307: Use after free in PDFium * CVE-2026-11308: Inappropriate implementation in Extensions * CVE-2026-11309: Insufficient policy enforcement in History -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-15e444c3bb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-15e444c3bb 2026-06-08 01:23:19.405842+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 149.0.7827.53 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Than Ngo - 149.0.7827.53-1 - Update to 149.0.7827.53 * CVE-2026-10881: Out of bounds read and write in ANGLE * CVE-2026-10882: Use after free in Network * CVE-2026-10883: Out of bounds write in ANGLE * CVE-2026-10884: Use after free in Chromecast * CVE-2026-10885: Use after free in Chrome for iOS * CVE-2026-10886: Use after free in FileSystem * CVE-2026-10887: Use after free in Chromoting * CVE-2026-10888: Use after free in Cast Streaming * CVE-2026-10889: Out of bounds read in ANGLE * CVE-2026-10890: Use after free in Cast * CVE-2026-10891: Use after free in GFX * CVE-2026-10892: Out of bounds write in GPU * CVE-2026-10893: Use after free in Chromoting * CVE-2026-10894: Use after free in Printing * CVE-2026-10895: Use after free in Ozone * CVE-2026-10896: Use after free in Chrome for iOS * CVE-2026-10897: Out of bounds write in GPU * CVE-2026-10898: Stack buffer overflow in GPU * CVE-2026-10899: Use after free in Ozone * CVE-2026-10900: Use after free in Passwords * CVE-2026-10901: Use after free in Passwords *CVE-2026-10902: Use after free in Ozone * CVE-2026-10903: Use after free in WebRTC * CVE-2026-10904: Inappropriate implementation in V8 * CVE-2026-10905: Use after free in Network * CVE-2026-10906: Use after free in WebAuthentication * CVE-2026-10907: Out of bounds write in ANGLE * CVE-2026-10908: Use after free in FullScreen * CVE-2026-10909: Use after free in Dawn * CVE-2026-10910: Type Confusion in V8 * CVE-2026-10911: Insufficient validation of untrusted input in Media * CVE-2026-10912: Insufficient validation of untrusted input in Extensions * CVE-2026-10913: Use after free in ANGLE * CVE-2026-10914: Use after free in ANGLE * CVE-2026-10915: Use after free in Core * CVE-2026-10916: Insufficient validation of untrusted input in DevTools * CVE-2026-10917: Insufficient validation of untrusted input in Media * CVE-2026-10918: Use after free in Viz * CVE-2026-10919: Use after free in ANGLE * CVE-2026-10920: Insufficient validation of untrusted input in WebShare * CVE-2026-10921: Integer overflow in Dawn * CVE-2026-10922: Insufficient validation of untrusted input in DevTools * CVE-2026-10923: Use after free in WebAppInstalls * CVE-2026-10924: Integer overflow in Chromecast * CVE-2026-10925: Out of bounds write in Skia * CVE-2026-10926: Use after free in Cast * CVE-2026-10927: Out of bounds read in Dawn * CVE-2026-10928: Script injection in Headless * CVE-2026-10929: Heap buffer overflow in ANGLE * CVE-2026-10930: Out of bounds read in ANGLE * CVE-2026-10931: Use after free in FileSystem * CVE-2026-10932: Use after free in UI * CVE-2026-10933: Use after free in Audio * CVE-2026-10934: Use after free in Autofill * CVE-2026-10935: Inappropriate implementation in V8 * CVE-2026-10936: Type Confusion in V8 * CVE-2026-10937: Inappropriate implementation in Passwords * CVE-2026-10938: Insufficient validation of untrusted input in Input * CVE-2026-10939: Use after free in WebRTC * CVE-2026-10940: Race inCodecs * CVE-2026-10941: Out of bounds memory access in Skia * CVE-2026-10942: Insufficient validation of untrusted input in UI * CVE-2026-10943: Use after free in WebRTC * CVE-2026-10944: Insufficient policy enforcement in Autofill * CVE-2026-10945: Use after free in PDF * CVE-2026-10946: Heap buffer overflow in Media * CVE-2026-10947: Use after free in WebRTC * CVE-2026-10948: Use after free in WebRTC * CVE-2026-10949: Heap buffer overflow in Video * CVE-2026-10950: Insufficient policy enforcement in Autofill * CVE-2026-10951: Use after free in Autofill * CVE-2026-10952: Use after free in Chrome for iOS * CVE-2026-10953: Use after free in Core * CVE-2026-10954: Use after free in Actor * CVE-2026-10955: Type Confusion in ANGLE * CVE-2026-10956: Use after free in MimeHandlerView * CVE-2026-10957: Use after free in Glic * CVE-2026-10958: Use after free in Chrome for iOS * CVE-2026-10959: Use after free in Input * CVE-2026-10960: Uninitialized Use in Codecs * CVE-2026-10961: Use after free in Chrome for iOS * CVE-2026-10962: Type Confusion in Media * CVE-2026-10963: Integer overflow in V8 * CVE-2026-10964: Integer overflow in V8 * CVE-2026-10965: Integer overflow in DevTools * CVE-2026-10966: Insufficient validation of untrusted input in Codecs * CVE-2026-10967: Use after free in SurfaceCapture * CVE-2026-10968: Insufficient validation of untrusted input in Dawn * CVE-2026-10969: