-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2026-87143ca0fd 2026-05-13 00:24:55.088492+00:00 --------------------------------------------------------------------------------
Name : chromium Product : Fedora EPEL 10.1 Version : 148.0.7778.96 Release : 1.el10_1 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 148.0.7778.96 CVE-2026-7896: Integer overflow in Blink CVE-2026-7897: Use after free in Mobile CVE-2026-7898: Use after free in Chromoting CVE-2026-7899: Out of bounds read and write in V8 CVE-2026-7900: Heap buffer overflow in ANGLE CVE-2026-7901: Use after free in ANGLE CVE-2026-7902: Out of bounds memory access in V8 CVE-2026-7903: Integer overflow in ANGLE CVE-2026-7904: Out of bounds read in Fonts CVE-2026-7905: Insufficient validation of untrusted input in Media CVE-2026-7906: Use after free in SVG CVE-2026-7907: Use after free in DOM CVE-2026-7908: Use after free in Fullscreen CVE-2026-7909: Inappropriate implementation in ServiceWorker CVE-2026-7910: Use after free in Views CVE-2026-7911: Use after free in Aura CVE-2026-7912: Integer overflow in GPU CVE-2026-7913: Insufficient policy enforcement in DevTools CVE-2026-7914: Type Confusion in Accessibility CVE-2026-7915: Insufficient data validation in DevTools CVE-2026-7916: Insufficient data validation in InterestGroups CVE-2026-7917: Use after free in Fullscreen CVE-2026-7918: Use after free in GPU CVE-2026-7919: Use after free in Aura CVE-2026-7920: Use after free in Skia CVE-2026-7921: Use after free in Passwords CVE-2026-7922: Use after free in ServiceWorker CVE-2026-7923: Out of bounds write in Skia CVE-2026-7924: Uninitialized Use in Dawn CVE-2026-7925: Use after free in Chromoting CVE-2026-7926: Use after free in PresentationAPI CVE-2026-7927: Type Confusion in Runtime CVE-2026-7928: Use after free in WebRTC CVE-2026-7929: Use after free in MediaRecording CVE-2026-7930: Insufficient validation of untrusted input in Cookies CVE-2026-7931: Insufficient validation of untrusted input in iOS CVE-2026-7932: Insufficient policy enforcement in Downloads CVE-2026-7933: Out of bounds read in WebCodecs CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker CVE-2026-7935: Inappropriate implementation in Speech CVE-2026-7936: Object lifecycle issue in V8 CVE-2026-7937: Insufficient policy enforcement in DevTools CVE-2026-7938: Use after free in CSS CVE-2026-7939: Inappropriate implementation in SanitizerAPI CVE-2026-7940: Use after free in V8 CVE-2026-7941: Insufficient validation of untrusted input in Mobile CVE-2026-7942: Integer overflow in ANGLE CVE-2026-7943: Insufficient validation of untrusted input in ANGLE CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache CVE-2026-7945: Insufficient validation of untrusted input in COOP CVE-2026-7946: Insufficient policy enforcement in WebUI CVE-2026-7947: Insufficient validation of untrusted input in Network CVE-2026-7948: Race in Chromoting CVE-2026-7949: Out of bounds read in Skia CVE-2026-7950: Out of bounds read and write in GFX CVE-2026-7951: Out of bounds write in WebRTC CVE-2026-7952: Insufficient policy enforcement in Extensions CVE-2026-7953: Insufficient validation of untrusted input in Omnibox CVE-2026-7954: Race in Shared Storage CVE-2026-7955: Uninitialized Use in GPU CVE-2026-7956: Use after free in Navigation CVE-2026-7957: Out of bounds write in Media CVE-2026-7958: Inappropriate implementation in ServiceWorker CVE-2026-7959: Inappropriate implementation in Navigation CVE-2026-7960: Race in Speech CVE-2026-7961: Insufficient validation of untrusted input in Permissions CVE-2026-7962: Insufficient policy enforcement in DirectSockets CVE-2026-7963: Inappropriate implementation