Fedora alert FEDORA-2026-a688180654 (chromium)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: chromium-148.0.7778.215-1.fc44 | |
| Date: | Mon, 01 Jun 2026 00:49:26 +0000 | |
| Message-ID: | <20260601004926.4CBB870BD3@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a688180654 2026-06-01 00:48:39.785102+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 148.0.7778.215 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 148.0.7778.215 CVE-2026-9872: Out of bounds write in GPU CVE-2026-9873: Use after free in Network CVE-2026-9874: Use after free in Dawn CVE-2026-9875: Out of bounds read in WebGL CVE-2026-9876: Use after free in WebGL CVE-2026-9877: Use after free in ANGLE CVE-2026-9878: Use after free in ANGLE CVE-2026-9879: Out of bounds write in ANGLE CVE-2026-9880: Insufficient validation of untrusted input in WebGL CVE-2026-9881: Use after free in Bluetooth CVE-2026-9882: Integer overflow in ANGLE CVE-2026-9883: Use after free in Base CVE-2026-9884: Use after free in Browser CVE-2026-9885: Insufficient validation of untrusted input in UI CVE-2026-9886: Use after free in Base CVE-2026-9887: Use after free in Proxy CVE-2026-9888: Use after free in WebView CVE-2026-9889: Out of bounds read and write in Dawn CVE-2026-9890: Use after free in XR CVE-2026-9891: Use after free in Extensions CVE-2026-9892: Inappropriate implementation in Skia CVE-2026-9893: Use after free in Skia CVE-2026-9894: Use after free in GPU CVE-2026-9895: Out of bounds read in GPU CVE-2026-9896: Out of bounds write in V8 CVE-2026-9897: Use after free in DOM CVE-2026-9898: Insufficient validation of untrusted input in GPU CVE-2026-9899: Use after free in ANGLE CVE-2026-9900: Out of bounds write in ANGLE CVE-2026-9901: Use after free in ANGLE CVE-2026-9902: Use after free in Accessibility CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation CVE-2026-9904: Use after free in ANGLE CVE-2026-9905: Use after free in Accessibility CVE-2026-9906: Out of bounds write in GPU CVE-2026-9907: Out of bounds read in Dawn CVE-2026-9908: Out of bounds read in ANGLE CVE-2026-9909: Integer overflow in Skia CVE-2026-9910: Out of bounds memory access in ANGLE CVE-2026-9911: Integer overflow in ANGLE CVE-2026-9912: Inappropriate implementation in GPU CVE-2026-9913: Inappropriate implementation in ANGLE CVE-2026-9914: Insufficient validation of untrusted input in ANGLE CVE-2026-9915: Heap buffer overflow in ANGLE CVE-2026-9916: Out of bounds write in ANGLE CVE-2026-9917: Uninitialized Use in WebGL CVE-2026-9918: Inappropriate implementation in Tint CVE-2026-9919: Out of bounds read in WebGL CVE-2026-9920: Uninitialized Use in GPU CVE-2026-9921: Uninitialized Use in WebGL CVE-2026-9922: Use after free in GPU CVE-2026-9923: Use after free in Skia CVE-2026-9924: Heap buffer overflow in ANGLE CVE-2026-9925: Use after free in ANGLE CVE-2026-9926: Heap buffer overflow in ANGLE CVE-2026-9927: Use after free in ANGLE CVE-2026-9928: Out of bounds read in ANGLE CVE-2026-9929: Inappropriate implementation in WebGL CVE-2026-9930: Out of bounds write in Dawn CVE-2026-9931: Use after free in GPU CVE-2026-9932: Use after free in ANGLE CVE-2026-9933: Use after free in Input CVE-2026-9934: Use after free in Aura CVE-2026-9935: Uninitialized Use in ANGLE CVE-2026-9936: Use after free in GFX CVE-2026-9937: Use after free in UI CVE-2026-9938: Inappropriate implementation in V8 CVE-2026-9939: Heap buffer overflow in WebCodecs CVE-2026-9940: Heap buffer overflow in ANGLE CVE-2026-9941: Use after free in ANGLE CVE-2026-9942: Uninitialized Use in ANGLE CVE-2026-9943: Out of bounds read in WebGL CVE-2026-9944: Uninitialized Use