Insufficient validation of untrusted input in Extensions * CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups * CVE-2026-10971: Insufficient validation of untrusted input in Printing * CVE-2026-10972: Use after free in Ozone * CVE-2026-10973: Uninitialized Use in Dawn * CVE-2026-10974: Insufficient validation of untrusted input in ANGLE * CVE-2026-10975: Use after free in WebRTC * CVE-2026-10976: Uninitialized Use in Dawn * CVE-2026-10977: Uninitialized Use in Skia * CVE-2026-10978: Use after free inChromoting * CVE-2026-10979: Out of bounds read in ANGLE * CVE-2026-10980: Insufficient validation of untrusted input in DevTools * CVE-2026-10981: Insufficient validation of untrusted input in Codecs * CVE-2026-10982: Use after free in WebXR * CVE-2026-10983: Insufficient validation of untrusted input in Dawn * CVE-2026-10984: Inappropriate implementation in Accessibility * CVE-2026-10985: Out of bounds read in Skia * CVE-2026-10986: Integer overflow in Media * CVE-2026-10987: Integer overflow in V8 * CVE-2026-10988: Use after free in Views * CVE-2026-10989: Inappropriate implementation in V8 * CVE-2026-10990: Use after free in Glic * CVE-2026-10991: Use after free in V8 * CVE-2026-10992: Insufficient data validation in Animation * CVE-2026-10993: Heap buffer overflow in Skia * CVE-2026-10994: Uninitialized Use in ANGLE * CVE-2026-10995: Heap buffer overflow in TabStrip * CVE-2026-10996: Inappropriate implementation in Workers * CVE-2026-10997: Insufficient policy enforcement in Extensions * CVE-2026-10998: Out of bounds read in Media * CVE-2026-10999: Out of bounds memory access in ANGLE * CVE-2026-11000: Use after free in Fonts * CVE-2026-11001: Incorrect security UI in Payments * CVE-2026-11002: Use after free in Autofill * CVE-2026-11003: Use after free in WebRTC * CVE-2026-11004: Out of bounds read in ANGLE * CVE-2026-11005: Out of bounds read in ANGLE * CVE-2026-11006: Out of bounds read in Dawn * CVE-2026-11007: Insufficient validation of untrusted input in WebView * CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11009: Use after free in USB * CVE-2026-11010: Use after free in WebShare * CVE-2026-11011: Insufficient policy enforcement in Password Manager * CVE-2026-11012: Use after free in Serial * CVE-2026-11013: Insufficient validation of untrusted input in Network * CVE-2026-11014: Insufficient policy enforcement in Extensions * CVE-2026-11015: Out ofbounds read in WebGPU * CVE-2026-11016: Insufficient validation of untrusted input in Network * CVE-2026-11017: Inappropriate implementation in Link Preview * CVE-2026-11018: Insufficient policy enforcement in Actor * CVE-2026-11019: Inappropriate implementation in Payments * CVE-2026-11020: Inappropriate implementation in Extensions * CVE-2026-11021: Insufficient validation of untrusted input in GPU * CVE-2026-11022: Insufficient validation of untrusted input in DevTools * CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11024: Stack buffer overflow in Skia * CVE-2026-11025: Insufficient policy enforcement in Navigation * CVE-2026-11026: Insufficient policy enforcement in Extensions * CVE-2026-11027: Insufficient validation of untrusted input in Glic * CVE-2026-11028: Use after free in Media * CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop * CVE-2026-11030: Use after free in Network * CVE-2026-11031: Insufficient validation of untrusted input in Password Manager * CVE-2026-11032: Insufficient data validation in Password Manager * CVE-2026-11033: Uninitialized Use in WebML * CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync * CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs * CVE-2026-11036: Inappropriate implementation in DOM * CVE-2026-11037: Out of bounds write in Codecs * CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity * CVE-2026-11039: Uninitialized Use in Skia * CVE-2026-11040: Use after free in ANGLE * CVE-2026-11041: Insufficient validation of untrusted input in Media * CVE-2026-11042: Use after free in Views * CVE-2026-11043: Out of bounds write in ANGLE * CVE-2026-11044: Integer overflow in ANGLE * CVE-2026-11045: Insufficient validation of untrusted input in GPU * CVE-2026-11046: Insufficient validation of untrusted input in Media * CVE-2026-11047:Insufficient validation of untrusted input in Base * CVE-2026-11048: Inappropriate implementation in Extensions * CVE-2026-11049: Use after free in Password Manager * CVE-2026-11050: Use after free in V8 * CVE-2026-11051: Out of bounds read in ANGLE * CVE-2026-11052: Type Confusion in GPU * CVE-2026-11053: VULNERABILITY in WebRTC * CVE-2026-11054: Use after free in WebRTC * CVE-2026-11055: Use after free in ANGLE * CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-11057: Uninitialized Use in Skia * CVE-2026-11058: Integer