Fedora alert FEDORA-2026-952f3c3d9e (chromium)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: chromium-147.0.7727.55-1.fc43 | |
| Date: | Tue, 14 Apr 2026 01:00:49 +0000 | |
| Message-ID: | <20260414010049.CBD347667E@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-952f3c3d9e 2026-04-14 00:58:48.183271+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 147.0.7727.55 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 147.0.7727.55 Critical CVE-2026-5858: Heap buffer overflow in WebML Critical CVE-2026-5859: Integer overflow in WebML High CVE-2026-5860: Use after free in WebRTC High CVE-2026-5861: Use after free in V8 High CVE-2026-5862: Inappropriate implementation in V8 High CVE-2026-5863: Inappropriate implementation in V8 High CVE-2026-5864: Heap buffer overflow in WebAudio High CVE-2026-5865: Type Confusion in V8 High CVE-2026-5866: Use after free in Media High CVE-2026-5867: Heap buffer overflow in WebML High CVE-2026-5868: Heap buffer overflow in ANGLE High CVE-2026-5869: Heap buffer overflow in WebML High CVE-2026-5870: Integer overflow in Skia High CVE-2026-5871: Type Confusion in V8 High CVE-2026-5872: Use after free in Blink High CVE-2026-5873: Out of bounds read and write in V8 Medium CVE-2026-5874: Use after free in PrivateAI Medium CVE-2026-5875: Policy bypass in Blink Medium CVE-2026-5876: Side-channel information leakage in Navigation Medium CVE-2026-5877: Use after free in Navigation Medium CVE-2026-5878: Incorrect security UI in Blink Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE Medium CVE-2026-5880: Incorrect security UI in browser UI Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess Medium CVE-2026-5882: Incorrect security UI in Fullscreen Medium CVE-2026-5883: Use after free in Media Medium CVE-2026-5884: Insufficient validation of untrusted input in Media Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML Medium CVE-2026-5886: Out of bounds read in WebAudio Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads Medium CVE-2026-5888: Uninitialized Use in WebCodecs Medium CVE-2026-5889: Cryptographic Flaw in PDFium Medium CVE-2026-5890: Race in WebCodecs Medium CVE-2026-5891: Insufficient policy enforcement in browser UI Medium CVE-2026-5892: Insufficient policy enforcement in PWAs Medium CVE-2026-5893: Race in V8 Low CVE-2026-5894: Inappropriate implementation in PDF Low CVE-2026-5895: Incorrect security UI in Omnibox Low CVE-2026-5896: Policy bypass in Audio Low CVE-2026-5897: Incorrect security UI in Downloads Low CVE-2026-5898: Incorrect security UI in Omnibox Low CVE-2026-5899: Incorrect security UI in History Navigation Low CVE-2026-5900: Policy bypass in Downloads Low CVE-2026-5901: Policy bypass in DevTools Low CVE-2026-5902: Race in Media Low CVE-2026-5903: Policy bypass in IFrameSandbox Low CVE-2026-5904: Use after free in V8 Low CVE-2026-5905: Incorrect security UI in Permissions Low CVE-2026-5906: Incorrect security UI in Omnibox Low CVE-2026-5907: Insufficient data validation in Media Low CVE-2026-5908: Integer overflow in Media Low CVE-2026-5909: Integer overflow in Media Low CVE-2026-5910: Integer overflow in Media Low CVE-2026-5911: Policy bypass in ServiceWorkers Low CVE-2026-5912: Integer overflow in WebRTC Low CVE-2026-5913: Out of bounds read in Blink Low CVE-2026-5914: Type Confusion in CSS Low CVE-2026-5915: Insufficient validation of untrusted input in WebML Low CVE-2026-5918: Inappropriate implementation in Navigation Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2026 Than Ngo <than@redhat.com> - 147.0.7727.55-1 - Update to 147.0.7727.55 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2457163 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457163 [ 2 ] Bug #2457164 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457164 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-952f3c3d9e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new