in ANGLE CVE-2026-9945: Use after free in Media CVE-2026-9946: Use after free in ANGLE CVE-2026-9947: Use after free in XML CVE-2026-9948: Use after free in Views CVE-2026-9949: Use after free in Core CVE-2026-9950: Insufficient validation of untrusted input in iOS CVE-2026-9951: Use after free in UI CVE-2026-9952: Use after free in WebAudio CVE-2026-9953: Out of bounds read in ANGLE CVE-2026-9954: Use after free in TabStrip CVE-2026-9955: Inappropriate implementation in iOS CVE-2026-9956: Use after free in iOS CVE-2026-9957: Use after free in PDF CVE-2026-9958: Use after free in PDFium CVE-2026-9959: Race in WebRTC CVE-2026-9960: Integer overflow in PDFium CVE-2026-9961: Use after free in SurfaceCapture CVE-2026-9962: Use after free in WebRTC CVE-2026-9963: Uninitialized Use in iOS CVE-2026-9964: Use after free in Bluetooth CVE-2026-9965: Out of bounds write in ANGLE CVE-2026-9966: Integer overflow in XML CVE-2026-9967: Out of bounds write in GPU CVE-2026-9968: Integer overflow in V8 CVE-2026-9969: Insufficient validation of untrusted input in ANGLE CVE-2026-9970: Use after free in WebGL CVE-2026-9971: Inappropriate implementation in iOS CVE-2026-9972: Uninitialized Use in Gamepad CVE-2026-9973: Out of bounds write in V8 CVE-2026-9974: Out of bounds write in GPU CVE-2026-9975: Out of bounds read and write in ANGLE CVE-2026-9976: Inappropriate implementation in USB CVE-2026-9977: Insufficient validation of untrusted input in WebShare CVE-2026-9978: Use after free in Glic CVE-2026-9979: Insufficient validation of untrusted input in Input CVE-2026-9980: Insufficient validation of untrusted input in Printing CVE-2026-9981: Inappropriate implementation in Skia CVE-2026-9982: Insufficient validation of untrusted input in ANGLE CVE-2026-9983: Type Confusion in Skia CVE-2026-9984: Use after free in UI CVE-2026-9985: Insufficient validation of untrusted input in Media CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls CVE-2026-9988: Use after free in WebRTC CVE-2026-9989: Inappropriate implementation in Media CVE-2026-9990: Use after free in WebAppInstalls CVE-2026-9991: Inappropriate implementation in Media CVE-2026-9992: Use after free in Network CVE-2026-9993: Use after free in Views CVE-2026-9994: Use after free in Core CVE-2026-9995: Use after free in WebXR CVE-2026-9996: Out of bounds read in WebRTC CVE-2026-9997: Use after free in Input CVE-2026-9998: Integer overflow in Skia CVE-2026-9999: Inappropriate implementation in ANGLE CVE-2026-10000: Use after free in Passwords CVE-2026-10001: Use after free in PerformanceManager CVE-2026-10002: Use after free in PDFium CVE-2026-10003: Use after free in Views CVE-2026-10004: Insufficient validation of untrusted input in Passwords CVE-2026-10005: Use after free in WebAppInstalls CVE-2026-10006: Race in WebAudio CVE-2026-10007: Use after free in SVG CVE-2026-10008: Uninitialized Use in GPU CVE-2026-10009: Integer overflow in Skia CVE-2026-10010: Inappropriate implementation in Input CVE-2026-10011: Inappropriate implementation in Skia CVE-2026-10012: Use after free in Skia CVE-2026-10013: Use after free in WebCodecs CVE-2026-10014: Use after free in WebMIDI CVE-2026-10015: Integer overflow in WTF CVE-2026-10016: Use after free in DOM CVE-2026-10017: Out of bounds read in Headless CVE-2026-10018: Integer overflow in ANGLE CVE-2026-10019: Integer overflow in ANGLE CVE-2026-10020: Insufficient validation of untrusted input in Skia CVE-2026-10021: Insufficient validation of untrusted input in USB CVE-2026-10022: Type Confusion in V8 -------------------------------------------------------------------------------- ChangeLog: * Fri