overflow in CredentialProvider * CVE-2026-11059: Use after free in Blink * CVE-2026-11060: Use after free in Media * CVE-2026-11061: Out of bounds read in ANGLE * CVE-2026-11062: Insufficient policy enforcement in Extensions * CVE-2026-11063: Insufficient validation of untrusted input in WebNN * CVE-2026-11064: Uninitialized Use in GPU * CVE-2026-11065: Use after free in ANGLE * CVE-2026-11066: Insufficient validation of untrusted input in ANGLE * CVE-2026-11067: Uninitialized Use in Dawn * CVE-2026-11068: Use after free in WebSockets * CVE-2026-11069: Insufficient validation of untrusted input in Cast * CVE-2026-11070: Insufficient validation of untrusted input in Chromoting * CVE-2026-11071: Use after free in Base * CVE-2026-11072: Use after free in WebView * CVE-2026-11073: Use after free in WebGL * CVE-2026-11074: Use after free in WebRTC * CVE-2026-11075: Out of bounds read in V8 * CVE-2026-11076: Type Confusion in CSS * CVE-2026-11077: Out of bounds read in Dawn * CVE-2026-11078: Insufficient validation of untrusted input in FileSystem * CVE-2026-11079: Insufficient validation of untrusted input in Codecs * CVE-2026-11080: Use after free in WebView * CVE-2026-11081: Policy bypass in Canvas * CVE-2026-11082: Use after free in GPU * CVE-2026-11083: Inappropriate implementation in Password Manager * CVE-2026-11084: Inappropriate implementation inPassword Manager * CVE-2026-11085: Integer overflow in GPU * CVE-2026-11086: Insufficient validation of untrusted input in Dawn * CVE-2026-11087: Uninitialized Use in ANGLE * CVE-2026-11088: Integer overflow in ANGLE * CVE-2026-11089: Uninitialized Use in Media * CVE-2026-11090: Uninitialized Use in ANGLE * CVE-2026-11091: Inappropriate implementation in Dawn * CVE-2026-11092: Insufficient policy enforcement in DevTools * CVE-2026-11093: Insufficient validation of untrusted input in Printing * CVE-2026-11094: Use after free in Codecs * CVE-2026-11095: Insufficient validation of untrusted input in Codecs * CVE-2026-11096: Out of bounds read in WebRTC * CVE-2026-11097: Inappropriate implementation in WebView * CVE-2026-11098: Insufficient validation of untrusted input in GPU * CVE-2026-11099: Vulnerability in Skia * CVE-2026-11100: Use after free in File Input * CVE-2026-11101: Uninitialized Use in Dawn * CVE-2026-11102: Inappropriate implementation in Isolated Web Apps * CVE-2026-11103: Inappropriate implementation in Installer * CVE-2026-11104: Uninitialized Use in ANGLE * CVE-2026-11105: Insufficient validation of untrusted input in WebUI * CVE-2026-11106: Inappropriate implementation in Media * CVE-2026-11107: Inappropriate implementation in Downloads * CVE-2026-11108: Inappropriate implementation in NFC * CVE-2026-11109: Uninitialized Use in ANGLE * CVE-2026-11110: Uninitialized Use in ANGLE * CVE-2026-11111: Out of bounds read in ANGLE * CVE-2026-11112: Insufficient validation of untrusted input in Chromoting * CVE-2026-11113: Insufficient validation of untrusted input in ANGLE * CVE-2026-11114: Use after free in Device Trust * CVE-2026-11115: Use after free in Updater * CVE-2026-11116: Use after free in Chromoting * CVE-2026-11117: Use after free in Views * CVE-2026-11118: Use after free in WebRTC * CVE-2026-11119: Insufficient validation of untrusted input in GPU * CVE-2026-11120: Insufficientvalidation of untrusted input in Enterprise Reporting * CVE-2026-11121: Insufficient validation of untrusted input in Skia * CVE-2026-11122: Inappropriate implementation in Keyboard * CVE-2026-11123: Uninitialized Use in ANGLE * CVE-2026-11124: Heap buffer overflow in Skia * CVE-2026-11125: Use after free in Compositing * CVE-2026-11126: Insufficient validation of untrusted input in DevTools * CVE-2026-11127: Inappropriate implementation in WebAPKs * CVE-2026-11128: Insufficient validation of untrusted input in Web Share * CVE-2026-11129: Inappropriate implementation in Extensions * CVE-2026-11130: Use after free in Media * CVE-2026-11131: Use after free in Autofill * CVE-2026-11132: Policy bypass in Paint * CVE-2026-11133: Insufficient policy enforcement in Paint * CVE-2026-11134: Insufficient data validation in Media * CVE-2026-11135: Insufficient policy enforcement in Autofill * CVE-2026-11136: Use after free in Canvas * CVE-2026-11137: Uninitialized Use in ANGLE * CVE-2026-11138: Uninitialized Use in ANGLE * CVE-2026-11139: Policy bypass in Paint * CVE-2026-11140: Insufficient validation of untrusted input in Chromecast * CVE-2026-11141: Uninitialized Use in Audio * CVE-2026-11142: Policy bypass in Paint * CVE-2026-11143: Heap buffer overflow in Extensions * CVE-2026-11144: Use after free in Media * CVE-2026-11145: Race in Geolocation * CVE-2026-11146: Insufficient validation of untrusted input in Chromoting * CVE-2026-11147: Use after free in