Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 648 articles for you...
89

Fedora 43 chromium Important Heap Buffer Overflow Vuln 2026-32e3e23696

Update to 150.0.7871.124 * CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-32e3e23696 2026-07-18 00:27:50.464608+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 150.0.7871.124 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 150.0.7871.124 * CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 15 2026 Than Ngo - 150.0.7871.124-1 - Update to 150.0.7871.124 * CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia *CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation - Backport patches to improve auto darkmode -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-32e3e23696' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical security advisory for Fedora involving multiple use after free issues and a heap overflow in Chromium.. Chromium security, Fedora updates,buffer overflow issues, Ozone vulnerabilities, web browser security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Critical Fedora
89

Fedora 43 Firefox Update 152.0.6 Advisory FEDORA-2026-365cce949c

New upstream release (152.0.6). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-365cce949c 2026-07-17 01:08:58.262282+00:00 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 43 Version : 152.0.6 Release : 1.fc43 URL : https://www.mozilla.org/firefox/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: New upstream release (152.0.6) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Martin Stransky - 152.0.6-1 - Updated to latest upstream (152.0.6) * Fri Jul 10 2026 Martin Stransky - 152.0.4-3 - Added rhbz#2458184 - Drop -fcf-protection flag * Tue Jul 7 2026 Martin Stransky - 152.0.4-2 - Remove Fedora 40/41 tweaks. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-365cce949c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Enhance your Fedora experience with the latest Firefox update version 152.0.6 offering new features and improvements.. Fedora Firefox update, software release notes, Mozilla Firefox upgrade, Fedora security advisory. . LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 Fedora
89

Fedora 44 Firefox Update 152.0.6 Advisory 2026-51c2920764

New upstream release (152.0.6). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-51c2920764 2026-07-16 01:19:18.912230+00:00 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 44 Version : 152.0.6 Release : 1.fc44 URL : https://www.mozilla.org/firefox/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: New upstream release (152.0.6) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Martin Stransky - 152.0.6-1 - Updated to latest upstream (152.0.6) * Fri Jul 10 2026 Martin Stransky - 152.0.4-3 - Added rhbz#2458184 - Drop -fcf-protection flag * Tue Jul 7 2026 Martin Stransky - 152.0.4-2 - Remove Fedora 40/41 tweaks. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-51c2920764' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Mozilla Firefox 152.0.6 update brings performance improvements and compliance features in Fedora 44.. Fedora updates, Firefox security, open source browser, web browser update, Fedora advisory. . LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 Fedora
89

Fedora 43 Firefox Update Advisory FEDORA-2026-410580270b

Updated to latest upstream (152.0.4) Update to latest upstream version. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-410580270b 2026-07-08 01:09:58.800755+00:00 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 43 Version : 152.0.4 Release : 1.fc43 URL : https://www.mozilla.org/firefox/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: Updated to latest upstream (152.0.4) Update to latest upstream version -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 6 2026 Martin Stransky - 152.0.4-1 - Update to latest upstream (152.0.4) * Thu Jun 25 2026 Jan Horak - 152.0.2-1 - Update to latest upstream (152.0.2) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-410580270b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Get the latest Fedora update for Firefox 152.0.4, enhancing performance and compliance for your browsing needs.. Firefox Update Fedora Mozilla Browsing. . LinuxSecurity.com Team

