public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Than Ngo <than@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/chromium] epel9: - 149.0.7827.196 security release
Date: Wed, 24 Jun 2026 20:50:51 GMT	[thread overview]
Message-ID: <178233425127.1.17596589676353456365.rpms-chromium-5d94d0ebb5da@fedoraproject.org> (raw)

          A new commit has been pushed.

          Repo   : rpms/chromium
          Branch : epel9
          Commit : 5d94d0ebb5da36acab88bbc9c1755602d9f40600
          Author : Than Ngo <than@redhat.com>
          Date   : 2026-06-24T22:35:09+02:00
          Stats  : +18/-0 in 1 file(s)
          URL    : https://src.fedoraproject.org/rpms/chromium/c/5d94d0ebb5da36acab88bbc9c1755602d9f40600?branch=epel9

          Log:
          - 149.0.7827.196 security release
* CVE-2026-13028: Use after free in WebGL
* CVE-2026-13032: Use after free in WebGL
* CVE-2026-13033: Out of bounds read in Blink>InterestGroups
* CVE-2026-13038: Use after free in Autofill
* CVE-2026-13021: Inappropriate implementation in DeviceBoundSessionCredentials
* CVE-2026-13022: Inappropriate implementation in Autofill
* CVE-2026-13023: Uninitialized Use in GPU
* CVE-2026-13024: Insufficient validation of untrusted input in Navigation
* CVE-2026-13025: Insufficient validation of untrusted input in DevTools
* CVE-2026-13026: Use after free in Digital Credentials
* CVE-2026-13027: Use after free in FileSystem
* CVE-2026-13029: Use after free in Web Authentication
* CVE-2026-13030: Uninitialized Use in GPU
* CVE-2026-13031: Use after free in Blink
* CVE-2026-13034: Inappropriate implementation in Passwords
* CVE-2026-13035: Use after free in Bluetooth
* CVE-2026-13036: Use after free in Blink
* CVE-2026-13037: Use after free in WebView

---
diff --git a/chromium.spec b/chromium.spec
index 0e10d74..b5bc876 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -1916,6 +1916,24 @@ fi
 %changelog
 * Wed Jun 24 2026 Than Ngo <than@redhat.com> - 149.0.7827.196-1
 - Update to 149.0.7827.196
+  * CVE-2026-13028: Use after free in WebGL
+  * CVE-2026-13032: Use after free in WebGL
+  * CVE-2026-13033: Out of bounds read in Blink>InterestGroups
+  * CVE-2026-13038: Use after free in Autofill
+  * CVE-2026-13021: Inappropriate implementation in DeviceBoundSessionCredentials
+  * CVE-2026-13022: Inappropriate implementation in Autofill
+  * CVE-2026-13023: Uninitialized Use in GPU
+  * CVE-2026-13024: Insufficient validation of untrusted input in Navigation
+  * CVE-2026-13025: Insufficient validation of untrusted input in DevTools
+  * CVE-2026-13026: Use after free in Digital Credentials
+  * CVE-2026-13027: Use after free in FileSystem
+  * CVE-2026-13029: Use after free in Web Authentication
+  * CVE-2026-13030: Uninitialized Use in GPU
+  * CVE-2026-13031: Use after free in Blink
+  * CVE-2026-13034: Inappropriate implementation in Passwords
+  * CVE-2026-13035: Use after free in Bluetooth
+  * CVE-2026-13036: Use after free in Blink
+  * CVE-2026-13037: Use after free in WebView
 - Upstream patch, Make dark mode apply filter to images irrespective of layout zoom
 
 * Wed Jun 17 2026 Than Ngo <than@redhat.com> - 149.0.7827.155-1

                 reply	other threads:[~2026-06-24 20:50 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178233425127.1.17596589676353456365.rpms-chromium-5d94d0ebb5da@fedoraproject.org \
    --to=than@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox