Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 203 articles for you...
89

Rising Concerns About Use After Free Vulnerabilities in Fedora 44 Chromium

Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7e82bf89f4 2026-07-12 01:10:38.798635+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 150.0.7871.114 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms *CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Than Ngo - 150.0.7871.114-1 - Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation inNavigation -------------------------------------------------------------------------------- References: [ 1 ] Bug #2498397 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498397 [ 2 ] Bug #2498398 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498398 [ 3 ] Bug #2498404 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498404 [ 4 ] Bug #2498405 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498405 [ 5 ] Bug #2498407 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498407 [ 6 ] Bug #2498408 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498408 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7e82bf89f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for Fedora 44's Chromium resolve numerous use after free issues and integer overflow vulnerabilities.. Fedora 44 Chromium Security Update, Use After Free Vulnerability, Open Source Browser Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 11, 2026 Critical Fedora
100

SUSE MozillaFirefox Important Security Update 2026-2814-1

An update that solves 29 vulnerabilities can now be installed.. # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:2814-1 Release Date: 2026-07-09T12:26:39Z Rating: important References: * bsc#1268071 * bsc#1269226 Cross-References: * CVE-2026-12289 * CVE-2026-12290 * CVE-2026-12291 * CVE-2026-12292 * CVE-2026-12294 * CVE-2026-12295 * CVE-2026-12296 * CVE-2026-12297 * CVE-2026-12298 * CVE-2026-12299 * CVE-2026-12302 * CVE-2026-12304 * CVE-2026-12305 * CVE-2026-12306 * CVE-2026-12307 * CVE-2026-12308 * CVE-2026-12309 * CVE-2026-12310 * CVE-2026-12311 * CVE-2026-12312 * CVE-2026-12313 * CVE-2026-12314 * CVE-2026-12315 * CVE-2026-12324 * CVE-2026-12325 * CVE-2026-12327 * CVE-2026-12328 * CVE-2026-12329 * CVE-2026-12330 CVSS scores: * CVE-2026-12289 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12289 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12290 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12290 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12290 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12292 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-12292 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12292 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12294 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12294 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12294 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( NVD ): 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12296 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12296 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12296 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12297 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12297 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12297 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12298 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12298 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12302 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-12302 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-12304 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12304 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12305 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-12305 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-12306 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12306 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12307 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12307 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12308 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12308 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12309 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-12309 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-12310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12310 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12311 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12311 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12312 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12312 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12313 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12313 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12314 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12314 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12315 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12315 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12324 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-12324 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-12325 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-12325 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-12327 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12327 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-12329 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-12329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12330 ( SUSE ): 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12330 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 29 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Removed obsolete mozilla-nss-certs and recommends p11-kit-nss-trust (bsc#1269226) Update to Firefox 140.12.0 ESR (MFSA 2026-58, bsc#1268071): * CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. * CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12291: Use-after-free in the Networking: HTTP component. * CVE-2026-12292: Incorrect boundary conditions in the Web Audio component. * CVE-2026-12294: Sandbox escape in the DOM: Workers component. * CVE-2026-12295: Sandbox escape in the DOM: Navigation component. * CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12297: Sandbox escape due toincorrect boundary conditions in the Networking component. * CVE-2026-12298: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component. * CVE-2026-12302: Mitigation bypass in the DOM: Security component. * CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component. * CVE-2026-12305: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12306: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12307: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12308: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12309: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12310: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12312: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12314: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12315: Mitigation bypass in the DOM: Security component. * CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component. * CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. * CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. * CVE-2026-12329: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12330: Incorrect boundary conditions in the Internationalization component. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2814=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2814=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2814=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2814=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2814=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2814=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2814=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2814=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2814=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 *MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) *MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * Desktop Applications Module 15-SP7 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 *MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-translations-other-140.12.0-150200.152.245.1 * MozillaFirefox-140.12.0-150200.152.245.1 * MozillaFirefox-debugsource-140.12.0-150200.152.245.1 * MozillaFirefox-debuginfo-140.12.0-150200.152.245.1 * MozillaFirefox-translations-common-140.12.0-150200.152.245.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-140.12.0-150200.152.245.1 ## References: * https://www.suse.com/security/cve/CVE-2026-12289.html * https://www.suse.com/security/cve/CVE-2026-12290.html * https://www.suse.com/security/cve/CVE-2026-12291.html * https://www.suse.com/security/cve/CVE-2026-12292.html * https://www.suse.com/security/cve/CVE-2026-12294.html * https://www.suse.com/security/cve/CVE-2026-12295.html * https://www.suse.com/security/cve/CVE-2026-12296.html * https://www.suse.com/security/cve/CVE-2026-12297.html * https://www.suse.com/security/cve/CVE-2026-12298.html * https://www.suse.com/security/cve/CVE-2026-12299.html * https://www.suse.com/security/cve/CVE-2026-12302.html * https://www.suse.com/security/cve/CVE-2026-12304.html * https://www.suse.com/security/cve/CVE-2026-12305.html * https://www.suse.com/security/cve/CVE-2026-12306.html * https://www.suse.com/security/cve/CVE-2026-12307.html * https://www.suse.com/security/cve/CVE-2026-12308.html * https://www.suse.com/security/cve/CVE-2026-12309.html * https://www.suse.com/security/cve/CVE-2026-12310.html * https://www.suse.com/security/cve/CVE-2026-12311.html * https://www.suse.com/security/cve/CVE-2026-12312.html * https://www.suse.com/security/cve/CVE-2026-12313.html * https://www.suse.com/security/cve/CVE-2026-12314.html *https://www.suse.com/security/cve/CVE-2026-12315.html * https://www.suse.com/security/cve/CVE-2026-12324.html * https://www.suse.com/security/cve/CVE-2026-12325.html * https://www.suse.com/security/cve/CVE-2026-12327.html * https://www.suse.com/security/cve/CVE-2026-12328.html * https://www.suse.com/security/cve/CVE-2026-12329.html * https://www.suse.com/security/cve/CVE-2026-12330.html * https://bugzilla.suse.com/show_bug.cgi?id=1268071 * https://bugzilla.suse.com/show_bug.cgi?id=1269226 . SUSE offers an important update for MozillaFirefox addressing 29 issues including memory safety and sandbox escape vulnerabilities.. MozillaFirefox update, SUSE security advisory, browser security patch, important security updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important SuSE
89

Fedora 44 Chromium Important Integer Overflow & Free Issues 2026-148601cd51

Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-148601cd51 2026-06-29 00:57:02.525524+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 149.0.7827.200 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 26 2026 Than Ngo - 149.0.7827.200-1 - Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-148601cd51' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Important update for Fedora 44 users fixing multiple security issues in Chromium browser. Install to protect your system.. Fedora 44, Chromium, security update, CVE 2026, Linux browser. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 28, 2026 Important Fedora
89