Calendar%202 Jul 07, 2026 Fedora
89

Fedora 44 Chromium Important Use After Free Issues Adv 2026-94bb57e96c

chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-94bb57e96c 2026-07-05 01:07:02.694289+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 150.0.7871.46 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Than Ngo - 150.0.7871.46-1 - Update to 150.0.7871.46 * CVE-2026-13774: Use after free in Extensions * CVE-2026-13775: Use after free in GPU * CVE-2026-13776: Type Confusion in Dawn * CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb * CVE-2026-13778: Use after free in WebUSB * CVE-2026-13779: Use after free in Chromoting * CVE-2026-13780: Insufficient validation of untrusted input in ANGLE * CVE-2026-13781: Insufficient validation of untrusted input in Skia * CVE-2026-13782: Use after free in Browser * CVE-2026-13783: Use after free in Views * CVE-2026-13784: Use after free in Views * CVE-2026-13785: Use after free in Bluetooth * CVE-2026-13786: Use after free in Ozone * CVE-2026-13787: Use after free in Chromoting * CVE-2026-13788: Use after free in Fullscreen * CVE-2026-13789: Use after free in GPU * CVE-2026-13790: Side-channel information leakage in Scroll * CVE-2026-13791: Insufficient validation of untrusted input in Downloads * CVE-2026-13792: Useafter free in Touchbar * CVE-2026-13793: Insufficient policy enforcement in SVG * CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS * CVE-2026-13796: Integer overflow in Chromecast * CVE-2026-13797: Insufficient validation of untrusted input in Chromecast * CVE-2026-13798: Heap buffer overflow in Chromecast * CVE-2026-13799: Use after free in QUIC * CVE-2026-13800: Inappropriate implementation in Updater * CVE-2026-13801: Integer overflow in Chromecast * CVE-2026-13802: Use after free in Views * CVE-2026-13803: Type Confusion in Chrome Tabs * CVE-2026-13804: Use after free in Chromecast * CVE-2026-13805: Use after free in GFX * CVE-2026-13806: Insufficient validation of untrusted input in Accessibility * CVE-2026-13807: Use after free in Import * CVE-2026-13808: Insufficient data validation in Chrome for iOS * CVE-2026-13809: Side-channel information leakage in Safe Browsing * CVE-2026-13810: Inappropriate implementation in Input * CVE-2026-13811: Use after free in IME * CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13814: Use after free in Views * CVE-2026-13815: Use after free in Blink * CVE-2026-13816: Insufficient validation of untrusted input in File Input * CVE-2026-13817: Insufficient validation of untrusted input in Glic * CVE-2026-13818: Inappropriate implementation in Passwords * CVE-2026-13819: Out of bounds read in ANGLE * CVE-2026-13820: Out of bounds read in Skia * CVE-2026-13821: Use after free in Canvas * CVE-2026-13822: Inappropriate implementation in Extensions * CVE-2026-13823: Use after free in Glic * CVE-2026-13824: Insufficient validation of untrusted input in Extensions * CVE-2026-13825: Uninitialized Use in Dawn * CVE-2026-13826: Inappropriate implementation in Autofill *CVE-2026-13827: Use after free in Updater * CVE-2026-13828: Inappropriate implementation in Enterprise * CVE-2026-13829: Insufficient validation of untrusted input in Settings * CVE-2026-13830: Use after free in Chromoting * CVE-2026-13831: Use after free in GPU * CVE-2026-13832: Use after free in Headless * CVE-2026-13833: Uninitialized Use in ANGLE * CVE-2026-13834: Insufficient validation of untrusted input in ANGLE * CVE-2026-13835: Inappropriate implementation in XML * CVE-2026-13836: Inappropriate implementation in CSS * CVE-2026-13837: Inappropriate implementation in CSS * CVE-2026-13838: Inappropriate implementation in CSS * CVE-2026-13839: Inappropriate implementation in CSS * CVE-2026-13840: Insufficient policy enforcement in Canvas * CVE-2026-13841: Integer overflow in Skia * CVE-2026-13842: Incorrect security UI in Chrome for iOS * CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13844: Use after free in Updater * CVE-2026-13845: Use after free in DOM * CVE-2026-13846: Use after free in USB * CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13848: Use after free in Forms * CVE-2026-13849: Insufficient validation of untrusted input in Chromoting * CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13853: Use after free in Journeys * CVE-2026-13854: Use after free in Ozone * CVE-2026-13855: Use after free in Ozone * CVE-2026-13856: Insufficient validation of untrusted input in Speech * CVE-2026-13857: Inappropriate implementation in Geometry * CVE-2026-13858: Out of bounds read in FFmpeg * CVE-2026-13859: Inappropriate implementation in ANGLE * CVE-2026-13860: Incorrect security UI in Autofill * CVE-2026-13861: Use after free inCore * CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) * CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs * CVE-2026-13864: Insufficient policy enforcement in WebHID * CVE-2026-13865: Insufficient validation of untrusted input in Enterprise * CVE-2026-13866: Insufficient validation of untrusted input in Input * CVE-2026-13867: Inappropriate implementation in Geolocation * CVE-2026-13868: Inappropriate implementation in Network * CVE-2026-13869: Use after free in Device * CVE-2026-13870: Use after free in WebView * CVE-2026-13871: Insufficient data validation in GuestView * CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13873: Out of bounds memory access in Layout * CVE-2026-13874: Inappropriate implementation in DataTransfer * CVE-2026-13875: Insufficient validation of untrusted input in GPU * CVE-2026-13876: Inappropriate implementation in Network * CVE-2026-13877: Insufficient validation of untrusted input in ANGLE * CVE-2026-13878: Use after free in Bluetooth * CVE-2026-13879: Use after free in Bluetooth * CVE-2026-13880: Use after free in USB * CVE-2026-13881: Insufficient data validation in WebAppInstalls * CVE-2026-13882: Inappropriate implementation in USB * CVE-2026-13883: Type Confusion in ANGLE * CVE-2026-13884: Heap buffer overflow in Chromecast * CVE-2026-13885: Use after free in Skia * CVE-2026-13886: Policy bypass in Isolated Web Apps * CVE-2026-13887: Insufficient policy enforcement in NFC * CVE-2026-13888: Use after free in Extensions * CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication * CVE-2026-13890: Out of bounds read in Chromecast * CVE-2026-13891: Insufficient validation of untrusted input in Extensions * CVE-2026-13892: Inappropriate implementation in Chrome for iOS * CVE-2026-13893: Insufficient validation of untrusted input in WebUI *CVE-2026-13894: Insufficient policy enforcement in Network * CVE-2026-13895: Inappropriate implementation in Autofill * CVE-2026-13896: Insufficient policy enforcement in Glic * CVE-2026-13897: Insufficient policy enforcement in Chromecast * CVE-2026-13898: Use after free in Cast Receiver * CVE-2026-13899: Use after free in HTML * CVE-2026-13900: Insufficient validation of untrusted input in Chromecast * CVE-2026-13901: Insufficient validation of untrusted input in Serial * CVE-2026-13902: Inappropriate implementation in Chrome for iOS * CVE-2026-13903: Insufficient policy enforcement in Bluetooth * CVE-2026-13904: Incorrect security UI in Safe Browsing * CVE-2026-13905: Incorrect security UI in Chrome for iOS * CVE-2026-13906: Out of bounds read in Codecs * CVE-2026-13907: Inappropriate implementation in iOSWeb * CVE-2026-13908: Insufficient validation of untrusted input in Omnibox * CVE-2026-13909: Insufficient policy enforcement in DevTools * CVE-2026-13910: Insufficient policy enforcement in WebXR * CVE-2026-13911: Insufficient data validation in Spellcheck * CVE-2026-13912: Incorrect security UI in Safe Browsing * CVE-2026-13913: Insufficient policy enforcement in Autofill * CVE-2026-13914: Inappropriate implementation in Passwords * CVE-2026-13915: Use after free in Chrome for iOS * CVE-2026-13916: Inappropriate implementation in Chrome for iOS * CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13918: Use after free in Chrome for iOS * CVE-2026-13919: Insufficient data validation in Extensions * CVE-2026-13920: Insufficient validation of untrusted input in Media * CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials * CVE-2026-13922: Side-channel information leakage in Paint * CVE-2026-13923: Uninitialized Use in GPU * CVE-2026-13924: Insufficient validation of untrusted input in WebView * CVE-2026-13925: Inappropriate implementation inDownloads * CVE-2026-13926: Insufficient validation of untrusted input in Network * CVE-2026-13927: Insufficient validation of untrusted input in UI * CVE-2026-13928: Insufficient validation of untrusted input in Enterprise * CVE-2026-13929: Insufficient validation of untrusted input in DevTools * CVE-2026-13930: Insufficient policy enforcement in Actor * CVE-2026-13931: Inappropriate implementation in Media * CVE-2026-13932: Inappropriate implementation in Sharing * CVE-2026-13933: Insufficient policy enforcement in Passwords * CVE-2026-13934: Insufficient validation of untrusted input in Dawn * CVE-2026-13935: Side-channel information leakage in ComputePressure * CVE-2026-13936: Inappropriate implementation in Passwords * CVE-2026-13937: Insufficient policy enforcement in Passwords * CVE-2026-13938: Integer overflow in Fonts * CVE-2026-13939: Insufficient validation of untrusted input in WebShare * CVE-2026-13940: Uninitialized Use in Cast * CVE-2026-13941: Inappropriate implementation in SiteSettings * CVE-2026-13942: Insufficient validation of untrusted input in Video Capture * CVE-2026-13943: Uninitialized Use in CSS * CVE-2026-13944: Inappropriate implementation in DataTransfer * CVE-2026-13945: Insufficient policy enforcement in Extensions * CVE-2026-13946: Inappropriate implementation in ScriptInjections * CVE-2026-13947: Uninitialized Use in XR * CVE-2026-13948: Insufficient policy enforcement in Extensions * CVE-2026-13949: Insufficient policy enforcement in Payments * CVE-2026-13950: Uninitialized Use in GPU * CVE-2026-13951: Policy bypass in USB * CVE-2026-13952: Inappropriate implementation in PerformanceAPIs * CVE-2026-13953: Inappropriate implementation in SplitView * CVE-2026-13954: Insufficient policy enforcement in XML * CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs * CVE-2026-13956: Incorrect security UI in PageInfo * CVE-2026-13957: Incorrect security UI in Extensions * CVE-2026-13958: Uninitialized Use in Codecs * CVE-2026-13959: Insufficient validation of untrusted input in Blink * CVE-2026-13960: Inappropriate implementation in Passwords * CVE-2026-13961: Insufficient validation of untrusted input in DevTools * CVE-2026-13962: Insufficient data validation in PDF * CVE-2026-13963: Inappropriate implementation in DevTools * CVE-2026-13964: Insufficient policy enforcement in WebView * CVE-2026-13965: Use after free in Oilpan * CVE-2026-13966: Inappropriate implementation in History * CVE-2026-13967: Type Confusion in V8 * CVE-2026-13968: Insufficient validation of untrusted input in DevTools * CVE-2026-13969: Uninitialized Use in UI * CVE-2026-13970: Uninitialized Use in Media * CVE-2026-13971: Uninitialized Use in Skia * CVE-2026-13972: Inappropriate implementation in Paint * CVE-2026-13973: Inappropriate implementation in UI * CVE-2026-13974: Integer overflow in Safe Browsing * CVE-2026-13975: Out of bounds read in ANGLE * CVE-2026-13976: Heap buffer overflow in Storage * CVE-2026-13977: Inappropriate implementation in HTMLParser * CVE-2026-13978: Insufficient policy enforcement in PageInfo * CVE-2026-13979: Inappropriate implementation in Paint * CVE-2026-13980: Incorrect security UI in Chrome for iOS * CVE-2026-13981: Inappropriate implementation in Chrome for iOS * CVE-2026-13982: Incorrect security UI in Passwords * CVE-2026-13983: Incorrect security UI in Chrome for iOS * CVE-2026-13984: Incorrect security UI in TabStrip * CVE-2026-13985: Inappropriate implementation in MediaCapture * CVE-2026-13986: Inappropriate implementation in Media UI * CVE-2026-13987: Incorrect security UI in Mobile * CVE-2026-13988: Inappropriate implementation in Paint * CVE-2026-13989: Insufficient policy enforcement in PageInfo * CVE-2026-13990: Insufficient validation of untrusted input in DataTransfer * CVE-2026-13991: Insufficient validation of untrusted input in Chrome for iOS *CVE-2026-13992: Inappropriate implementation in UI * CVE-2026-13993: Incorrect security UI in WebAppInstalls * CVE-2026-13994: Inappropriate implementation in Credential Management * CVE-2026-13995: Insufficient validation of untrusted input in Autofill * CVE-2026-13996: Incorrect security UI in Permissions * CVE-2026-13997: Incorrect security UI in Extensions * CVE-2026-13998: Incorrect security UI in File Input * CVE-2026-13999: Inappropriate implementation in Extensions * CVE-2026-14000: Inappropriate implementation in XML * CVE-2026-14001: Inappropriate implementation in Network * CVE-2026-14002: Inappropriate implementation in Geolocation * CVE-2026-14003: Insufficient policy enforcement in Extensions * CVE-2026-14004: Inappropriate implementation in CSS * CVE-2026-14005: Use after free in Omnibox * CVE-2026-14006: Use after free in Navigation * CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy * CVE-2026-14008: Uninitialized Use in WebXR * CVE-2026-14009: Insufficient data validation in Passwords * CVE-2026-14010: Uninitialized Use in Codecs * CVE-2026-14011: Out of bounds read in SurfaceCapture * CVE-2026-14012: Side-channel information leakage in CSS * CVE-2026-14013: Inappropriate implementation in SVG * CVE-2026-14014: Inappropriate implementation in Paint * CVE-2026-14015: Inappropriate implementation in WebRTC * CVE-2026-14016: Insufficient policy enforcement in SVG * CVE-2026-14017: Inappropriate implementation in Navigation * CVE-2026-14018: Use after free in Updater * CVE-2026-14019: Inappropriate implementation in Passwords * CVE-2026-14020: Insufficient validation of untrusted input in WebXR * CVE-2026-14021: Insufficient validation of untrusted input in StorageAccessAPI * CVE-2026-14022: Insufficient validation of untrusted input in Network * CVE-2026-14023: Insufficient validation of untrusted input in SanitizerAPI * CVE-2026-14024: Use after free in Ozone * CVE-2026-14025: Useafter free in Views * CVE-2026-14026: Incorrect security UI in SplitView * CVE-2026-14027: Use after free in SignIn * CVE-2026-14028: Incorrect security UI in Chrome for iOS * CVE-2026-14030: Incorrect security UI in SplitView * CVE-2026-14031: Incorrect security UI in File Input * CVE-2026-14032: Use after free in Bluetooth * CVE-2026-14033: Insufficient policy enforcement in Media * CVE-2026-14034: Inappropriate implementation in WebXR * CVE-2026-14035: Insufficient policy enforcement in Bluetooth * CVE-2026-14036: Insufficient policy enforcement in Bluetooth * CVE-2026-14037: Insufficient policy enforcement in GPU * CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page * CVE-2026-14039: Insufficient policy enforcement in GetUserMedia * CVE-2026-14040: Use after free in BrowserTag * CVE-2026-14041: Insufficient policy enforcement in Serial * CVE-2026-14042: Inappropriate implementation in Isolated Web Apps * CVE-2026-14043: Use after free in GetUserMedia * CVE-2026-14044: Use after free in ANGLE * CVE-2026-14045: Insufficient validation of untrusted input in Network * CVE-2026-14046: Inappropriate implementation in CustomTabs * CVE-2026-14047: Insufficient policy enforcement in Extensions * CVE-2026-14048: Use after free in Chromecast * CVE-2026-14049: Inappropriate implementation in GPU * CVE-2026-14050: Insufficient policy enforcement in Passwords * CVE-2026-14051: Uninitialized Use in GamepadAPI * CVE-2026-14052: Insufficient policy enforcement in FileSystem * CVE-2026-14053: Insufficient policy enforcement in Extensions * CVE-2026-14054: Insufficient policy enforcement in Network * CVE-2026-14055: Insufficient validation of untrusted input in Device Trust * CVE-2026-14056: Insufficient validation of untrusted input in Media * CVE-2026-14057: Insufficient policy enforcement in FedCM * CVE-2026-14058: Policy bypass in Parser * CVE-2026-14059: Insufficient policy enforcement inRelated-Website-Sets * CVE-2026-14060: Insufficient validation of untrusted input in Chromoting * CVE-2026-14061: Inappropriate implementation in Dawn * CVE-2026-14062: Inappropriate implementation in Views * CVE-2026-14063: Out of bounds memory access in Chromecast * CVE-2026-14064: Use after free in PageInfo * CVE-2026-14065: Insufficient validation of untrusted input in PageInfo * CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-14067: Use after free in Chrome for iOS * CVE-2026-14068: Inappropriate implementation in Omnibox * CVE-2026-14069: Integer overflow in WebNN * CVE-2026-14070: Uninitialized Use in WebNN * CVE-2026-14071: Side-channel information leakage in WebAudio * CVE-2026-14072: Incorrect security UI in SplitView * CVE-2026-14073: Insufficient policy enforcement in WebXR * CVE-2026-14074: Side-channel information leakage in WebAuthentication * CVE-2026-14075: Policy bypass in Chrome for iOS * CVE-2026-14076: Policy bypass in Network * CVE-2026-14077: Incorrect security UI in Select * CVE-2026-14078: Policy bypass in WebRTC * CVE-2026-14079: Policy bypass in Network * CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher * CVE-2026-14081: Insufficient policy enforcement in DevTools * CVE-2026-14082: Race in Storage * CVE-2026-14083: Insufficient validation of untrusted input in HTML * CVE-2026-14084: Insufficient validation of untrusted input in Chromoting * CVE-2026-14085: Side-channel information leakage in CSS * CVE-2026-14086: Insufficient policy enforcement in HID * CVE-2026-14087: Insufficient validation of untrusted input in WebNN * CVE-2026-14088: Uninitialized Use in Canvas * CVE-2026-14089: Insufficient validation of untrusted input in PopupBlocker * CVE-2026-14090: Out of bounds read in CameraCapture * CVE-2026-14091: Use after