WebML * CVE-2026-11148: Inappropriate implementation in Payments * CVE-2026-11149: Insufficient validation of untrusted input in Extensions * CVE-2026-11150: Inappropriate implementation in XML * CVE-2026-11151: Insufficient validation of untrusted input in Password Manager * CVE-2026-11152: Object lifecycle issue in Dawn * CVE-2026-11153: Side-channel information leakage in Forms * CVE-2026-11154: Use after free in Dawn * CVE-2026-11155: Insufficient policyenforcement in CSS * CVE-2026-11156: Inappropriate implementation in CSS * CVE-2026-11157: Script injection in Accessibility * CVE-2026-11158: Insufficient validation of untrusted input in Downloads * CVE-2026-11159: Uninitialized Use in Skia * CVE-2026-11160: Out of bounds read in Input * CVE-2026-11161: Insufficient data validation in DataTransfer * CVE-2026-11162: Insufficient policy enforcement in CSS * CVE-2026-11163: Use after free in Messages * CVE-2026-11164: Use after free in Blink * CVE-2026-11165: Use after free in WebMIDI * CVE-2026-11166: Inappropriate implementation in SVG * CVE-2026-11167: Inappropriate implementation in WebView * CVE-2026-11168: Insufficient policy enforcement in Extensions * CVE-2026-11169: Inappropriate implementation in XML * CVE-2026-11170: Inappropriate implementation in Chromoting * CVE-2026-11171: Integer overflow in Blink * CVE-2026-11172: Incorrect security UI in Contact Picker * CVE-2026-11173: Out of bounds write in V8 * CVE-2026-11174: Insufficient policy enforcement in Site Isolation * CVE-2026-11175: Incorrect security UI in Messages * CVE-2026-11176: Inappropriate implementation in Media * CVE-2026-11177: Use after free in Omnibox * CVE-2026-11178: Policy bypass in WebView * CVE-2026-11179: Inappropriate implementation in ORB * CVE-2026-11180: Policy bypass in SVG * CVE-2026-11181: Inappropriate implementation in Media Session * CVE-2026-11182: Inappropriate implementation in SVG * CVE-2026-11183: Out of bounds read in GWP-ASan * CVE-2026-11184: Insufficient policy enforcement in Actor * CVE-2026-11185: Use after free in V8 * CVE-2026-11186: Inappropriate implementation in CSS * CVE-2026-11187: Insufficient policy enforcement in Glic * CVE-2026-11188: Use after free in USB * CVE-2026-11189: Insufficient validation of untrusted input in DevTools * CVE-2026-11190: Insufficient policy enforcement in Extensions * CVE-2026-11191: Out of bounds memory access inANGLE * CVE-2026-11192: Insufficient validation of untrusted input in Password Manager * CVE-2026-11193: Insufficient policy enforcement in Password Manager * CVE-2026-11194: Inappropriate implementation in Network * CVE-2026-11195: Inappropriate implementation in MHTML * CVE-2026-11196: Type Confusion in XML * CVE-2026-11197: Insufficient policy enforcement in Workers * CVE-2026-11198: Insufficient validation of untrusted input in Codecs * CVE-2026-11199: Insufficient validation of untrusted input in WebRTC * CVE-2026-11200: Inappropriate implementation in WebRTC * CVE-2026-11201: Use after free in ServiceWorker * CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11203: Policy bypass in GPU * CVE-2026-11204: Inappropriate implementation in Signin * CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11206: Policy bypass in ServiceWorker * CVE-2026-11207: Insufficient validation of untrusted input in Autofill * CVE-2026-11208: Use after free in Codecs * CVE-2026-11209: Insufficient policy enforcement in Passwords * CVE-2026-11210: Insufficient policy enforcement in Safe Browsing * CVE-2026-11211: Integer overflow in V8 * CVE-2026-11212: Insufficient policy enforcement in DevTools * CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode * CVE-2026-11214: Inappropriate implementation in Chrome for iOS * CVE-2026-11215: Inappropriate implementation in Cronet * CVE-2026-11216: Incorrect security UI in File Input * CVE-2026-11217: Insufficient policy enforcement in Fenced Frames * CVE-2026-11218: Inappropriate implementation in PlatformIntegration * CVE-2026-11219: Insufficient data validation in Navigation * CVE-2026-11220: Insufficient validation of untrusted input in Navigation * CVE-2026-11221: Insufficient validation of untrusted input in PointerLock * CVE-2026-11222: Incorrect security UI in Tab Strip * CVE-2026-11223:Insufficient validation of untrusted input in Network * CVE-2026-11224: Use after free in Chromoting * CVE-2026-11225: Incorrect security UI in WebUI * CVE-2026-11226: Insufficient policy enforcement in PreviewTab * CVE-2026-11227: Incorrect security UI in Tab Hover Cards * CVE-2026-11228: Incorrect security UI in File Input * CVE-2026-11229: Insufficient policy enforcement in Enterprise * CVE-2026-11230: Use after free in Extensions * CVE-2026-11231: Inappropriate implementation in Safe Browsing * CVE-2026-11232: Inappropriate implementation in TabGroups * CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs * CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs * CVE-2026-11235: Insufficient validation of untrusted input in Compositing * CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth * CVE-2026-11237: Insufficient validation of untrusted input in Media * CVE-2026-11238: Inappropriate implementation in DevTools * CVE-2026-11239: Insufficient validation of untrusted input in Extensions * CVE-2026-11240: Insufficient validation of untrusted input in Loader * CVE-2026-11241: Insufficient validation of untrusted input in Cast * CVE-2026-11242: Insufficient validation of untrusted input in Plugins * CVE-2026-11243: Incorrect security UI in Downloads * CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication * CVE-2026-11245: Inappropriate implementation in Payments * CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB * CVE-2026-11247: Insufficient policy enforcement in CustomTabs * CVE-2026-11248: Policy bypass in Google Lens * CVE-2026-11249: Use after free in Network * CVE-2026-11250: Inappropriate implementation in DevTools * CVE-2026-11251: Insufficient validation of untrusted input in Password Manager * CVE-2026-11252: Policy bypass in Content Settings * CVE-2026-11253: Race in Permissions * CVE-2026-11254: Inappropriateimplementation in Permissions * CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API * CVE-2026-11256: Out of bounds read in GPU * CVE-2026-11257: Inappropriate implementation in Browser * CVE-2026-11258: Inappropriate implementation in File System Access * CVE-2026-11259: Insufficient validation of untrusted input in Cast * CVE-2026-11260: Policy bypass in Permissions * CVE-2026-11261: Insufficient validation of untrusted input in PDF * CVE-2026-11262: Use after free in TabStrip * CVE-2026-11263: Insufficient policy enforcement in WebAuthentication * CVE-2026-11264: Policy bypass in Content Security Policy * CVE-2026-11265: Insufficient data validation in Autofill * CVE-2026-11266: Policy bypass in SafeBrowsing * CVE-2026-11267: Insufficient policy enforcement in Extensions * CVE-2026-11268: Uninitialized Use in ANGLE * CVE-2026-11269: Inappropriate implementation in Extensions * CVE-2026-11270: Inappropriate implementation in UI * CVE-2026-11271: Incorrect security UI in Passwords * CVE-2026-11272: Insufficient validation of untrusted input in Reading List * CVE-2026-11273: Insufficient validation of untrusted input in Omnibox * CVE-2026-11274: Inappropriate implementation in DOM Distiller * CVE-2026-11275: Insufficient policy enforcement in Page Info * CVE-2026-11276: Inappropriate implementation in Cast * CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11278: Inappropriate implementation in CustomTabs * CVE-2026-11279: Out of bounds read in DevTools * CVE-2026-11280: Insufficient validation of untrusted input in Signin * CVE-2026-11281: Integer overflow in Chromoting * CVE-2026-11282: Policy bypass in Sandbox * CVE-2026-11283: Policy bypass in Shortcuts * CVE-2026-11284: Side-channel information leakage in PerformanceAPIs * CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11286: Insufficient validation of untrusted input inWallet * CVE-2026-11287: Insufficient validation of untrusted input in Navigation * CVE-2026-11288: Policy bypass in CSS * CVE-2026-11289: Side-channel information leakage in Paint * CVE-2026-11290: Integer overflow in WebView * CVE-2026-11291: Policy bypass in Android Autofill * CVE-2026-11292: Policy bypass in Blink * CVE-2026-11293: Use after free in Input * CVE-2026-11294: Inappropriate implementation in Passwords * CVE-2026-11295: Inappropriate implementation in WebView * CVE-2026-11296: Inappropriate implementation in ImageCapture * CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode * CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11299: Out of bounds read in Fonts * CVE-2026-11300: Inappropriate implementation in Permissions * CVE-2026-11301: Out of bounds read in LiveCaption * CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11303: Use after free in PDFium * CVE-2026-11304: Use after free in PDFium * CVE-2026-11305: Use after free in PDFium * CVE-2026-11306: Use after free in PDFium * CVE-2026-11307: Use after free in PDFium * CVE-2026-11308: Inappropriate implementation in Extensions * CVE-2026-11309: Insufficient policy enforcement in History -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-15e444c3bb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3675ac2066 2026-04-23 00:55:31.005427+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 147.0.7727.101 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender Critical CVE-2026-6358: Use after free in XR High CVE-2026-6359: Use after