Fedora 44 Chromium Update 429 CVEs Key Security Notice 2026-15e444c3bb

Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-15e444c3bb 2026-06-08 01:23:19.405842+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 149.0.7827.53 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Than Ngo - 149.0.7827.53-1 - Update to 149.0.7827.53 * CVE-2026-10881: Out of bounds read and write in ANGLE * CVE-2026-10882: Use after free in Network * CVE-2026-10883: Out of bounds write in ANGLE * CVE-2026-10884: Use after free in Chromecast * CVE-2026-10885: Use after free in Chrome for iOS * CVE-2026-10886: Use after free in FileSystem * CVE-2026-10887: Use after free in Chromoting * CVE-2026-10888: Use after free in Cast Streaming * CVE-2026-10889: Out of bounds read in ANGLE * CVE-2026-10890: Use after free in Cast * CVE-2026-10891: Use after free in GFX * CVE-2026-10892: Out of bounds write in GPU * CVE-2026-10893: Use after free in Chromoting * CVE-2026-10894: Use after free in Printing * CVE-2026-10895: Use after free in Ozone * CVE-2026-10896: Use after free in Chrome for iOS * CVE-2026-10897: Out of bounds write in GPU * CVE-2026-10898: Stack buffer overflow in GPU * CVE-2026-10899: Use after free in Ozone * CVE-2026-10900: Use after free in Passwords * CVE-2026-10901: Use after free in Passwords *CVE-2026-10902: Use after free in Ozone * CVE-2026-10903: Use after free in WebRTC * CVE-2026-10904: Inappropriate implementation in V8 * CVE-2026-10905: Use after free in Network * CVE-2026-10906: Use after free in WebAuthentication * CVE-2026-10907: Out of bounds write in ANGLE * CVE-2026-10908: Use after free in FullScreen * CVE-2026-10909: Use after free in Dawn * CVE-2026-10910: Type Confusion in V8 * CVE-2026-10911: Insufficient validation of untrusted input in Media * CVE-2026-10912: Insufficient validation of untrusted input in Extensions * CVE-2026-10913: Use after free in ANGLE * CVE-2026-10914: Use after free in ANGLE * CVE-2026-10915: Use after free in Core * CVE-2026-10916: Insufficient validation of untrusted input in DevTools * CVE-2026-10917: Insufficient validation of untrusted input in Media * CVE-2026-10918: Use after free in Viz * CVE-2026-10919: Use after free in ANGLE * CVE-2026-10920: Insufficient validation of untrusted input in WebShare * CVE-2026-10921: Integer overflow in Dawn * CVE-2026-10922: Insufficient validation of untrusted input in DevTools * CVE-2026-10923: Use after free in WebAppInstalls * CVE-2026-10924: Integer overflow in Chromecast * CVE-2026-10925: Out of bounds write in Skia * CVE-2026-10926: Use after free in Cast * CVE-2026-10927: Out of bounds read in Dawn * CVE-2026-10928: Script injection in Headless * CVE-2026-10929: Heap buffer overflow in ANGLE * CVE-2026-10930: Out of bounds read in ANGLE * CVE-2026-10931: Use after free in FileSystem * CVE-2026-10932: Use after free in UI * CVE-2026-10933: Use after free in Audio * CVE-2026-10934: Use after free in Autofill * CVE-2026-10935: Inappropriate implementation in V8 * CVE-2026-10936: Type Confusion in V8 * CVE-2026-10937: Inappropriate implementation in Passwords * CVE-2026-10938: Insufficient validation of untrusted input in Input * CVE-2026-10939: Use after free in WebRTC * CVE-2026-10940: Race inCodecs * CVE-2026-10941: Out of bounds memory access in Skia * CVE-2026-10942: Insufficient validation of untrusted input in UI * CVE-2026-10943: Use after free in WebRTC * CVE-2026-10944: Insufficient policy enforcement in Autofill * CVE-2026-10945: Use after free in PDF * CVE-2026-10946: Heap buffer overflow in Media * CVE-2026-10947: Use after free in WebRTC * CVE-2026-10948: Use after free in WebRTC * CVE-2026-10949: Heap buffer overflow in Video * CVE-2026-10950: Insufficient policy enforcement in Autofill * CVE-2026-10951: Use after free in Autofill * CVE-2026-10952: Use after free in Chrome for iOS * CVE-2026-10953: Use after free in Core * CVE-2026-10954: Use after free in Actor * CVE-2026-10955: Type Confusion in ANGLE * CVE-2026-10956: Use after free in MimeHandlerView * CVE-2026-10957: Use after free in Glic * CVE-2026-10958: Use after free in Chrome for iOS * CVE-2026-10959: Use after free in Input * CVE-2026-10960: Uninitialized Use in Codecs * CVE-2026-10961: Use after free in Chrome for iOS * CVE-2026-10962: Type Confusion in Media * CVE-2026-10963: Integer overflow in V8 * CVE-2026-10964: Integer overflow in V8 * CVE-2026-10965: Integer overflow in DevTools * CVE-2026-10966: Insufficient validation of untrusted input in Codecs * CVE-2026-10967: Use after free in SurfaceCapture * CVE-2026-10968: Insufficient validation of untrusted input in Dawn * CVE-2026-10969: Insufficient validation of untrusted input in Extensions * CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups * CVE-2026-10971: Insufficient validation of untrusted input in Printing * CVE-2026-10972: Use after free in Ozone * CVE-2026-10973: Uninitialized Use in Dawn * CVE-2026-10974: Insufficient validation of untrusted input in ANGLE * CVE-2026-10975: Use after free in WebRTC * CVE-2026-10976: Uninitialized Use in Dawn * CVE-2026-10977: Uninitialized Use in Skia * CVE-2026-10978: Use after free inChromoting * CVE-2026-10979: Out of bounds read in ANGLE * CVE-2026-10980: Insufficient validation of untrusted input in DevTools * CVE-2026-10981: Insufficient validation of untrusted input in Codecs * CVE-2026-10982: Use after free in WebXR * CVE-2026-10983: Insufficient validation of untrusted input in Dawn * CVE-2026-10984: Inappropriate implementation in Accessibility * CVE-2026-10985: Out of bounds read in Skia * CVE-2026-10986: Integer overflow in Media * CVE-2026-10987: Integer overflow in V8 * CVE-2026-10988: Use after free in Views * CVE-2026-10989: Inappropriate implementation in V8 * CVE-2026-10990: Use after free in Glic * CVE-2026-10991: Use after free in V8 * CVE-2026-10992: Insufficient data validation in Animation * CVE-2026-10993: Heap buffer overflow in Skia * CVE-2026-10994: Uninitialized Use in ANGLE * CVE-2026-10995: Heap buffer overflow in TabStrip * CVE-2026-10996: Inappropriate implementation in Workers * CVE-2026-10997: Insufficient policy enforcement in Extensions * CVE-2026-10998: Out of bounds read in Media * CVE-2026-10999: Out of bounds memory access in ANGLE * CVE-2026-11000: Use after free in Fonts * CVE-2026-11001: Incorrect security UI in Payments * CVE-2026-11002: Use after free in Autofill * CVE-2026-11003: Use after free in WebRTC * CVE-2026-11004: Out of bounds read in ANGLE * CVE-2026-11005: Out of bounds read in ANGLE * CVE-2026-11006: Out of bounds read in Dawn * CVE-2026-11007: Insufficient validation of untrusted input in WebView * CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11009: Use after free in USB * CVE-2026-11010: Use after free in WebShare * CVE-2026-11011: Insufficient policy enforcement in Password Manager * CVE-2026-11012: Use after free in Serial * CVE-2026-11013: Insufficient validation of untrusted input in Network * CVE-2026-11014: Insufficient policy enforcement in Extensions * CVE-2026-11015: Out ofbounds read in WebGPU * CVE-2026-11016: Insufficient validation of untrusted input in Network * CVE-2026-11017: Inappropriate implementation in Link Preview * CVE-2026-11018: Insufficient policy enforcement in Actor * CVE-2026-11019: Inappropriate implementation in Payments * CVE-2026-11020: Inappropriate implementation in Extensions * CVE-2026-11021: Insufficient validation of untrusted input in GPU * CVE-2026-11022: Insufficient validation of untrusted input in DevTools * CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11024: Stack buffer overflow in Skia * CVE-2026-11025: Insufficient policy enforcement in Navigation * CVE-2026-11026: Insufficient policy enforcement in Extensions * CVE-2026-11027: Insufficient validation of untrusted input in Glic * CVE-2026-11028: Use after free in Media * CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop * CVE-2026-11030: Use after free in Network * CVE-2026-11031: Insufficient validation of untrusted input in Password Manager * CVE-2026-11032: Insufficient data validation in Password Manager * CVE-2026-11033: Uninitialized Use in WebML * CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync * CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs * CVE-2026-11036: Inappropriate implementation in DOM * CVE-2026-11037: Out of bounds write in Codecs * CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity * CVE-2026-11039: Uninitialized Use in Skia * CVE-2026-11040: Use after free in ANGLE * CVE-2026-11041: Insufficient validation of untrusted input in Media * CVE-2026-11042: Use after free in Views * CVE-2026-11043: Out of bounds write in ANGLE * CVE-2026-11044: Integer overflow in ANGLE * CVE-2026-11045: Insufficient validation of untrusted input in GPU * CVE-2026-11046: Insufficient validation of untrusted input in Media * CVE-2026-11047:Insufficient validation of untrusted input in Base * CVE-2026-11048: Inappropriate implementation in Extensions * CVE-2026-11049: Use after free in Password Manager * CVE-2026-11050: Use after free in V8 * CVE-2026-11051: Out of bounds read in ANGLE * CVE-2026-11052: Type Confusion in GPU * CVE-2026-11053: VULNERABILITY in WebRTC * CVE-2026-11054: Use after free in WebRTC * CVE-2026-11055: Use after free in ANGLE * CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-11057: Uninitialized Use in Skia * CVE-2026-11058: Integer overflow in CredentialProvider * CVE-2026-11059: Use after free in Blink * CVE-2026-11060: Use after free in Media * CVE-2026-11061: Out of bounds read in ANGLE * CVE-2026-11062: Insufficient policy enforcement in Extensions * CVE-2026-11063: Insufficient validation of untrusted input in WebNN * CVE-2026-11064: Uninitialized Use in GPU * CVE-2026-11065: Use after free in ANGLE * CVE-2026-11066: Insufficient validation of untrusted input in ANGLE * CVE-2026-11067: Uninitialized Use in Dawn * CVE-2026-11068: Use after free in WebSockets * CVE-2026-11069: Insufficient validation of untrusted input in Cast * CVE-2026-11070: Insufficient validation of untrusted input in Chromoting * CVE-2026-11071: Use after free in Base * CVE-2026-11072: Use after free in WebView * CVE-2026-11073: Use after free in WebGL * CVE-2026-11074: Use after free in WebRTC * CVE-2026-11075: Out of bounds read in V8 * CVE-2026-11076: Type Confusion in CSS * CVE-2026-11077: Out of bounds read in Dawn * CVE-2026-11078: Insufficient validation of untrusted input in FileSystem * CVE-2026-11079: Insufficient validation of untrusted input in Codecs * CVE-2026-11080: Use after free in WebView * CVE-2026-11081: Policy bypass in Canvas * CVE-2026-11082: Use after free in GPU * CVE-2026-11083: Inappropriate implementation in Password Manager * CVE-2026-11084: Inappropriate implementation inPassword Manager * CVE-2026-11085: Integer overflow in GPU * CVE-2026-11086: Insufficient validation of untrusted input in Dawn * CVE-2026-11087: Uninitialized Use in ANGLE * CVE-2026-11088: Integer overflow in ANGLE * CVE-2026-11089: Uninitialized Use in Media * CVE-2026-11090: Uninitialized Use in ANGLE * CVE-2026-11091: Inappropriate implementation in Dawn * CVE-2026-11092: Insufficient policy enforcement in DevTools * CVE-2026-11093: Insufficient validation of untrusted input in Printing * CVE-2026-11094: Use after free in Codecs * CVE-2026-11095: Insufficient validation of untrusted input in Codecs * CVE-2026-11096: Out of bounds read in WebRTC * CVE-2026-11097: Inappropriate implementation in WebView * CVE-2026-11098: Insufficient validation of untrusted input in GPU * CVE-2026-11099: Vulnerability in Skia * CVE-2026-11100: Use after free in File Input * CVE-2026-11101: Uninitialized Use in Dawn * CVE-2026-11102: Inappropriate implementation in Isolated Web Apps * CVE-2026-11103: Inappropriate implementation in Installer * CVE-2026-11104: Uninitialized Use in ANGLE * CVE-2026-11105: Insufficient validation of untrusted input in WebUI * CVE-2026-11106: Inappropriate implementation in Media * CVE-2026-11107: Inappropriate implementation in Downloads * CVE-2026-11108: Inappropriate implementation in NFC * CVE-2026-11109: Uninitialized Use in ANGLE * CVE-2026-11110: Uninitialized Use in ANGLE * CVE-2026-11111: Out of bounds read in ANGLE * CVE-2026-11112: Insufficient validation of untrusted input in Chromoting * CVE-2026-11113: Insufficient validation of untrusted input in ANGLE * CVE-2026-11114: Use after free in Device Trust * CVE-2026-11115: Use after free in Updater * CVE-2026-11116: Use after free in Chromoting * CVE-2026-11117: Use after free in Views * CVE-2026-11118: Use after free in WebRTC * CVE-2026-11119: Insufficient validation of untrusted input in GPU * CVE-2026-11120: Insufficientvalidation of untrusted input in Enterprise Reporting * CVE-2026-11121: Insufficient validation of untrusted input in Skia * CVE-2026-11122: Inappropriate implementation in Keyboard * CVE-2026-11123: Uninitialized Use in ANGLE * CVE-2026-11124: Heap buffer overflow in Skia * CVE-2026-11125: Use after free in Compositing * CVE-2026-11126: Insufficient validation of untrusted input in DevTools * CVE-2026-11127: Inappropriate implementation in WebAPKs * CVE-2026-11128: Insufficient validation of untrusted input in Web Share * CVE-2026-11129: Inappropriate implementation in Extensions * CVE-2026-11130: Use after free in Media * CVE-2026-11131: Use after free in Autofill * CVE-2026-11132: Policy bypass in Paint * CVE-2026-11133: Insufficient policy enforcement in Paint * CVE-2026-11134: Insufficient data validation in Media * CVE-2026-11135: Insufficient policy enforcement in Autofill * CVE-2026-11136: Use after free in Canvas * CVE-2026-11137: Uninitialized Use in ANGLE * CVE-2026-11138: Uninitialized Use in ANGLE * CVE-2026-11139: Policy bypass in Paint * CVE-2026-11140: Insufficient validation of untrusted input in Chromecast * CVE-2026-11141: Uninitialized Use in Audio * CVE-2026-11142: Policy bypass in Paint * CVE-2026-11143: Heap buffer overflow in Extensions * CVE-2026-11144: Use after free in Media * CVE-2026-11145: Race in Geolocation * CVE-2026-11146: Insufficient validation of untrusted input in Chromoting * CVE-2026-11147: Use after free in WebML * CVE-2026-11148: Inappropriate implementation in Payments * CVE-2026-11149: Insufficient validation of untrusted input in Extensions * CVE-2026-11150: Inappropriate implementation in XML * CVE-2026-11151: Insufficient validation of untrusted input in Password Manager * CVE-2026-11152: Object lifecycle issue in Dawn * CVE-2026-11153: Side-channel information leakage in Forms * CVE-2026-11154: Use after free in Dawn * CVE-2026-11155: Insufficient policyenforcement in CSS * CVE-2026-11156: Inappropriate implementation in CSS * CVE-2026-11157: Script injection in Accessibility * CVE-2026-11158: Insufficient validation of untrusted input in Downloads * CVE-2026-11159: Uninitialized Use in Skia * CVE-2026-11160: Out of bounds read in Input * CVE-2026-11161: Insufficient data validation in DataTransfer * CVE-2026-11162: Insufficient policy enforcement in CSS * CVE-2026-11163: Use after free in Messages * CVE-2026-11164: Use after free in Blink * CVE-2026-11165: Use after free in WebMIDI * CVE-2026-11166: Inappropriate implementation in SVG * CVE-2026-11167: Inappropriate implementation in WebView * CVE-2026-11168: Insufficient policy enforcement in Extensions * CVE-2026-11169: Inappropriate implementation in XML * CVE-2026-11170: Inappropriate implementation in Chromoting * CVE-2026-11171: Integer overflow in Blink * CVE-2026-11172: Incorrect security UI in Contact Picker * CVE-2026-11173: Out of bounds write in V8 * CVE-2026-11174: Insufficient policy enforcement in Site Isolation * CVE-2026-11175: Incorrect security UI in Messages * CVE-2026-11176: Inappropriate implementation in Media * CVE-2026-11177: Use after free in Omnibox * CVE-2026-11178: Policy bypass in WebView * CVE-2026-11179: Inappropriate implementation in ORB * CVE-2026-11180: Policy bypass in SVG * CVE-2026-11181: Inappropriate implementation in Media Session * CVE-2026-11182: Inappropriate implementation in SVG * CVE-2026-11183: Out of bounds read in GWP-ASan * CVE-2026-11184: Insufficient policy enforcement in Actor * CVE-2026-11185: Use after free in V8 * CVE-2026-11186: Inappropriate implementation in CSS * CVE-2026-11187: Insufficient policy enforcement in Glic * CVE-2026-11188: Use after free in USB * CVE-2026-11189: Insufficient validation of untrusted input in DevTools * CVE-2026-11190: Insufficient policy enforcement in Extensions * CVE-2026-11191: Out of bounds memory access inANGLE * CVE-2026-11192: Insufficient validation of untrusted input in Password Manager * CVE-2026-11193: Insufficient policy enforcement in Password Manager * CVE-2026-11194: Inappropriate implementation in Network * CVE-2026-11195: Inappropriate implementation in MHTML * CVE-2026-11196: Type Confusion in XML * CVE-2026-11197: Insufficient policy enforcement in Workers * CVE-2026-11198: Insufficient validation of untrusted input in Codecs * CVE-2026-11199: Insufficient validation of untrusted input in WebRTC * CVE-2026-11200: Inappropriate implementation in WebRTC * CVE-2026-11201: Use after free in ServiceWorker * CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11203: Policy bypass in GPU * CVE-2026-11204: Inappropriate implementation in Signin * CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11206: Policy bypass in ServiceWorker * CVE-2026-11207: Insufficient validation of untrusted input in Autofill * CVE-2026-11208: Use after free in Codecs * CVE-2026-11209: Insufficient policy enforcement in Passwords * CVE-2026-11210: Insufficient policy enforcement in Safe Browsing * CVE-2026-11211: Integer overflow in V8 * CVE-2026-11212: Insufficient policy enforcement in DevTools * CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode * CVE-2026-11214: Inappropriate implementation in Chrome for iOS * CVE-2026-11215: Inappropriate implementation in Cronet * CVE-2026-11216: Incorrect security UI in File Input * CVE-2026-11217: Insufficient policy enforcement in Fenced Frames * CVE-2026-11218: Inappropriate implementation in PlatformIntegration * CVE-2026-11219: Insufficient data validation in Navigation * CVE-2026-11220: Insufficient validation of untrusted input in Navigation * CVE-2026-11221: Insufficient validation of untrusted input in PointerLock * CVE-2026-11222: Incorrect security UI in Tab Strip * CVE-2026-11223:Insufficient validation of untrusted input in Network * CVE-2026-11224: Use after free in Chromoting * CVE-2026-11225: Incorrect security UI in WebUI * CVE-2026-11226: Insufficient policy enforcement in PreviewTab * CVE-2026-11227: Incorrect security UI in Tab Hover Cards * CVE-2026-11228: Incorrect security UI in File Input * CVE-2026-11229: Insufficient policy enforcement in Enterprise * CVE-2026-11230: Use after free in Extensions * CVE-2026-11231: Inappropriate implementation in Safe Browsing * CVE-2026-11232: Inappropriate implementation in TabGroups * CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs * CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs * CVE-2026-11235: Insufficient validation of untrusted input in Compositing * CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth * CVE-2026-11237: Insufficient validation of untrusted input in Media * CVE-2026-11238: Inappropriate implementation in DevTools * CVE-2026-11239: Insufficient validation of untrusted input in Extensions * CVE-2026-11240: Insufficient validation of untrusted input in Loader * CVE-2026-11241: Insufficient validation of untrusted input in Cast * CVE-2026-11242: Insufficient validation of untrusted input in Plugins * CVE-2026-11243: Incorrect security UI in Downloads * CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication * CVE-2026-11245: Inappropriate implementation in Payments * CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB * CVE-2026-11247: Insufficient policy enforcement in CustomTabs * CVE-2026-11248: Policy bypass in Google Lens * CVE-2026-11249: Use after free in Network * CVE-2026-11250: Inappropriate implementation in DevTools * CVE-2026-11251: Insufficient validation of untrusted input in Password Manager * CVE-2026-11252: Policy bypass in Content Settings * CVE-2026-11253: Race in Permissions * CVE-2026-11254: Inappropriateimplementation in Permissions * CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API * CVE-2026-11256: Out of bounds read in GPU * CVE-2026-11257: Inappropriate implementation in Browser * CVE-2026-11258: Inappropriate implementation in File System Access * CVE-2026-11259: Insufficient validation of untrusted input in Cast * CVE-2026-11260: Policy bypass in Permissions * CVE-2026-11261: Insufficient validation of untrusted input in PDF * CVE-2026-11262: Use after free in TabStrip * CVE-2026-11263: Insufficient policy enforcement in WebAuthentication * CVE-2026-11264: Policy bypass in Content Security Policy * CVE-2026-11265: Insufficient data validation in Autofill * CVE-2026-11266: Policy bypass in SafeBrowsing * CVE-2026-11267: Insufficient policy enforcement in Extensions * CVE-2026-11268: Uninitialized Use in ANGLE * CVE-2026-11269: Inappropriate implementation in Extensions * CVE-2026-11270: Inappropriate implementation in UI * CVE-2026-11271: Incorrect security UI in Passwords * CVE-2026-11272: Insufficient validation of untrusted input in Reading List * CVE-2026-11273: Insufficient validation of untrusted input in Omnibox * CVE-2026-11274: Inappropriate implementation in DOM Distiller * CVE-2026-11275: Insufficient policy enforcement in Page Info * CVE-2026-11276: Inappropriate implementation in Cast * CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11278: Inappropriate implementation in CustomTabs * CVE-2026-11279: Out of bounds read in DevTools * CVE-2026-11280: Insufficient validation of untrusted input in Signin * CVE-2026-11281: Integer overflow in Chromoting * CVE-2026-11282: Policy bypass in Sandbox * CVE-2026-11283: Policy bypass in Shortcuts * CVE-2026-11284: Side-channel information leakage in PerformanceAPIs * CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11286: Insufficient validation of untrusted input inWallet * CVE-2026-11287: Insufficient validation of untrusted input in Navigation * CVE-2026-11288: Policy bypass in CSS * CVE-2026-11289: Side-channel information leakage in Paint * CVE-2026-11290: Integer overflow in WebView * CVE-2026-11291: Policy bypass in Android Autofill * CVE-2026-11292: Policy bypass in Blink * CVE-2026-11293: Use after free in Input * CVE-2026-11294: Inappropriate implementation in Passwords * CVE-2026-11295: Inappropriate implementation in WebView * CVE-2026-11296: Inappropriate implementation in ImageCapture * CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode * CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11299: Out of bounds read in Fonts * CVE-2026-11300: Inappropriate implementation in Permissions * CVE-2026-11301: Out of bounds read in LiveCaption * CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11303: Use after free in PDFium * CVE-2026-11304: Use after free in PDFium * CVE-2026-11305: Use after free in PDFium * CVE-2026-11306: Use after free in PDFium * CVE-2026-11307: Use after free in PDFium * CVE-2026-11308: Inappropriate implementation in Extensions * CVE-2026-11309: Insufficient policy enforcement in History -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-15e444c3bb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora 44 Chromium fixes 429 CVEs including critical security issues. Ensure timely updates for protection.. Chromium Update, Fedora 44, Browser Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important Fedora
89

Fedora 44 Chromium Critical Update Fixing 429 CVEs 2026-15e444c3bb

Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-15e444c3bb 2026-06-08 01:23:19.405842+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 149.0.7827.53 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.53 fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Than Ngo - 149.0.7827.53-1 - Update to 149.0.7827.53 * CVE-2026-10881: Out of bounds read and write in ANGLE * CVE-2026-10882: Use after free in Network * CVE-2026-10883: Out of bounds write in ANGLE * CVE-2026-10884: Use after free in Chromecast * CVE-2026-10885: Use after free in Chrome for iOS * CVE-2026-10886: Use after free in FileSystem * CVE-2026-10887: Use after free in Chromoting * CVE-2026-10888: Use after free in Cast Streaming * CVE-2026-10889: Out of bounds read in ANGLE * CVE-2026-10890: Use after free in Cast * CVE-2026-10891: Use after free in GFX * CVE-2026-10892: Out of bounds write in GPU * CVE-2026-10893: Use after free in Chromoting * CVE-2026-10894: Use after free in Printing * CVE-2026-10895: Use after free in Ozone * CVE-2026-10896: Use after free in Chrome for iOS * CVE-2026-10897: Out of bounds write in GPU * CVE-2026-10898: Stack buffer overflow in GPU * CVE-2026-10899: Use after free in Ozone * CVE-2026-10900: Use after free in Passwords * CVE-2026-10901: Use after free in Passwords *CVE-2026-10902: Use after free in Ozone * CVE-2026-10903: Use after free in WebRTC * CVE-2026-10904: Inappropriate implementation in V8 * CVE-2026-10905: Use after free in Network * CVE-2026-10906: Use after free in WebAuthentication * CVE-2026-10907: Out of bounds write in ANGLE * CVE-2026-10908: Use after free in FullScreen * CVE-2026-10909: Use after free in Dawn * CVE-2026-10910: Type Confusion in V8 * CVE-2026-10911: Insufficient validation of untrusted input in Media * CVE-2026-10912: Insufficient validation of untrusted input in Extensions * CVE-2026-10913: Use after free in ANGLE * CVE-2026-10914: Use after free in ANGLE * CVE-2026-10915: Use after free in Core * CVE-2026-10916: Insufficient validation of untrusted input in DevTools * CVE-2026-10917: Insufficient validation of untrusted input in Media * CVE-2026-10918: Use after free in Viz * CVE-2026-10919: Use after free in ANGLE * CVE-2026-10920: Insufficient validation of untrusted input in WebShare * CVE-2026-10921: Integer overflow in Dawn * CVE-2026-10922: Insufficient validation of untrusted input in DevTools * CVE-2026-10923: Use after free in WebAppInstalls * CVE-2026-10924: Integer overflow in Chromecast * CVE-2026-10925: Out of bounds write in Skia * CVE-2026-10926: Use after free in Cast * CVE-2026-10927: Out of bounds read in Dawn * CVE-2026-10928: Script injection in Headless * CVE-2026-10929: Heap buffer overflow in ANGLE * CVE-2026-10930: Out of bounds read in ANGLE * CVE-2026-10931: Use after free in FileSystem * CVE-2026-10932: Use after free in UI * CVE-2026-10933: Use after free in Audio * CVE-2026-10934: Use after free in Autofill * CVE-2026-10935: Inappropriate implementation in V8 * CVE-2026-10936: Type Confusion in V8 * CVE-2026-10937: Inappropriate implementation in Passwords * CVE-2026-10938: Insufficient validation of untrusted input in Input * CVE-2026-10939: Use after free in WebRTC * CVE-2026-10940: Race inCodecs * CVE-2026-10941: Out of bounds memory access in Skia * CVE-2026-10942: Insufficient validation of untrusted input in UI * CVE-2026-10943: Use after free in WebRTC * CVE-2026-10944: Insufficient policy enforcement in Autofill * CVE-2026-10945: Use after free in PDF * CVE-2026-10946: Heap buffer overflow in Media * CVE-2026-10947: Use after free in WebRTC * CVE-2026-10948: Use after free in WebRTC * CVE-2026-10949: Heap buffer overflow in Video * CVE-2026-10950: Insufficient policy enforcement in Autofill * CVE-2026-10951: Use after free in Autofill * CVE-2026-10952: Use after free in Chrome for iOS * CVE-2026-10953: Use after free in Core * CVE-2026-10954: Use after free in Actor * CVE-2026-10955: Type Confusion in ANGLE * CVE-2026-10956: Use after free in MimeHandlerView * CVE-2026-10957: Use after free in Glic * CVE-2026-10958: Use after free in Chrome for iOS * CVE-2026-10959: Use after free in Input * CVE-2026-10960: Uninitialized Use in Codecs * CVE-2026-10961: Use after free in Chrome for iOS * CVE-2026-10962: Type Confusion in Media * CVE-2026-10963: Integer overflow in V8 * CVE-2026-10964: Integer overflow in V8 * CVE-2026-10965: Integer overflow in DevTools * CVE-2026-10966: Insufficient validation of untrusted input in Codecs * CVE-2026-10967: Use after free in SurfaceCapture * CVE-2026-10968: Insufficient validation of untrusted input in Dawn * CVE-2026-10969: Insufficient validation of untrusted input in Extensions * CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups * CVE-2026-10971: Insufficient validation of untrusted input in Printing * CVE-2026-10972: Use after free in Ozone * CVE-2026-10973: Uninitialized Use in Dawn * CVE-2026-10974: Insufficient validation of untrusted input in ANGLE * CVE-2026-10975: Use after free in WebRTC * CVE-2026-10976: Uninitialized Use in Dawn * CVE-2026-10977: Uninitialized Use in Skia * CVE-2026-10978: Use after free inChromoting * CVE-2026-10979: Out of bounds read in ANGLE * CVE-2026-10980: Insufficient validation of untrusted input in DevTools * CVE-2026-10981: Insufficient validation of untrusted input in Codecs * CVE-2026-10982: Use after free in WebXR * CVE-2026-10983: Insufficient validation of untrusted input in Dawn * CVE-2026-10984: Inappropriate implementation in Accessibility * CVE-2026-10985: Out of bounds read in Skia * CVE-2026-10986: Integer overflow in Media * CVE-2026-10987: Integer overflow in V8 * CVE-2026-10988: Use after free in Views * CVE-2026-10989: Inappropriate implementation in V8 * CVE-2026-10990: Use after free in Glic * CVE-2026-10991: Use after free in V8 * CVE-2026-10992: Insufficient data validation in Animation * CVE-2026-10993: Heap buffer overflow in Skia * CVE-2026-10994: Uninitialized Use in ANGLE * CVE-2026-10995: Heap buffer overflow in TabStrip * CVE-2026-10996: Inappropriate implementation in Workers * CVE-2026-10997: Insufficient policy enforcement in Extensions * CVE-2026-10998: Out of bounds read in Media * CVE-2026-10999: Out of bounds memory access in ANGLE * CVE-2026-11000: Use after free in Fonts * CVE-2026-11001: Incorrect security UI in Payments * CVE-2026-11002: Use after free in Autofill * CVE-2026-11003: Use after free in WebRTC * CVE-2026-11004: Out of bounds read in ANGLE * CVE-2026-11005: Out of bounds read in ANGLE * CVE-2026-11006: Out of bounds read in Dawn * CVE-2026-11007: Insufficient validation of untrusted input in WebView * CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11009: Use after free in USB * CVE-2026-11010: Use after free in WebShare * CVE-2026-11011: Insufficient policy enforcement in Password Manager * CVE-2026-11012: Use after free in Serial * CVE-2026-11013: Insufficient validation of untrusted input in Network * CVE-2026-11014: Insufficient policy enforcement in Extensions * CVE-2026-11015: Out ofbounds read in WebGPU * CVE-2026-11016: Insufficient validation of untrusted input in Network * CVE-2026-11017: Inappropriate implementation in Link Preview * CVE-2026-11018: Insufficient policy enforcement in Actor * CVE-2026-11019: Inappropriate implementation in Payments * CVE-2026-11020: Inappropriate implementation in Extensions * CVE-2026-11021: Insufficient validation of untrusted input in GPU * CVE-2026-11022: Insufficient validation of untrusted input in DevTools * CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-11024: Stack buffer overflow in Skia * CVE-2026-11025: Insufficient policy enforcement in Navigation * CVE-2026-11026: Insufficient policy enforcement in Extensions * CVE-2026-11027: Insufficient validation of untrusted input in Glic * CVE-2026-11028: Use after free in Media * CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop * CVE-2026-11030: Use after free in Network * CVE-2026-11031: Insufficient validation of untrusted input in Password Manager * CVE-2026-11032: Insufficient data validation in Password Manager * CVE-2026-11033: Uninitialized Use in WebML * CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync * CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs * CVE-2026-11036: Inappropriate implementation in DOM * CVE-2026-11037: Out of bounds write in Codecs * CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity * CVE-2026-11039: Uninitialized Use in Skia * CVE-2026-11040: Use after free in ANGLE * CVE-2026-11041: Insufficient validation of untrusted input in Media * CVE-2026-11042: Use after free in Views * CVE-2026-11043: Out of bounds write in ANGLE * CVE-2026-11044: Integer overflow in ANGLE * CVE-2026-11045: Insufficient validation of untrusted input in GPU * CVE-2026-11046: Insufficient validation of untrusted input in Media * CVE-2026-11047:Insufficient validation of untrusted input in Base * CVE-2026-11048: Inappropriate implementation in Extensions * CVE-2026-11049: Use after free in Password Manager * CVE-2026-11050: Use after free in V8 * CVE-2026-11051: Out of bounds read in ANGLE * CVE-2026-11052: Type Confusion in GPU * CVE-2026-11053: VULNERABILITY in WebRTC * CVE-2026-11054: Use after free in WebRTC * CVE-2026-11055: Use after free in ANGLE * CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-11057: Uninitialized Use in Skia * CVE-2026-11058: Integer overflow in CredentialProvider * CVE-2026-11059: Use after free in Blink * CVE-2026-11060: Use after free in Media * CVE-2026-11061: Out of bounds read in ANGLE * CVE-2026-11062: Insufficient policy enforcement in Extensions * CVE-2026-11063: Insufficient validation of untrusted input in WebNN * CVE-2026-11064: Uninitialized Use in GPU * CVE-2026-11065: Use after free in ANGLE * CVE-2026-11066: Insufficient validation of untrusted input in ANGLE * CVE-2026-11067: Uninitialized Use in Dawn * CVE-2026-11068: Use after free in WebSockets * CVE-2026-11069: Insufficient validation of untrusted input in Cast * CVE-2026-11070: Insufficient validation of untrusted input in Chromoting * CVE-2026-11071: Use after free in Base * CVE-2026-11072: Use after free in WebView * CVE-2026-11073: Use after free in WebGL * CVE-2026-11074: Use after free in WebRTC * CVE-2026-11075: Out of bounds read in V8 * CVE-2026-11076: Type Confusion in CSS * CVE-2026-11077: Out of bounds read in Dawn * CVE-2026-11078: Insufficient validation of untrusted input in FileSystem * CVE-2026-11079: Insufficient validation of untrusted input in Codecs * CVE-2026-11080: Use after free in WebView * CVE-2026-11081: Policy bypass in Canvas * CVE-2026-11082: Use after free in GPU * CVE-2026-11083: Inappropriate implementation in Password Manager * CVE-2026-11084: Inappropriate implementation inPassword Manager * CVE-2026-11085: Integer overflow in GPU * CVE-2026-11086: Insufficient validation of untrusted input in Dawn * CVE-2026-11087: Uninitialized Use in ANGLE * CVE-2026-11088: Integer overflow in ANGLE * CVE-2026-11089: Uninitialized Use in Media * CVE-2026-11090: Uninitialized Use in ANGLE * CVE-2026-11091: Inappropriate implementation in Dawn * CVE-2026-11092: Insufficient policy enforcement in DevTools * CVE-2026-11093: Insufficient validation of untrusted input in Printing * CVE-2026-11094: Use after free in Codecs * CVE-2026-11095: Insufficient validation of untrusted input in Codecs * CVE-2026-11096: Out of bounds read in WebRTC * CVE-2026-11097: Inappropriate implementation in WebView * CVE-2026-11098: Insufficient validation of untrusted input in GPU * CVE-2026-11099: Vulnerability in Skia * CVE-2026-11100: Use after free in File Input * CVE-2026-11101: Uninitialized Use in Dawn * CVE-2026-11102: Inappropriate implementation in Isolated Web Apps * CVE-2026-11103: Inappropriate implementation in Installer * CVE-2026-11104: Uninitialized Use in ANGLE * CVE-2026-11105: Insufficient validation of untrusted input in WebUI * CVE-2026-11106: Inappropriate implementation in Media * CVE-2026-11107: Inappropriate implementation in Downloads * CVE-2026-11108: Inappropriate implementation in NFC * CVE-2026-11109: Uninitialized Use in ANGLE * CVE-2026-11110: Uninitialized Use in ANGLE * CVE-2026-11111: Out of bounds read in ANGLE * CVE-2026-11112: Insufficient validation of untrusted input in Chromoting * CVE-2026-11113: Insufficient validation of untrusted input in ANGLE * CVE-2026-11114: Use after free in Device Trust * CVE-2026-11115: Use after free in Updater * CVE-2026-11116: Use after free in Chromoting * CVE-2026-11117: Use after free in Views * CVE-2026-11118: Use after free in WebRTC * CVE-2026-11119: Insufficient validation of untrusted input in GPU * CVE-2026-11120: Insufficientvalidation of untrusted input in Enterprise Reporting * CVE-2026-11121: Insufficient validation of untrusted input in Skia * CVE-2026-11122: Inappropriate implementation in Keyboard * CVE-2026-11123: Uninitialized Use in ANGLE * CVE-2026-11124: Heap buffer overflow in Skia * CVE-2026-11125: Use after free in Compositing * CVE-2026-11126: Insufficient validation of untrusted input in DevTools * CVE-2026-11127: Inappropriate implementation in WebAPKs * CVE-2026-11128: Insufficient validation of untrusted input in Web Share * CVE-2026-11129: Inappropriate implementation in Extensions * CVE-2026-11130: Use after free in Media * CVE-2026-11131: Use after free in Autofill * CVE-2026-11132: Policy bypass in Paint * CVE-2026-11133: Insufficient policy enforcement in Paint * CVE-2026-11134: Insufficient data validation in Media * CVE-2026-11135: Insufficient policy enforcement in Autofill * CVE-2026-11136: Use after free in Canvas * CVE-2026-11137: Uninitialized Use in ANGLE * CVE-2026-11138: Uninitialized Use in ANGLE * CVE-2026-11139: Policy bypass in Paint * CVE-2026-11140: Insufficient validation of untrusted input in Chromecast * CVE-2026-11141: Uninitialized Use in Audio * CVE-2026-11142: Policy bypass in Paint * CVE-2026-11143: Heap buffer overflow in Extensions * CVE-2026-11144: Use after free in Media * CVE-2026-11145: Race in Geolocation * CVE-2026-11146: Insufficient validation of untrusted input in Chromoting * CVE-2026-11147: Use after free in WebML * CVE-2026-11148: Inappropriate implementation in Payments * CVE-2026-11149: Insufficient validation of untrusted input in Extensions * CVE-2026-11150: Inappropriate implementation in XML * CVE-2026-11151: Insufficient validation of untrusted input in Password Manager * CVE-2026-11152: Object lifecycle issue in Dawn * CVE-2026-11153: Side-channel information leakage in Forms * CVE-2026-11154: Use after free in Dawn * CVE-2026-11155: Insufficient policyenforcement in CSS * CVE-2026-11156: Inappropriate implementation in CSS * CVE-2026-11157: Script injection in Accessibility * CVE-2026-11158: Insufficient validation of untrusted input in Downloads * CVE-2026-11159: Uninitialized Use in Skia * CVE-2026-11160: Out of bounds read in Input * CVE-2026-11161: Insufficient data validation in DataTransfer * CVE-2026-11162: Insufficient policy enforcement in CSS * CVE-2026-11163: Use after free in Messages * CVE-2026-11164: Use after free in Blink * CVE-2026-11165: Use after free in WebMIDI * CVE-2026-11166: Inappropriate implementation in SVG * CVE-2026-11167: Inappropriate implementation in WebView * CVE-2026-11168: Insufficient policy enforcement in Extensions * CVE-2026-11169: Inappropriate implementation in XML * CVE-2026-11170: Inappropriate implementation in Chromoting * CVE-2026-11171: Integer overflow in Blink * CVE-2026-11172: Incorrect security UI in Contact Picker * CVE-2026-11173: Out of bounds write in V8 * CVE-2026-11174: Insufficient policy enforcement in Site Isolation * CVE-2026-11175: Incorrect security UI in Messages * CVE-2026-11176: Inappropriate implementation in Media * CVE-2026-11177: Use after