free in DevTools * CVE-2026-14092: Insufficient policy enforcement in Privacy * CVE-2026-14093: Useafter free in Cast * CVE-2026-14094: Use after free in Installer * CVE-2026-14095: Insufficient validation of untrusted input in Browser * CVE-2026-14096: Object lifecycle issue in Input * CVE-2026-14097: Inappropriate implementation in WebAppInstalls * CVE-2026-14098: Inappropriate implementation in CSS * CVE-2026-14099: Use after free in Chrome for iOS * CVE-2026-14100: Insufficient data validation in NetworkCache * CVE-2026-14101: Insufficient policy enforcement in Sandbox * CVE-2026-14102: Use after free in Passwords * CVE-2026-14103: Use after free in SSL * CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-14105: Insufficient policy enforcement in Speech * CVE-2026-14106: Insufficient validation of untrusted input in Text * CVE-2026-14107: Use after free in Scheduling * CVE-2026-14108: Use after free in PDFium * CVE-2026-14109: Insufficient policy enforcement in Mojo * CVE-2026-14110: Inappropriate implementation in DarkMode * CVE-2026-14111: Use after free in WebProtect * CVE-2026-14112: Inappropriate implementation in Enterprise * CVE-2026-14113: Use after free in Updater * CVE-2026-14114: Inappropriate implementation in WebAppInstalls * CVE-2026-14115: Insufficient validation of untrusted input in Cast * CVE-2026-14116: Insufficient validation of untrusted input in DevTools * CVE-2026-14117: Insufficient validation of untrusted input in DevTools * CVE-2026-14118: Insufficient data validation in DevTools * CVE-2026-14119: Type Confusion in Bluetooth * CVE-2026-14120: Inappropriate implementation in DevTools * CVE-2026-14121: Use after free in Chromoting * CVE-2026-14122: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-14123: Incorrect security UI in Chrome for iOS * CVE-2026-14124: Inappropriate implementation in CredentialProvider * CVE-2026-14125: Uninitialized Use in ANGLE * CVE-2026-14126: Incorrect security UI in UI * CVE-2026-14127:Inappropriate implementation in Printing * CVE-2026-14128: Insufficient data validation in Chrome for iOS * CVE-2026-14129: Incorrect security UI in PreviewTab * CVE-2026-14130: Incorrect security UI in Omnibox * CVE-2026-14131: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-14132: Inappropriate implementation in WebXR * CVE-2026-14133: Race in History Embeddings * CVE-2026-14134: Inappropriate implementation in Autofill * CVE-2026-14135: Insufficient validation of untrusted input in Network * CVE-2026-14136: Incorrect security UI in Chrome for iOS * CVE-2026-14137: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-14138: Inappropriate implementation in WebAppInstalls * CVE-2026-14139: Inappropriate implementation in TabStrip * CVE-2026-14140: Insufficient validation of untrusted input in Input * CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture * CVE-2026-14142: Inappropriate implementation in Extensions * CVE-2026-14143: Incorrect security UI in Passwords * CVE-2026-14144: Incorrect security UI in Views * CVE-2026-14145: Inappropriate implementation in CSS * CVE-2026-14146: Inappropriate implementation in CSS * CVE-2026-14147: Inappropriate implementation in CSS * CVE-2026-14148: Type Confusion in CSS * CVE-2026-14149: Use after free in Audio * CVE-2026-14150: Insufficient validation of untrusted input in Speech * CVE-2026-14151: Inappropriate implementation in AI * CVE-2026-14152: Out of bounds write in ANGLE * CVE-2026-14153: Inappropriate implementation in Glic * CVE-2026-14154: Inappropriate implementation in DevTools * CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI * CVE-2026-14156: Policy bypass in StorageAccessAPI - Remove Darkmode patches, which are already included in v150 - Refresh patches for v150 - Fix FTBFS with system ffmpeg - Backport upstream patches to fixFTBFS -------------------------------------------------------------------------------- References: [ 1 ] Bug #2495844 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495844 [ 2 ] Bug #2495845 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495845 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-94bb57e96c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Chromium update in Fedora 44 fixes 433 issues including critical flaws enhancing browser security.. Fedora Chromium Update, Web Browser Security, Software Vulnerabilities, Security Patch, Remote Code Execution. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 04, 2026 Important Fedora
89