in ServiceWorker CVE-2026-7964: Insufficient validation of untrusted input in FileSystem CVE-2026-7965: Insufficient validation of untrusted input in DevTools CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation CVE-2026-7967: Insufficient validation of untrusted input in Navigation CVE-2026-7968: Insufficient validation of untrusted input in CORS CVE-2026-7969: Integer overflow in Network CVE-2026-7970: Use after free in TopChrome CVE-2026-7971: Inappropriate implementation in ORB CVE-2026-7972: Uninitialized Use in GPU CVE-2026-7973: Integer overflow in Dawn CVE-2026-7974: Use after free in Blink CVE-2026-7975: Use after free in DevTools CVE-2026-7976: Use after free in Views CVE-2026-7977: Inappropriate implementation in Canvas CVE-2026-7978: Inappropriate implementation in Companion CVE-2026-7979: Inappropriate implementation in Media CVE-2026-7980: Use after free in WebAudio CVE-2026-7981: Out of bounds read in Codecs CVE-2026-7982: Uninitialized Use in WebCodecs CVE-2026-7983: Out of bounds read in Dawn CVE-2026-7984: Use after free in ReadingMode CVE-2026-7985: Use after free in GPU CVE-2026-7986: Insufficient policy enforcement in Autofill CVE-2026-7987: Use after free in WebRTC CVE-2026-7988: Type Confusion in WebRTC CVE-2026-7989: Insufficient data validation in DataTransfer CVE-2026-7990: Insufficient validation of untrusted input in Updater CVE-2026-7991: Use after free in UI CVE-2026-7992: Insufficient validation of untrusted input in UI CVE-2026-7993: Insufficient validation of untrusted input in Payments CVE-2026-7994: Inappropriate implementation in Chromoting CVE-2026-7995: Out of bounds read in AdFilter CVE-2026-7996: Insufficient validation of untrusted input in SSL CVE-2026-7997: Insufficient validation of untrusted input in Updater CVE-2026-7998: Insufficient validation of untrusted input in Dialog CVE-2026-7999: Inappropriate implementation in V8 CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver CVE-2026-8001: Use after free in Printing CVE-2026-8002: Use after free in Audio CVE-2026-8003: Insufficient validation of untrusted input in TabGroups CVE-2026-8004: Insufficient policy enforcement in DevTools CVE-2026-8005: Insufficient validation of untrusted input in Cast CVE-2026-8006: Insufficient policy enforcement in DevTools CVE-2026-8007: Insufficient validation of untrusted input in Cast CVE-2026-8008: Inappropriate implementation in DevTools CVE-2026-8009: Inappropriate implementation in Cast CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation CVE-2026-8011: Insufficient policy enforcement in Search CVE-2026-8012: Inappropriate implementation in MHTML CVE-2026-8013: Insufficient validation of untrusted input in FedCM CVE-2026-8014: Inappropriate implementation in Preload CVE-2026-8015: Inappropriate implementation in Media CVE-2026-8016: Use after free in WebRTC CVE-2026-8017: Side-channel information leakage in Media CVE-2026-8018: Insufficient policy enforcement in DevTools CVE-2026-8019: Insufficient policy enforcement in WebApp CVE-2026-8020: Uninitialized Use in GPU CVE-2026-8021: Script injection in UI CVE-2026-8022: Inappropriate implementation in MHTML -------------------------------------------------------------------------------- ChangeLog: * Wed May 6 2026 Than Ngo <[email protected]> - 148.0.7778.96-1 - Update to 148.0.7778.96 * CVE-2026-7896: Integer overflow in Blink * CVE-2026-7897: Use after free in Mobile * CVE-2026-7898: Use after free in Chromoting * CVE-2026-7899: Out of bounds read and write in V8 * CVE-2026-7900: Heap buffer overflow in ANGLE * CVE-2026-7901: Use after free in ANGLE * CVE-2026-7902: Out of bounds memory access in V8 * CVE-2026-7903: Integer overflow in ANGLE * CVE-2026-7904: Out of bounds read in Fonts * CVE-2026-7905: Insufficient validation of untrusted input in Media * CVE-2026-7906: Use after free in SVG * CVE-2026-7907: Use after free in DOM * CVE-2026-7908: Use after free in Fullscreen * CVE-2026-7909: Inappropriate implementation in ServiceWorker * CVE-2026-7910: Use after free in Views * CVE-2026-7911: Use after free in Aura * CVE-2026-7912: Integer overflow in GPU * CVE-2026-7913: Insufficient policy enforcement in DevTools * CVE-2026-7914: Type Confusion in Accessibility * CVE-2026-7915: Insufficient data validation in DevTools * CVE-2026-7916: Insufficient data validation in InterestGroups * CVE-2026-7917: Use after free in Fullscreen * CVE-2026-7918: Use after free in GPU * CVE-2026-7919: Use after free in Aura * CVE-2026-7920: Use after free in Skia * CVE-2026-7921: Use after free in Passwords * CVE-2026-7922: Use after free in ServiceWorker * CVE-2026-7923: Out of bounds write in Skia * CVE-2026-7924: Uninitialized Use in Dawn * CVE-2026-7925: Use after free in Chromoting * CVE-2026-7926: Use after free in PresentationAPI * CVE-2026-7927: Type Confusion in Runtime * CVE-2026-7928: Use after free in WebRTC * CVE-2026-7929: Use after free in MediaRecording * CVE-2026-7930: Insufficient validation of untrusted input in Cookies * CVE-2026-7931: Insufficient validation of untrusted input in iOS * CVE-2026-7932: Insufficient policy enforcement in Downloads * CVE-2026-7933: Out of bounds read in WebCodecs * CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker * CVE-2026-7935: Inappropriate implementation in Speech * CVE-2026-7936: Object lifecycle issue in V8 * CVE-2026-7937: Insufficient policy enforcement in DevTools * CVE-2026-7938: Use after free in CSS * CVE-2026-7939: Inappropriate implementation in SanitizerAPI * CVE-2026-7940: Use after free in V8 * CVE-2026-7941: Insufficient validation of untrusted input in Mobile * CVE-2026-7942: Integer overflow in ANGLE * CVE-2026-7943: Insufficient validation of untrusted input in ANGLE * CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache * CVE-2026-7945: Insufficient validation of untrusted input in COOP * CVE-2026-7946: Insufficient policy enforcement in WebUI * CVE-2026-7947: Insufficient validation of untrusted input in Network * CVE-2026-7948: Race in Chromoting * CVE-2026-7949: Out of bounds read in Skia * CVE-2026-7950: Out of bounds read and write in GFX * CVE-2026-7951: Out of bounds write in WebRTC * CVE-2026-7952: Insufficient policy enforcement in Extensions * CVE-2026-7953: Insufficient validation of untrusted input in Omnibox * CVE-2026-7954: Race in Shared Storage * CVE-2026-7955: Uninitialized Use in GPU * CVE-2026-7956: Use after free in Navigation * CVE-2026-7957: Out of bounds write in Media * CVE-2026-7958: Inappropriate implementation in ServiceWorker * CVE-2026-7959: Inappropriate implementation in Navigation * CVE-2026-7960: Race in Speech * CVE-2026-7961: Insufficient validation of untrusted input in Permissions * CVE-2026-7962: Insufficient policy enforcement in DirectSockets * CVE-2026-7963: Inappropriate implementation in ServiceWorker * CVE-2026-7964: Insufficient validation of untrusted input in FileSystem * CVE-2026-7965: Insufficient validation of untrusted input in DevTools * CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-7967: Insufficient validation of untrusted input in Navigation * CVE-2026-7968: Insufficient validation of untrusted input in CORS * CVE-2026-7969: Integer overflow in Network * CVE-2026-7970: Use after free in TopChrome * CVE-2026-7971: Inappropriate implementation in ORB * CVE-2026-7972: Uninitialized