free in Video High CVE-2026-6300: Use after free in CSS High CVE-2026-6301: Type Confusion in Turbofan High CVE-2026-6302: Use after free in Video High CVE-2026-6303: Use after free in Codecs High CVE-2026-6304: Use after free in Graphite High CVE-2026-6305: Heap buffer overflow in PDFium High CVE-2026-6306: Heap buffer overflow in PDFium High CVE-2026-6307: Type Confusion in Turbofan High CVE-2026-6308: Out of bounds read in Media High CVE-2026-6309: Use after free in Viz High CVE-2026-6360: Use after free in FileSystem High CVE-2026-6310: Use after free in Dawn High CVE-2026-6311: Uninitialized Use in Accessibility High CVE-2026-6312: Insufficient policy enforcement in Passwords High CVE-2026-6313: Insufficient policy enforcement in CORS High CVE-2026-6314: Out of bounds write in GPU HighCVE-2026-6315: Use after free in Permissions High CVE-2026-6316: Use after free in Forms High CVE-2026-6361: Heap buffer overflow in PDFium High CVE-2026-6362: Use after free in Codecs High CVE-2026-6317: Use after free in Cast Medium CVE-2026-6363: Type Confusion in V8 Medium CVE-2026-6318: Use after free in Codecs Medium CVE-2026-6319: Use after free in Payments Medium CVE-2026-6364: Out of bounds read in Skia Update to 147.0.7727.55 Critical CVE-2026-5858: Heap buffer overflow in WebML Critical CVE-2026-5859: Integer overflow in WebML High CVE-2026-5860: Use after free in WebRTC High CVE-2026-5861: Use after free in V8 High CVE-2026-5862: Inappropriate implementation in V8 High CVE-2026-5863: Inappropriate implementation in V8 High CVE-2026-5864: Heap buffer overflow in WebAudio High CVE-2026-5865: Type Confusion in V8 High CVE-2026-5866: Use after free in Media High CVE-2026-5867: Heap buffer overflow in WebML High CVE-2026-5868: Heap buffer overflow in ANGLE High CVE-2026-5869: Heap buffer overflow in WebML High CVE-2026-5870: Integer overflow in Skia High CVE-2026-5871: Type Confusion in V8 High CVE-2026-5872: Use after free in Blink High CVE-2026-5873: Out of bounds read and write in V8 Medium CVE-2026-5874: Use after free in PrivateAI Medium CVE-2026-5875: Policy bypass in Blink Medium CVE-2026-5876: Side-channel information leakage in Navigation Medium CVE-2026-5877: Use after free in Navigation Medium CVE-2026-5878: Incorrect security UI in Blink Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE Medium CVE-2026-5880: Incorrect security UI in browser UI Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess Medium CVE-2026-5882: Incorrect security UI in Fullscreen Medium CVE-2026-5883: Use after free in Media Medium CVE-2026-5884: Insufficient validation of untrusted input in Media Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML Medium CVE-2026-5886: Out of bounds read in WebAudio Medium CVE-2026-5887:Insufficient validation of untrusted input in Downloads Medium CVE-2026-5888: Uninitialized Use in WebCodecs Medium CVE-2026-5889: Cryptographic Flaw in PDFium Medium CVE-2026-5890: Race in WebCodecs Medium CVE-2026-5891: Insufficient policy enforcement in browser UI Medium CVE-2026-5892: Insufficient policy enforcement in PWAs Medium CVE-2026-5893: Race in V8 Low CVE-2026-5894: Inappropriate implementation in PDF Low CVE-2026-5895: Incorrect security UI in Omnibox Low CVE-2026-5896: Policy bypass in Audio Low CVE-2026-5897: Incorrect security UI in Downloads Low CVE-2026-5898: Incorrect security UI in Omnibox Low CVE-2026-5899: Incorrect security UI in History Navigation Low CVE-2026-5900: Policy bypass in Downloads Low CVE-2026-5901: Policy bypass in DevTools Low CVE-2026-5902: Race in Media Low CVE-2026-5903: Policy bypass in IFrameSandbox Low CVE-2026-5904: Use after free in V8 Low CVE-2026-5905: Incorrect security UI in Permissions Low CVE-2026-5906: Incorrect security UI in Omnibox Low CVE-2026-5907: Insufficient data validation in Media Low CVE-2026-5908: Integer overflow in Media Low CVE-2026-5909: Integer overflow in Media Low CVE-2026-5910: Integer overflow in Media Low CVE-2026-5911: Policy bypass in ServiceWorkers Low CVE-2026-5912: Integer overflow in WebRTC Low CVE-2026-5913: Out of bounds read in Blink Low CVE-2026-5914: Type Confusion in CSS Low CVE-2026-5915: Insufficient validation of untrusted input in WebML Low CVE-2026-5918: Inappropriate implementation in Navigation Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets Update to 146.0.7680.177 High CVE-2026-5273: Use after free in CSS High CVE-2026-5272: Heap buffer overflow in GPU High CVE-2026-5274: Integer overflow in Codecs High CVE-2026-5275: Heap buffer overflow in ANGLE High CVE-2026-5276: Insufficient policy enforcement in WebUSB High CVE-2026-5277: Integer overflow in ANGLE High CVE-2026-5278: Use after free in Web MIDI High CVE-2026-5279: Object corruption in V8 HighCVE-2026-5280: Use after free in WebCodecs