Fedora 43 Chromium Important Use After Free Issues CVE-2026-13281

Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7f29bc3622 2026-07-01 01:21:48.846202+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 149.0.7827.200 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 26 2026 Than Ngo - 149.0.7827.200-1 - Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in AdFilter -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7f29bc3622' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora 43 Chromium addresses critical integer overflow and use after free issues to enhance browser security.. Fedora Update, Chromium Browser, Linux Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Critical Fedora
219

Rocky Linux 8 Lynx Moderate HTTP Auth Disclosure RLSA-2022-2129

Moderate: lynx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2022:2129", "synopsis": "Moderate: lynx security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for lynx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags.\n\nSecurity Fix(es):\n\n* lynx: Disclosure of HTTP authentication credentials via SNI data (CVE-2021-38165)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "1994998", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1994998", "description": ""}], "cves": [{"name": "CVE-2021-38165", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38165", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-522"}], "references": [], "publishedAt": "2026-06-28T00:01:40.098233Z", "rpms": {"Rocky Linux 8": {"nvras": ["lynx-debuginfo-0:2.8.9-4.el8.aarch64.rpm", "lynx-0:2.8.9-4.el8.aarch64.rpm", "lynx-0:2.8.9-4.el8.src.rpm", "lynx-0:2.8.9-4.el8.x86_64.rpm", "lynx-debuginfo-0:2.8.9-4.el8.x86_64.rpm", "lynx-debugsource-0:2.8.9-4.el8.aarch64.rpm", "lynx-debugsource-0:2.8.9-4.el8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Lynx security update for Rocky Linux addresses moderate risks, including HTTP credential exposure. Read more.. Rocky Linux Lynx Update CredentialExposure Web Browser. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 28, 2026 moderate Rocky Linux
89

Fedora 43 Chromium Critical Use After Free Issues Vulnern 2026-ddd87cb1db

chromium-149.0.7827.196 security release * CVE-2026-13028: Use after free in WebGL * CVE-2026-13032: Use after free in WebGL * CVE-2026-13033: Out of bounds read in Blink> InterestGroups * CVE-2026-13038: Use after free in Autofill. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ddd87cb1db 2026-06-28 01:07:37.246098+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 149.0.7827.196 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: chromium-149.0.7827.196 security release * CVE-2026-13028: Use after free in WebGL * CVE-2026-13032: Use after free in WebGL * CVE-2026-13033: Out of bounds read in Blink> InterestGroups * CVE-2026-13038: Use after free in Autofill * CVE-2026-13021: Inappropriate implementation in DeviceBoundSessionCredentials * CVE-2026-13022: Inappropriate implementation in Autofill * CVE-2026-13023: Uninitialized Use in GPU * CVE-2026-13024: Insufficient validation of untrusted input in Navigation * CVE-2026-13025: Insufficient validation of untrusted input in DevTools * CVE-2026-13026: Use after free in Digital Credentials * CVE-2026-13027: Use after free in FileSystem * CVE-2026-13029: Use after free in Web Authentication * CVE-2026-13030: Uninitialized Use in GPU * CVE-2026-13031: Use after free in Blink * CVE-2026-13034: Inappropriate implementation in Passwords * CVE-2026-13035: Use after free in Bluetooth * CVE-2026-13036: Use after free in Blink * CVE-2026-13037: Use after free inWebView -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 24 2026 Than Ngo - 149.0.7827.196-1 - Update to 149.0.7827.196 - Upstream patch, Make dark mode apply filter to images irrespective of layout zoom -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ddd87cb1db' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Chromium 149.0.7827.196 release addresses critical use-after-free issues and more in Fedora 43. Update recommended.. Chromium Security, Fedora Browser Update, Use After Free Issues, Security Release Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 27, 2026 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200