Use in GPU * CVE-2026-7973: Integer overflow in Dawn * CVE-2026-7974: Use after free in Blink * CVE-2026-7975: Use after free in DevTools * CVE-2026-7976: Use after free in Views * CVE-2026-7977: Inappropriate implementation in Canvas * CVE-2026-7978: Inappropriate implementation in Companion * CVE-2026-7979: Inappropriate implementation in Media * CVE-2026-7980: Use after free in WebAudio * CVE-2026-7981: Out of bounds read in Codecs * CVE-2026-7982: Uninitialized Use in WebCodecs * CVE-2026-7983: Out of bounds read in Dawn * CVE-2026-7984: Use after free in ReadingMode * CVE-2026-7985: Use after free in GPU * CVE-2026-7986: Insufficient policy enforcement in Autofill * CVE-2026-7987: Use after free in WebRTC * CVE-2026-7988: Type Confusion in WebRTC * CVE-2026-7989: Insufficient data validation in DataTransfer * CVE-2026-7990: Insufficient validation of untrusted input in Updater * CVE-2026-7991: Use after free in UI * CVE-2026-7992: Insufficient validation of untrusted input in UI * CVE-2026-7993: Insufficient validation of untrusted input in Payments * CVE-2026-7994: Inappropriate implementation in Chromoting * CVE-2026-7995: Out of bounds read in AdFilter * CVE-2026-7996: Insufficient validation of untrusted input in SSL * CVE-2026-7997: Insufficient validation of untrusted input in Updater * CVE-2026-7998: Insufficient validation of untrusted input in Dialog * CVE-2026-7999: Inappropriate implementation in V8 * CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver * CVE-2026-8001: Use after free in Printing * CVE-2026-8002: Use after free in Audio * CVE-2026-8003: Insufficient validation of untrusted input in TabGroups * CVE-2026-8004: Insufficient policy enforcement in DevTools * CVE-2026-8005: Insufficient validation of untrusted input in Cast * CVE-2026-8006: Insufficient policy enforcement in DevTools * CVE-2026-8007: Insufficient validation of untrusted input in Cast * CVE-2026-8008: Inappropriate implementation in DevTools * CVE-2026-8009: Inappropriate implementation in Cast * CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-8011: Insufficient policy enforcement in Search * CVE-2026-8012: Inappropriate implementation in MHTML * CVE-2026-8013: Insufficient validation of untrusted input in FedCM * CVE-2026-8014: Inappropriate implementation in Preload * CVE-2026-8015: Inappropriate implementation in Media * CVE-2026-8016: Use after free in WebRTC * CVE-2026-8017: Side-channel information leakage in Media * CVE-2026-8018: Insufficient policy enforcement in DevTools * CVE-2026-8019: Insufficient policy enforcement in WebApp * CVE-2026-8020: Uninitialized Use in GPU * CVE-2026-8021: Script injection in UI * CVE-2026-8022: Inappropriate implementation in MHTML - Remove old remoting-no-tests patch - Remove fix_GL_native_pixmap_import_support_reset_in_GpuInit patch - Fix build error causing by sanitizer defines in GN - Refresh rust-enable-unstable_feature patch - Fix build error with system rust compiler - Fix build error causing by new clang++ options which are not supported yet - Fix build error causing by harfbuzz library rename -------------------------------------------------------------------------------- References: [ 1 ] Bug #2468371 - CVE-2026-7896 CVE-2026-7897 CVE-2026-7898 CVE-2026-7899 CVE-2026-7900 CVE-2026-7901 CVE-2026-7902 CVE-2026-7903 CVE-2026-7904 CVE-2026-7905 CVE-2026-7906 CVE-2026-7907 CVE-2026-7908 CVE-2026-7909 CVE-2026-7910 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468371 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update chromium' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ epel-package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