May 29 2026 Than Ngo <than@redhat.com> - 148.0.7778.215-1 - Update to 148.0.7778.215 * CVE-2026-9872: Out of bounds write in GPU * CVE-2026-9873: Use after free in Network * CVE-2026-9874: Use after free in Dawn * CVE-2026-9875: Out of bounds read in WebGL * CVE-2026-9876: Use after free in WebGL * CVE-2026-9877: Use after free in ANGLE * CVE-2026-9878: Use after free in ANGLE * CVE-2026-9879: Out of bounds write in ANGLE * CVE-2026-9880: Insufficient validation of untrusted input in WebGL * CVE-2026-9881: Use after free in Bluetooth * CVE-2026-9882: Integer overflow in ANGLE * CVE-2026-9883: Use after free in Base * CVE-2026-9884: Use after free in Browser * CVE-2026-9885: Insufficient validation of untrusted input in UI * CVE-2026-9886: Use after free in Base * CVE-2026-9887: Use after free in Proxy * CVE-2026-9888: Use after free in WebView * CVE-2026-9889: Out of bounds read and write in Dawn * CVE-2026-9890: Use after free in XR * CVE-2026-9891: Use after free in Extensions * CVE-2026-9892: Inappropriate implementation in Skia * CVE-2026-9893: Use after free in Skia * CVE-2026-9894: Use after free in GPU * CVE-2026-9895: Out of bounds read in GPU * CVE-2026-9896: Out of bounds write in V8 * CVE-2026-9897: Use after free in DOM * CVE-2026-9898: Insufficient validation of untrusted input in GPU * CVE-2026-9899: Use after free in ANGLE * CVE-2026-9900: Out of bounds write in ANGLE * CVE-2026-9901: Use after free in ANGLE * CVE-2026-9902: Use after free in Accessibility * CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation * CVE-2026-9904: Use after free in ANGLE * CVE-2026-9905: Use after free in Accessibility * CVE-2026-9906: Out of bounds write in GPU * CVE-2026-9907: Out of bounds read in Dawn * CVE-2026-9908: Out of bounds read in ANGLE * CVE-2026-9909: Integer overflow in Skia * CVE-2026-9910: Out of bounds memory access in ANGLE * CVE-2026-9911: Integer overflow in ANGLE * CVE-2026-9912: Inappropriate implementation in GPU * CVE-2026-9913: Inappropriate implementation in ANGLE * CVE-2026-9914: Insufficient validation of untrusted input in ANGLE * CVE-2026-9915: Heap buffer overflow in ANGLE * CVE-2026-9916: Out of bounds write in ANGLE * CVE-2026-9917: Uninitialized Use in WebGL * CVE-2026-9918: Inappropriate implementation in Tint * CVE-2026-9919: Out of bounds read in WebGL * CVE-2026-9920: Uninitialized Use in GPU * CVE-2026-9921: Uninitialized Use in WebGL * CVE-2026-9922: Use after free in GPU * CVE-2026-9923: Use after free in Skia * CVE-2026-9924: Heap buffer overflow in ANGLE * CVE-2026-9925: Use after free in ANGLE * CVE-2026-9926: Heap buffer overflow in ANGLE * CVE-2026-9927: Use after free in ANGLE * CVE-2026-9928: Out of bounds read in ANGLE * CVE-2026-9929: Inappropriate implementation in WebGL * CVE-2026-9930: Out of bounds write in Dawn * CVE-2026-9931: Use after free in GPU * CVE-2026-9932: Use after free in ANGLE * CVE-2026-9933: Use after free in Input * CVE-2026-9934: Use after free in Aura * CVE-2026-9935: Uninitialized Use in ANGLE * CVE-2026-9936: Use after free in GFX * CVE-2026-9937: Use after free in UI * CVE-2026-9938: Inappropriate implementation in V8 * CVE-2026-9939: Heap buffer overflow in WebCodecs * CVE-2026-9940: Heap buffer overflow in ANGLE * CVE-2026-9941: Use after free in ANGLE * CVE-2026-9942: Uninitialized Use in ANGLE * CVE-2026-9943: Out of bounds read in WebGL * CVE-2026-9944: Uninitialized Use in ANGLE * CVE-2026-9945: Use after free in Media * CVE-2026-9946: Use after free in ANGLE * CVE-2026-9947: Use after free in XML * CVE-2026-9948: Use after free in Views * CVE-2026-9949: Use after free in Core * CVE-2026-9950: Insufficient validation of untrusted input in iOS * CVE-2026-9951: Use after free in UI * CVE-2026-9952: Use after free in WebAudio * CVE-2026-9953: Out of bounds read in ANGLE * CVE-2026-9954: Use after free in TabStrip * CVE-2026-9955: Inappropriate implementation in iOS * CVE-2026-9956: Use after free in iOS * CVE-2026-9957: Use after free in PDF * CVE-2026-9958: Use after free in PDFium * CVE-2026-9959: Race in WebRTC * CVE-2026-9960: Integer overflow in PDFium * CVE-2026-9961: Use after free in SurfaceCapture * CVE-2026-9962: Use after free in WebRTC * CVE-2026-9963: Uninitialized Use in iOS * CVE-2026-9964: Use after free in Bluetooth * CVE-2026-9965: Out of bounds write in ANGLE * CVE-2026-9966: Integer overflow in XML * CVE-2026-9967: Out of bounds write in GPU * CVE-2026-9968: Integer overflow in V8 * CVE-2026-9969: Insufficient validation of untrusted input in ANGLE * CVE-2026-9970: Use after free in WebGL * CVE-2026-9971: Inappropriate implementation in iOS * CVE-2026-9972: Uninitialized Use in Gamepad * CVE-2026-9973: Out of bounds write in V8 * CVE-2026-9974: Out of bounds write in GPU * CVE-2026-9975: Out of bounds read and write in ANGLE * CVE-2026-9976: Inappropriate implementation in USB * CVE-2026-9977: Insufficient validation of untrusted input in WebShare * CVE-2026-9978: Use after free in Glic * CVE-2026-9979: Insufficient validation of untrusted input in Input * CVE-2026-9980: Insufficient validation of untrusted input in Printing * CVE-2026-9981: Inappropriate implementation in Skia * CVE-2026-9982: Insufficient validation of untrusted input in ANGLE * CVE-2026-9983: Type Confusion in Skia * CVE-2026-9984: Use after free in UI * CVE-2026-9985: Insufficient validation of untrusted input in Media * CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide * CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-9988: Use after free in WebRTC * CVE-2026-9989: Inappropriate implementation in Media * CVE-2026-9990: Use after free in WebAppInstalls * CVE-2026-9991: Inappropriate implementation in Media * CVE-2026-9992: Use after free in Network * CVE-2026-9993: Use after free in Views * CVE-2026-9994: Use after free in Core * CVE-2026-9995: Use after free in WebXR * CVE-2026-9996: Out of bounds read in WebRTC * CVE-2026-9997: Use after free in Input * CVE-2026-9998: Integer overflow in Skia * CVE-2026-9999: Inappropriate implementation in ANGLE * CVE-2026-10000: Use after free in Passwords * CVE-2026-10001: Use after free in PerformanceManager * CVE-2026-10002: Use after free in PDFium * CVE-2026-10003: Use after free in Views * CVE-2026-10004: Insufficient validation of untrusted input in Passwords * CVE-2026-10005: Use after free in WebAppInstalls * CVE-2026-10006: Race in WebAudio * CVE-2026-10007: Use after free in SVG * CVE-2026-10008: Uninitialized Use in GPU * CVE-2026-10009: Integer overflow in Skia * CVE-2026-10010: Inappropriate implementation in Input * CVE-2026-10011: Inappropriate implementation in Skia * CVE-2026-10012: Use after free in Skia * CVE-2026-10013: Use after free in WebCodecs * CVE-2026-10014: Use after free in WebMIDI * CVE-2026-10015: Integer overflow in WTF * CVE-2026-10016: Use after free in DOM * CVE-2026-10017: Out of bounds read in Headless * CVE-2026-10018: Integer overflow in ANGLE * CVE-2026-10019: Integer overflow in ANGLE * CVE-2026-10020: Insufficient validation of untrusted input in Skia * CVE-2026-10021: Insufficient validation of untrusted input in USB * CVE-2026-10022: Type Confusion in V8 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a688180654' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new