free in Omnibox * CVE-2026-11178: Policy bypass in WebView * CVE-2026-11179: Inappropriate implementation in ORB * CVE-2026-11180: Policy bypass in SVG * CVE-2026-11181: Inappropriate implementation in Media Session * CVE-2026-11182: Inappropriate implementation in SVG * CVE-2026-11183: Out of bounds read in GWP-ASan * CVE-2026-11184: Insufficient policy enforcement in Actor * CVE-2026-11185: Use after free in V8 * CVE-2026-11186: Inappropriate implementation in CSS * CVE-2026-11187: Insufficient policy enforcement in Glic * CVE-2026-11188: Use after free in USB * CVE-2026-11189: Insufficient validation of untrusted input in DevTools * CVE-2026-11190: Insufficient policy enforcement in Extensions * CVE-2026-11191: Out of bounds memory access inANGLE * CVE-2026-11192: Insufficient validation of untrusted input in Password Manager * CVE-2026-11193: Insufficient policy enforcement in Password Manager * CVE-2026-11194: Inappropriate implementation in Network * CVE-2026-11195: Inappropriate implementation in MHTML * CVE-2026-11196: Type Confusion in XML * CVE-2026-11197: Insufficient policy enforcement in Workers * CVE-2026-11198: Insufficient validation of untrusted input in Codecs * CVE-2026-11199: Insufficient validation of untrusted input in WebRTC * CVE-2026-11200: Inappropriate implementation in WebRTC * CVE-2026-11201: Use after free in ServiceWorker * CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11203: Policy bypass in GPU * CVE-2026-11204: Inappropriate implementation in Signin * CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-11206: Policy bypass in ServiceWorker * CVE-2026-11207: Insufficient validation of untrusted input in Autofill * CVE-2026-11208: Use after free in Codecs * CVE-2026-11209: Insufficient policy enforcement in Passwords * CVE-2026-11210: Insufficient policy enforcement in Safe Browsing * CVE-2026-11211: Integer overflow in V8 * CVE-2026-11212: Insufficient policy enforcement in DevTools * CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode * CVE-2026-11214: Inappropriate implementation in Chrome for iOS * CVE-2026-11215: Inappropriate implementation in Cronet * CVE-2026-11216: Incorrect security UI in File Input * CVE-2026-11217: Insufficient policy enforcement in Fenced Frames * CVE-2026-11218: Inappropriate implementation in PlatformIntegration * CVE-2026-11219: Insufficient data validation in Navigation * CVE-2026-11220: Insufficient validation of untrusted input in Navigation * CVE-2026-11221: Insufficient validation of untrusted input in PointerLock * CVE-2026-11222: Incorrect security UI in Tab Strip * CVE-2026-11223:Insufficient validation of untrusted input in Network * CVE-2026-11224: Use after free in Chromoting * CVE-2026-11225: Incorrect security UI in WebUI * CVE-2026-11226: Insufficient policy enforcement in PreviewTab * CVE-2026-11227: Incorrect security UI in Tab Hover Cards * CVE-2026-11228: Incorrect security UI in File Input * CVE-2026-11229: Insufficient policy enforcement in Enterprise * CVE-2026-11230: Use after free in Extensions * CVE-2026-11231: Inappropriate implementation in Safe Browsing * CVE-2026-11232: Inappropriate implementation in TabGroups * CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs * CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs * CVE-2026-11235: Insufficient validation of untrusted input in Compositing * CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth * CVE-2026-11237: Insufficient validation of untrusted input in Media * CVE-2026-11238: Inappropriate implementation in DevTools * CVE-2026-11239: Insufficient validation of untrusted input in Extensions * CVE-2026-11240: Insufficient validation of untrusted input in Loader * CVE-2026-11241: Insufficient validation of untrusted input in Cast * CVE-2026-11242: Insufficient validation of untrusted input in Plugins * CVE-2026-11243: Incorrect security UI in Downloads * CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication * CVE-2026-11245: Inappropriate implementation in Payments * CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB * CVE-2026-11247: Insufficient policy enforcement in CustomTabs * CVE-2026-11248: Policy bypass in Google Lens * CVE-2026-11249: Use after free in Network * CVE-2026-11250: Inappropriate implementation in DevTools * CVE-2026-11251: Insufficient validation of untrusted input in Password Manager * CVE-2026-11252: Policy bypass in Content Settings * CVE-2026-11253: Race in Permissions * CVE-2026-11254: Inappropriateimplementation in Permissions * CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API * CVE-2026-11256: Out of bounds read in GPU * CVE-2026-11257: Inappropriate implementation in Browser * CVE-2026-11258: Inappropriate implementation in File System Access * CVE-2026-11259: Insufficient validation of untrusted input in Cast * CVE-2026-11260: Policy bypass in Permissions * CVE-2026-11261: Insufficient validation of untrusted input in PDF * CVE-2026-11262: Use after free in TabStrip * CVE-2026-11263: Insufficient policy enforcement in WebAuthentication * CVE-2026-11264: Policy bypass in Content Security Policy * CVE-2026-11265: Insufficient data validation in Autofill * CVE-2026-11266: Policy bypass in SafeBrowsing * CVE-2026-11267: Insufficient policy enforcement in Extensions * CVE-2026-11268: Uninitialized Use in ANGLE * CVE-2026-11269: Inappropriate implementation in Extensions * CVE-2026-11270: Inappropriate implementation in UI * CVE-2026-11271: Incorrect security UI in Passwords * CVE-2026-11272: Insufficient validation of untrusted input in Reading List * CVE-2026-11273: Insufficient validation of untrusted input in Omnibox * CVE-2026-11274: Inappropriate implementation in DOM Distiller * CVE-2026-11275: Insufficient policy enforcement in Page Info * CVE-2026-11276: Inappropriate implementation in Cast * CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11278: Inappropriate implementation in CustomTabs * CVE-2026-11279: Out of bounds read in DevTools * CVE-2026-11280: Insufficient validation of untrusted input in Signin * CVE-2026-11281: Integer overflow in Chromoting * CVE-2026-11282: Policy bypass in Sandbox * CVE-2026-11283: Policy bypass in Shortcuts * CVE-2026-11284: Side-channel information leakage in PerformanceAPIs * CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11286: Insufficient validation of untrusted input inWallet * CVE-2026-11287: Insufficient validation of untrusted input in Navigation * CVE-2026-11288: Policy bypass in CSS * CVE-2026-11289: Side-channel information leakage in Paint * CVE-2026-11290: Integer overflow in WebView * CVE-2026-11291: Policy bypass in Android Autofill * CVE-2026-11292: Policy bypass in Blink * CVE-2026-11293: Use after free in Input * CVE-2026-11294: Inappropriate implementation in Passwords * CVE-2026-11295: Inappropriate implementation in WebView * CVE-2026-11296: Inappropriate implementation in ImageCapture * CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode * CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11299: Out of bounds read in Fonts * CVE-2026-11300: Inappropriate implementation in Permissions * CVE-2026-11301: Out of bounds read in LiveCaption * CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS * CVE-2026-11303: Use after free in PDFium * CVE-2026-11304: Use after free in PDFium * CVE-2026-11305: Use after free in PDFium * CVE-2026-11306: Use after free in PDFium * CVE-2026-11307: Use after free in PDFium * CVE-2026-11308: Inappropriate implementation in Extensions * CVE-2026-11309: Insufficient policy enforcement in History -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-15e444c3bb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Chromium update for Fedora 44 fixes 429 security issues, enhancing browser security with critical updates.. Fedora 44, Chromium, browser security, update instructions, CVE fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 07, 2026 Critical Fedora
89

