Fedora alert FEDORA-2026-36fb406407 (chromium)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 42 Update: chromium-147.0.7727.137-1.fc42 | |
| Date: | Mon, 04 May 2026 01:07:13 +0000 | |
| Message-ID: | <20260504010713.A8DD2796A0@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-36fb406407 2026-05-04 01:07:05.793304+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 147.0.7727.137 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: The updates include fixes for: Critical CVE-2026-7363: Use after free in Canvas Critical CVE-2026-7361: Use after free in iOS Critical CVE-2026-7344: Use after free in Accessibility Critical CVE-2026-7343: Use after free in Views High CVE-2026-7333: Use after free in GPU High CVE-2026-7360: Insufficient validation of untrusted input in Compositing High CVE-2026-7359: Use after free in ANGLE High CVE-2026-7358: Use after free in Animation High CVE-2026-7334: Use after free in Views High CVE-2026-7357: Use after free in GPU High CVE-2026-7356: Use after free in Navigation High CVE-2026-7354: Out of bounds read and write in Angle High CVE-2026-7353: Heap buffer overflow in Skia High CVE-2026-7352: Use after free in Media High CVE-2026-7351: Race in MHTML High CVE-2026-7350: Use after free in WebMIDI High CVE-2026-7349: Use after free in Cast High CVE-2026-7348: Use after free in Codecs High CVE-2026-7335: Use after free in media High CVE-2026-7336: Use after free in WebRTC High CVE-2026-7337: Type Confusion in V8 High CVE-2026-7347: Use after free in Chromoting High CVE-2026-7346: Inappropriate implementation in Tint High CVE-2026-7345: Insufficient validation of untrusted input in Feedback High CVE-2026-7338: Use after free in Cast High CVE-2026-7342: Use after free in WebView High CVE-2026-7341: Use after free in WebRTC Medium CVE-2026-7339: Heap buffer overflow in WebRTC Medium CVE-2026-7340: Integer overflow in ANGLE Medium CVE-2026-7355: Use after free in Media -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Than Ngo <than@redhat.com> - 147.0.7727.137-1 - Update to 147.0.7727.137 * Critical CVE-2026-7363: Use after free in Canvas * Critical CVE-2026-7361: Use after free in iOS * Critical CVE-2026-7344: Use after free in Accessibility * Critical CVE-2026-7343: Use after free in Views * High CVE-2026-7333: Use after free in GPU * High CVE-2026-7360: Insufficient validation of untrusted input in Compositing * High CVE-2026-7359: Use after free in ANGLE * High CVE-2026-7358: Use after free in Animation * High CVE-2026-7334: Use after free in Views * High CVE-2026-7357: Use after free in GPU * High CVE-2026-7356: Use after free in Navigation * High CVE-2026-7354: Out of bounds read and write in Angle * High CVE-2026-7353: Heap buffer overflow in Skia * High CVE-2026-7352: Use after free in Media * High CVE-2026-7351: Race in MHTML * High CVE-2026-7350: Use after free in WebMIDI * High CVE-2026-7349: Use after free in Cast * High CVE-2026-7348: Use after free in Codecs * High CVE-2026-7335: Use after free in media * High CVE-2026-7336: Use after free in WebRTC * High CVE-2026-7337: Type Confusion in V8 * High CVE-2026-7347: Use after free in Chromoting * High CVE-2026-7346: Inappropriate implementation in Tint * High CVE-2026-7345: Insufficient validation of untrusted input in Feedback * High CVE-2026-7338: Use after free in Cast * High CVE-2026-7342: Use after free in WebView * High CVE-2026-7341: Use after free in WebRTC * Medium CVE-2026-7339: Heap buffer overflow in WebRTC * Medium CVE-2026-7340: Integer overflow in ANGLE * Medium CVE-2026-7355: Use after free in Media * Sun Apr 26 2026 Than Ngo <than@redhat.com> - 147.0.7727.116-2 - Fix FTBFS with rust 1.95 - Backport the upstream fix GL native pixmap import support reset in GpuInit -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463710 - CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-2026-7347 ... chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463710 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-36fb406407' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new