High CVE-2026-5281: Use after free in Dawn High CVE-2026-5282: Out of bounds read in WebCodecs High CVE-2026-5283: Inappropriate implementation in ANGLE High CVE-2026-5284: Use after free in Dawn High CVE-2026-5285: Use after free in WebGL High CVE-2026-5286: Use after free in Dawn High CVE-2026-5287: Use after free in PDF High CVE-2026-5288: Use after free in WebView High CVE-2026-5289: Use after free in Navigation High CVE-2026-5290: Use after free in Compositing Medium CVE-2026-5291: Inappropriate implementation in WebGL Medium CVE-2026-5292: Out of bounds read in WebCodecs -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2026 Than Ngo - 147.0.7727.101-1 - Update to 147.0.7727.101 * Critical CVE-2026-6296: Heap buffer overflow in ANGLE * Critical CVE-2026-6297: Use after free in Proxy * Critical CVE-2026-6298: Heap buffer overflow in Skia * Critical CVE-2026-6299: Use after free in Prerender * Critical CVE-2026-6358: Use after free in XR * High CVE-2026-6359: Use after free in Video * High CVE-2026-6300: Use after free in CSS * High CVE-2026-6301: Type Confusion in Turbofan * High CVE-2026-6302: Use after free in Video * High CVE-2026-6303: Use after free in Codecs * High CVE-2026-6304: Use after free in Graphite * High CVE-2026-6305: Heap buffer overflow in PDFium * High CVE-2026-6306: Heap buffer overflow in PDFium * High CVE-2026-6307: Type Confusion in Turbofan * High CVE-2026-6308: Out of bounds read in Media * High CVE-2026-6309: Use after free in Viz * High CVE-2026-6360: Use after free in FileSystem * High CVE-2026-6310: Use after free in Dawn * High CVE-2026-6311: Uninitialized Use in Accessibility * High CVE-2026-6312: Insufficient policy enforcement in Passwords * High CVE-2026-6313: Insufficient policy enforcement in CORS * High CVE-2026-6314: Out of bounds write in GPU * High CVE-2026-6315: Use after free inPermissions * High CVE-2026-6316: Use after free in Forms * High CVE-2026-6361: Heap buffer overflow in PDFium * High CVE-2026-6362: Use after free in Codecs * High CVE-2026-6317: Use after free in Cast * Medium CVE-2026-6363: Type Confusion in V8 * Medium CVE-2026-6318: Use after free in Codecs * Medium CVE-2026-6319: Use after free in Payments * Medium CVE-2026-6364: Out of bounds read in Skia * Thu Apr 9 2026 Than Ngo - 147.0.7727.55-1 - Update to 147.0.7727.55 * Critical CVE-2026-5858: Heap buffer overflow in WebML * Critical CVE-2026-5859: Integer overflow in WebML * High CVE-2026-5860: Use after free in WebRTC * High CVE-2026-5861: Use after free in V8 * High CVE-2026-5862: Inappropriate implementation in V8 * High CVE-2026-5863: Inappropriate implementation in V8 * High CVE-2026-5864: Heap buffer overflow in WebAudio * High CVE-2026-5865: Type Confusion in V8 * High CVE-2026-5866: Use after free in Media * High CVE-2026-5867: Heap buffer overflow in WebML * High CVE-2026-5868: Heap buffer overflow in ANGLE * High CVE-2026-5869: Heap buffer overflow in WebML * High CVE-2026-5870: Integer overflow in Skia * High CVE-2026-5871: Type Confusion in V8 * High CVE-2026-5872: Use after free in Blink * High CVE-2026-5873: Out of bounds read and write in V8 * Medium CVE-2026-5874: Use after free in PrivateAI * Medium CVE-2026-5875: Policy bypass in Blink * Medium CVE-2026-5876: Side-channel information leakage in Navigation * Medium CVE-2026-5877: Use after free in Navigation * Medium CVE-2026-5878: Incorrect security UI in Blink * Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE * Medium CVE-2026-5880: Incorrect security UI in browser UI * Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess * Medium CVE-2026-5882: Incorrect security UI in Fullscreen * Medium CVE-2026-5883: Use after free in Media * Medium CVE-2026-5884: Insufficient validation of untrusted input in Media *Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML * Medium CVE-2026-5886: Out of bounds read in WebAudio * Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads * Medium CVE-2026-5888: Uninitialized Use in WebCodecs * Medium CVE-2026-5889: Cryptographic Flaw in PDFium * Medium CVE-2026-5890: Race in WebCodecs * Medium CVE-2026-5891: Insufficient policy enforcement in browser UI * Medium CVE-2026-5892: Insufficient policy enforcement in PWAs * Medium CVE-2026-5893: Race in V8 * Low CVE-2026-5894: Inappropriate implementation in PDF * Low CVE-2026-5895: Incorrect security UI in Omnibox * Low CVE-2026-5896: Policy bypass in Audio * Low CVE-2026-5897: Incorrect security UI in Downloads * Low CVE-2026-5898: Incorrect security UI in Omnibox * Low CVE-2026-5899: Incorrect security UI in History Navigation * Low CVE-2026-5900: Policy bypass in Downloads * Low CVE-2026-5901: Policy bypass in DevTools * Low CVE-2026-5902: Race in Media * Low CVE-2026-5903: Policy bypass in IFrameSandbox * Low