Fedora 42 Chromium Critical Heap Buffer Overflow Advisories 2026-3675ac2066

Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3675ac2066 2026-04-23 00:55:31.005427+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 147.0.7727.101 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender Critical CVE-2026-6358: Use after free in XR High CVE-2026-6359: Use after free in Video High CVE-2026-6300: Use after free in CSS High CVE-2026-6301: Type Confusion in Turbofan High CVE-2026-6302: Use after free in Video High CVE-2026-6303: Use after free in Codecs High CVE-2026-6304: Use after free in Graphite High CVE-2026-6305: Heap buffer overflow in PDFium High CVE-2026-6306: Heap buffer overflow in PDFium High CVE-2026-6307: Type Confusion in Turbofan High CVE-2026-6308: Out of bounds read in Media High CVE-2026-6309: Use after free in Viz High CVE-2026-6360: Use after free in FileSystem High CVE-2026-6310: Use after free in Dawn High CVE-2026-6311: Uninitialized Use in Accessibility High CVE-2026-6312: Insufficient policy enforcement in Passwords High CVE-2026-6313: Insufficient policy enforcement in CORS High CVE-2026-6314: Out of bounds write in GPU HighCVE-2026-6315: Use after free in Permissions High CVE-2026-6316: Use after free in Forms High CVE-2026-6361: Heap buffer overflow in PDFium High CVE-2026-6362: Use after free in Codecs High CVE-2026-6317: Use after free in Cast Medium CVE-2026-6363: Type Confusion in V8 Medium CVE-2026-6318: Use after free in Codecs Medium CVE-2026-6319: Use after free in Payments Medium CVE-2026-6364: Out of bounds read in Skia Update to 147.0.7727.55 Critical CVE-2026-5858: Heap buffer overflow in WebML Critical CVE-2026-5859: Integer overflow in WebML High CVE-2026-5860: Use after free in WebRTC High CVE-2026-5861: Use after free in V8 High CVE-2026-5862: Inappropriate implementation in V8 High CVE-2026-5863: Inappropriate implementation in V8 High CVE-2026-5864: Heap buffer overflow in WebAudio High CVE-2026-5865: Type Confusion in V8 High CVE-2026-5866: Use after free in Media High CVE-2026-5867: Heap buffer overflow in WebML High CVE-2026-5868: Heap buffer overflow in ANGLE High CVE-2026-5869: Heap buffer overflow in WebML High CVE-2026-5870: Integer overflow in Skia High CVE-2026-5871: Type Confusion in V8 High CVE-2026-5872: Use after free in Blink High CVE-2026-5873: Out of bounds read and write in V8 Medium CVE-2026-5874: Use after free in PrivateAI Medium CVE-2026-5875: Policy bypass in Blink Medium CVE-2026-5876: Side-channel information leakage in Navigation Medium CVE-2026-5877: Use after free in Navigation Medium CVE-2026-5878: Incorrect security UI in Blink Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE Medium CVE-2026-5880: Incorrect security UI in browser UI Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess Medium CVE-2026-5882: Incorrect security UI in Fullscreen Medium CVE-2026-5883: Use after free in Media Medium CVE-2026-5884: Insufficient validation of untrusted input in Media Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML Medium CVE-2026-5886: Out of bounds read in WebAudio Medium CVE-2026-5887:Insufficient validation of untrusted input in Downloads Medium CVE-2026-5888: Uninitialized Use in WebCodecs Medium CVE-2026-5889: Cryptographic Flaw in PDFium Medium CVE-2026-5890: Race in WebCodecs Medium CVE-2026-5891: Insufficient policy enforcement in browser UI Medium CVE-2026-5892: Insufficient policy enforcement in PWAs Medium CVE-2026-5893: Race in V8 Low CVE-2026-5894: Inappropriate implementation in PDF Low CVE-2026-5895: Incorrect security UI in Omnibox Low CVE-2026-5896: Policy bypass in Audio Low CVE-2026-5897: Incorrect security UI in Downloads Low CVE-2026-5898: Incorrect security UI in Omnibox Low CVE-2026-5899: Incorrect security UI in History Navigation Low CVE-2026-5900: Policy bypass in Downloads Low CVE-2026-5901: Policy bypass in DevTools Low CVE-2026-5902: Race in Media Low CVE-2026-5903: Policy bypass in IFrameSandbox Low CVE-2026-5904: Use after free in V8 Low CVE-2026-5905: Incorrect security UI in Permissions Low CVE-2026-5906: Incorrect security UI in Omnibox Low CVE-2026-5907: Insufficient data validation in Media Low CVE-2026-5908: Integer overflow in Media Low CVE-2026-5909: Integer overflow in Media Low CVE-2026-5910: Integer overflow in Media Low CVE-2026-5911: Policy bypass in ServiceWorkers Low CVE-2026-5912: Integer overflow in WebRTC Low CVE-2026-5913: Out of bounds read in Blink Low CVE-2026-5914: Type Confusion in CSS Low CVE-2026-5915: Insufficient validation of untrusted input in WebML Low CVE-2026-5918: Inappropriate implementation in Navigation Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets Update to 146.0.7680.177 High CVE-2026-5273: Use after free in CSS High CVE-2026-5272: Heap buffer overflow in GPU High CVE-2026-5274: Integer overflow in Codecs High CVE-2026-5275: Heap buffer overflow in ANGLE High CVE-2026-5276: Insufficient policy enforcement in WebUSB High CVE-2026-5277: Integer overflow in ANGLE High CVE-2026-5278: Use after free in Web MIDI High CVE-2026-5279: Object corruption in V8 HighCVE-2026-5280: Use after free in WebCodecs High CVE-2026-5281: Use after free in Dawn High CVE-2026-5282: Out of bounds read in WebCodecs High CVE-2026-5283: Inappropriate implementation in ANGLE High CVE-2026-5284: Use after free in Dawn High CVE-2026-5285: Use after free in WebGL High CVE-2026-5286: Use after free in Dawn High CVE-2026-5287: Use after free in PDF High CVE-2026-5288: Use after free in WebView High CVE-2026-5289: Use after free in Navigation High CVE-2026-5290: Use after free in Compositing Medium CVE-2026-5291: Inappropriate implementation in WebGL Medium CVE-2026-5292: Out of bounds read in WebCodecs -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2026 Than Ngo - 147.0.7727.101-1 - Update to 147.0.7727.101 * Critical CVE-2026-6296: Heap buffer overflow in ANGLE * Critical CVE-2026-6297: Use after free in Proxy * Critical CVE-2026-6298: Heap buffer overflow in Skia * Critical CVE-2026-6299: Use after free in Prerender * Critical CVE-2026-6358: Use after free in XR * High CVE-2026-6359: Use after free in Video * High CVE-2026-6300: Use after free in CSS * High CVE-2026-6301: Type Confusion in Turbofan * High CVE-2026-6302: Use after free in Video * High CVE-2026-6303: Use after free in Codecs * High CVE-2026-6304: Use after free in Graphite * High CVE-2026-6305: Heap buffer overflow in PDFium * High CVE-2026-6306: Heap buffer overflow in PDFium * High CVE-2026-6307: Type Confusion in Turbofan * High CVE-2026-6308: Out of bounds read in Media * High CVE-2026-6309: Use after free in Viz * High CVE-2026-6360: Use after free in FileSystem * High CVE-2026-6310: Use after free in Dawn * High CVE-2026-6311: Uninitialized Use in Accessibility * High CVE-2026-6312: Insufficient policy enforcement in Passwords * High CVE-2026-6313: Insufficient policy enforcement in CORS * High CVE-2026-6314: Out of bounds write in GPU * High CVE-2026-6315: Use after free inPermissions * High CVE-2026-6316: Use after free in Forms * High CVE-2026-6361: Heap buffer overflow in PDFium * High CVE-2026-6362: Use after free in Codecs * High CVE-2026-6317: Use after free in Cast * Medium CVE-2026-6363: Type Confusion in V8 * Medium CVE-2026-6318: Use after free in Codecs * Medium CVE-2026-6319: Use after free in Payments * Medium CVE-2026-6364: Out of bounds read in Skia * Thu Apr 9 2026 Than Ngo - 147.0.7727.55-1 - Update to 147.0.7727.55 * Critical CVE-2026-5858: Heap buffer overflow in WebML * Critical CVE-2026-5859: Integer overflow in WebML * High CVE-2026-5860: Use after free in WebRTC * High CVE-2026-5861: Use after free in V8 * High CVE-2026-5862: Inappropriate implementation in V8 * High CVE-2026-5863: Inappropriate implementation in V8 * High CVE-2026-5864: Heap buffer overflow in WebAudio * High CVE-2026-5865: Type Confusion in V8 * High CVE-2026-5866: Use after free in Media * High CVE-2026-5867: Heap buffer overflow in WebML * High CVE-2026-5868: Heap buffer overflow in ANGLE * High CVE-2026-5869: Heap buffer overflow in WebML * High CVE-2026-5870: Integer overflow in Skia * High CVE-2026-5871: Type Confusion in V8 * High CVE-2026-5872: Use after free in Blink * High CVE-2026-5873: Out of bounds read and write in V8 * Medium CVE-2026-5874: Use after free in PrivateAI * Medium CVE-2026-5875: Policy bypass in Blink * Medium CVE-2026-5876: Side-channel information leakage in Navigation * Medium CVE-2026-5877: Use after free in Navigation * Medium CVE-2026-5878: Incorrect security UI in Blink * Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE * Medium CVE-2026-5880: Incorrect security UI in browser UI * Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess * Medium CVE-2026-5882: Incorrect security UI in Fullscreen * Medium CVE-2026-5883: Use after free in Media * Medium CVE-2026-5884: Insufficient validation of untrusted input in Media *Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML * Medium CVE-2026-5886: Out of bounds read in WebAudio * Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads * Medium CVE-2026-5888: Uninitialized Use in WebCodecs * Medium CVE-2026-5889: Cryptographic Flaw in PDFium * Medium CVE-2026-5890: Race in WebCodecs * Medium CVE-2026-5891: Insufficient policy enforcement in browser UI * Medium CVE-2026-5892: Insufficient policy enforcement in PWAs * Medium CVE-2026-5893: Race in V8 * Low CVE-2026-5894: Inappropriate implementation in PDF * Low CVE-2026-5895: Incorrect security UI in Omnibox * Low CVE-2026-5896: Policy bypass in Audio * Low CVE-2026-5897: Incorrect security UI in Downloads * Low CVE-2026-5898: Incorrect security UI in Omnibox * Low CVE-2026-5899: Incorrect security UI in History Navigation * Low CVE-2026-5900: Policy bypass in Downloads * Low CVE-2026-5901: Policy bypass in DevTools * Low CVE-2026-5902: Race in Media * Low CVE-2026-5903: Policy bypass in IFrameSandbox * Low CVE-2026-5904: Use after free in V8 * Low CVE-2026-5905: Incorrect security UI in Permissions * Low CVE-2026-5906: Incorrect security UI in Omnibox * Low CVE-2026-5907: Insufficient data validation in Media * Low CVE-2026-5908: Integer overflow in Media * Low CVE-2026-5909: Integer overflow in Media * Low CVE-2026-5910: Integer overflow in Media * Low CVE-2026-5911: Policy bypass in ServiceWorkers * Low CVE-2026-5912: Integer overflow in WebRTC * Low CVE-2026-5913: Out of bounds read in Blink * Low CVE-2026-5914: Type Confusion in CSS * Low CVE-2026-5915: Insufficient validation of untrusted input in WebML * Low CVE-2026-5918: Inappropriate implementation in Navigation * Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets * Wed Apr 1 2026 Than Ngo - 146.0.7680.177-1 - Update to 146.0.7680.177 * High CVE-2026-5273: Use after free in CSS * High CVE-2026-5272:Heap buffer overflow in GPU * High CVE-2026-5274: Integer overflow in Codecs * High CVE-2026-5275: Heap buffer overflow in ANGLE * High CVE-2026-5276: Insufficient policy enforcement in WebUSB * High CVE-2026-5277: Integer overflow in ANGLE * High CVE-2026-5278: Use after free in Web MIDI * High CVE-2026-5279: Object corruption in V8 * High CVE-2026-5280: Use after free in WebCodecs * High CVE-2026-5281: Use after free in Dawn * High CVE-2026-5282: Out of bounds read in WebCodecs * High CVE-2026-5283: Inappropriate implementation in ANGLE * High CVE-2026-5284: Use after free in Dawn * High CVE-2026-5285: Use after free in WebGL * High CVE-2026-5286: Use after free in Dawn * High CVE-2026-5287: Use after free in PDF * High CVE-2026-5288: Use after free in WebView * High CVE-2026-5289: Use after free in Navigation * High CVE-2026-5290: Use after free in Compositing * Medium CVE-2026-5291: Inappropriate implementation in WebGL * Medium CVE-2026-5292: Out of bounds read in WebCodecs -------------------------------------------------------------------------------- References: [ 1 ] Bug #2457163 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457163 [ 2 ] Bug #2457164 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457164 [ 3 ] Bug #2458847 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458847 [ 4 ] Bug #2458848 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458848 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3675ac2066' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for Fedora 42 Chromium, addressing multiple heap overflow issues and ensuring safer browsing experience.. Fedora Security Updates, Chromium Buffer Overflow, Software Vulnerability Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 23, 2026 Critical Fedora
89