CVE-2026-5904: Use after free in V8 * Low CVE-2026-5905: Incorrect security UI in Permissions * Low CVE-2026-5906: Incorrect security UI in Omnibox * Low CVE-2026-5907: Insufficient data validation in Media * Low CVE-2026-5908: Integer overflow in Media * Low CVE-2026-5909: Integer overflow in Media * Low CVE-2026-5910: Integer overflow in Media * Low CVE-2026-5911: Policy bypass in ServiceWorkers * Low CVE-2026-5912: Integer overflow in WebRTC * Low CVE-2026-5913: Out of bounds read in Blink * Low CVE-2026-5914: Type Confusion in CSS * Low CVE-2026-5915: Insufficient validation of untrusted input in WebML * Low CVE-2026-5918: Inappropriate implementation in Navigation * Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets * Wed Apr 1 2026 Than Ngo - 146.0.7680.177-1 - Update to 146.0.7680.177 * High CVE-2026-5273: Use after free in CSS * High CVE-2026-5272:Heap buffer overflow in GPU * High CVE-2026-5274: Integer overflow in Codecs * High CVE-2026-5275: Heap buffer overflow in ANGLE * High CVE-2026-5276: Insufficient policy enforcement in WebUSB * High CVE-2026-5277: Integer overflow in ANGLE * High CVE-2026-5278: Use after free in Web MIDI * High CVE-2026-5279: Object corruption in V8 * High CVE-2026-5280: Use after free in WebCodecs * High CVE-2026-5281: Use after free in Dawn * High CVE-2026-5282: Out of bounds read in WebCodecs * High CVE-2026-5283: Inappropriate implementation in ANGLE * High CVE-2026-5284: Use after free in Dawn * High CVE-2026-5285: Use after free in WebGL * High CVE-2026-5286: Use after free in Dawn * High CVE-2026-5287: Use after free in PDF * High CVE-2026-5288: Use after free in WebView * High CVE-2026-5289: Use after free in Navigation * High CVE-2026-5290: Use after free in Compositing * Medium CVE-2026-5291: Inappropriate implementation in WebGL * Medium CVE-2026-5292: Out of bounds read in WebCodecs -------------------------------------------------------------------------------- References: [ 1 ] Bug #2457163 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457163 [ 2 ] Bug #2457164 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457164 [ 3 ] Bug #2458847 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458847 [ 4 ] Bug #2458848 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458848 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3675ac2066' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 146.0.7680.164 * High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cc466cfb57 2026-03-28 01:05:58.419931+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 146.0.7680.164 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 146.0.7680.164 * High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM Update to 146.0.7680.153 * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input inNavigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2026 Than Ngo - 146.0.7680.164-1 - Update to 146.0.7680.164 * High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM * Fri Mar 20 2026 Than Ngo - 146.0.7680.153-1 - Update to 146.0.7680.153 * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cc466cfb57' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that fixes 8 vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0096-1 Rating: important References: #1260376 Cross-References: CVE-2026-4673 CVE-2026-4674 CVE-2026-4675 CVE-2026-4676 CVE-2026-4677 CVE-2026-4678 CVE-2026-4679 CVE-2026-4680 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 146.0.7680.164 (boo#1260376) * CVE-2026-4673: Heap buffer overflow in WebAudio * CVE-2026-4674: Out of bounds read in CSS * CVE-2026-4675: Heap buffer overflow in WebGL * CVE-2026-4676: Use after free in Dawn * CVE-2026-4677: Out of bounds read in WebAudio * CVE-2026-4678: Use after free in WebGPU * CVE-2026-4679: Integer overflow in Fonts * CVE-2026-4680: Use after free in FedCM Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-96=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64): chromedriver-146.0.7680.164-bp156.2.254.1 chromium-146.0.7680.164-bp156.2.254.1 References: https://www.suse.com/security/cve/CVE-2026-4673.html https://www.suse.com/security/cve/CVE-2026-4674.html https://www.suse.com/security/cve/CVE-2026-4675.html https://www.suse.com/security/cve/CVE-2026-4676.html https://www.suse.com/security/cve/CVE-2026-4677.html https://www.suse.com/security/cve/CVE-2026-4678.html https://www.suse.com/security/cve/CVE-2026-4679.html https://www.suse.com/security/cve/CVE-2026-4680.html https://bugzilla.suse.com/1260376 . A security update for openSUSE addresses 8 important vulnerabilities in Chromium, including heap overflows and out-of-bounds reads.. openSUSE update, Chromium security, important patch, buffer overflow fix, security vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.