Fedora 42 Chromium High Heap Overflows and Risks 2026-cc466cfb57

Update to 146.0.7680.164 * High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cc466cfb57 2026-03-28 01:05:58.419931+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 146.0.7680.164 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 146.0.7680.164 * High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM Update to 146.0.7680.153 * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input inNavigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2026 Than Ngo - 146.0.7680.164-1 - Update to 146.0.7680.164 * High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM * Fri Mar 20 2026 Than Ngo - 146.0.7680.153-1 - Update to 146.0.7680.153 * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cc466cfb57' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . High-risk updates for Fedora 42 Chromium include heap overflow and others. Immediate action may be needed for system protection.. Fedora security, Chromium browser, heap overflow, software update, threat mitigation. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 28, 2026 Critical Fedora
202

openSUSE 2026 Security Update Important Chromium Heap Overflow Fix

An update that fixes 8 vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0096-1 Rating: important References: #1260376 Cross-References: CVE-2026-4673 CVE-2026-4674 CVE-2026-4675 CVE-2026-4676 CVE-2026-4677 CVE-2026-4678 CVE-2026-4679 CVE-2026-4680 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 146.0.7680.164 (boo#1260376) * CVE-2026-4673: Heap buffer overflow in WebAudio * CVE-2026-4674: Out of bounds read in CSS * CVE-2026-4675: Heap buffer overflow in WebGL * CVE-2026-4676: Use after free in Dawn * CVE-2026-4677: Out of bounds read in WebAudio * CVE-2026-4678: Use after free in WebGPU * CVE-2026-4679: Integer overflow in Fonts * CVE-2026-4680: Use after free in FedCM Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-96=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64): chromedriver-146.0.7680.164-bp156.2.254.1 chromium-146.0.7680.164-bp156.2.254.1 References: https://www.suse.com/security/cve/CVE-2026-4673.html https://www.suse.com/security/cve/CVE-2026-4674.html https://www.suse.com/security/cve/CVE-2026-4675.html https://www.suse.com/security/cve/CVE-2026-4676.html https://www.suse.com/security/cve/CVE-2026-4677.html https://www.suse.com/security/cve/CVE-2026-4678.html https://www.suse.com/security/cve/CVE-2026-4679.html https://www.suse.com/security/cve/CVE-2026-4680.html https://bugzilla.suse.com/1260376 . A security update for openSUSE addresses 8 important vulnerabilities in Chromium, including heap overflows and out-of-bounds reads.. openSUSE update, Chromium security, important patch, buffer overflow fix, security vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 26, 2026 Important OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200