public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Than Ngo <than@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/chromium] f43: Update to 148.0.7778.215
Date: Fri, 29 May 2026 14:26:25 +0000	[thread overview]
Message-ID: <rpms-chromium-7d2676f3720f@fedoraproject.org> (raw)
Message-ID: <20260529142625.gs0MTtpgI5YuO_F5tRllAnKpJePTLXGN2lCZg0Tt6dM@z> (raw)

      A new commit has been pushed.

      Repo   : rpms/chromium
      Branch : f43
      Commit : 7d2676f3720f1b88c0a19d7ce17a813c97e6dfc7
      Author : Than Ngo <than@redhat.com>
      Date   : 2026-05-29T16:08:37+02:00
      Stats  : +318/-2 in 3 file(s)
      URL    : https://src.fedoraproject.org/rpms/chromium/c/7d2676f3720f1b88c0a19d7ce17a813c97e6dfc7?branch=f43

      Log:
      Update to 148.0.7778.215
* CVE-2026-9872: Out of bounds write in GPU
* CVE-2026-9873: Use after free in Network
* CVE-2026-9874: Use after free in Dawn
* CVE-2026-9875: Out of bounds read in WebGL
* CVE-2026-9876: Use after free in WebGL
* CVE-2026-9877: Use after free in ANGLE
* CVE-2026-9878: Use after free in ANGLE
* CVE-2026-9879: Out of bounds write in ANGLE
* CVE-2026-9880: Insufficient validation of untrusted input in WebGL
* CVE-2026-9881: Use after free in Bluetooth
* CVE-2026-9882: Integer overflow in ANGLE
* CVE-2026-9883: Use after free in Base
* CVE-2026-9884: Use after free in Browser
* CVE-2026-9885: Insufficient validation of untrusted input in UI
* CVE-2026-9886: Use after free in Base
* CVE-2026-9887: Use after free in Proxy
* CVE-2026-9888: Use after free in WebView
* CVE-2026-9889: Out of bounds read and write in Dawn
* CVE-2026-9890: Use after free in XR
* CVE-2026-9891: Use after free in Extensions
* CVE-2026-9892: Inappropriate implementation in Skia
* CVE-2026-9893: Use after free in Skia
* CVE-2026-9894: Use after free in GPU
* CVE-2026-9895: Out of bounds read in GPU
* CVE-2026-9896: Out of bounds write in V8
* CVE-2026-9897: Use after free in DOM
* CVE-2026-9898: Insufficient validation of untrusted input in GPU
* CVE-2026-9899: Use after free in ANGLE
* CVE-2026-9900: Out of bounds write in ANGLE
* CVE-2026-9901: Use after free in ANGLE
* CVE-2026-9902: Use after free in Accessibility
* CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
* CVE-2026-9904: Use after free in ANGLE
* CVE-2026-9905: Use after free in Accessibility
* CVE-2026-9906: Out of bounds write in GPU
* CVE-2026-9907: Out of bounds read in Dawn
* CVE-2026-9908: Out of bounds read in ANGLE
* CVE-2026-9909: Integer overflow in Skia
* CVE-2026-9910: Out of bounds memory access in ANGLE
* CVE-2026-9911: Integer overflow in ANGLE
* CVE-2026-9912: Inappropriate implementation in GPU
* CVE-2026-9913: Inappropriate implementation in ANGLE
* CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9915: Heap buffer overflow in ANGLE
* CVE-2026-9916: Out of bounds write in ANGLE
* CVE-2026-9917: Uninitialized Use in WebGL
* CVE-2026-9918: Inappropriate implementation in Tint
* CVE-2026-9919: Out of bounds read in WebGL
* CVE-2026-9920: Uninitialized Use in GPU
* CVE-2026-9921: Uninitialized Use in WebGL
* CVE-2026-9922: Use after free in GPU
* CVE-2026-9923: Use after free in Skia
* CVE-2026-9924: Heap buffer overflow in ANGLE
* CVE-2026-9925: Use after free in ANGLE
* CVE-2026-9926: Heap buffer overflow in ANGLE
* CVE-2026-9927: Use after free in ANGLE
* CVE-2026-9928: Out of bounds read in ANGLE
* CVE-2026-9929: Inappropriate implementation in WebGL
* CVE-2026-9930: Out of bounds write in Dawn
* CVE-2026-9931: Use after free in GPU
* CVE-2026-9932: Use after free in ANGLE
* CVE-2026-9933: Use after free in Input
* CVE-2026-9934: Use after free in Aura
* CVE-2026-9935: Uninitialized Use in ANGLE
* CVE-2026-9936: Use after free in GFX
* CVE-2026-9937: Use after free in UI
* CVE-2026-9938: Inappropriate implementation in V8
* CVE-2026-9939: Heap buffer overflow in WebCodecs
* CVE-2026-9940: Heap buffer overflow in ANGLE
* CVE-2026-9941: Use after free in ANGLE
* CVE-2026-9942: Uninitialized Use in ANGLE
* CVE-2026-9943: Out of bounds read in WebGL
* CVE-2026-9944: Uninitialized Use in ANGLE
* CVE-2026-9945: Use after free in Media
* CVE-2026-9946: Use after free in ANGLE
* CVE-2026-9947: Use after free in XML
* CVE-2026-9948: Use after free in Views
* CVE-2026-9949: Use after free in Core
* CVE-2026-9950: Insufficient validation of untrusted input in iOS
* CVE-2026-9951: Use after free in UI
* CVE-2026-9952: Use after free in WebAudio
* CVE-2026-9953: Out of bounds read in ANGLE
* CVE-2026-9954: Use after free in TabStrip
* CVE-2026-9955: Inappropriate implementation in iOS
* CVE-2026-9956: Use after free in iOS
* CVE-2026-9957: Use after free in PDF
* CVE-2026-9958: Use after free in PDFium
* CVE-2026-9959: Race in WebRTC
* CVE-2026-9960: Integer overflow in PDFium
* CVE-2026-9961: Use after free in SurfaceCapture
* CVE-2026-9962: Use after free in WebRTC
* CVE-2026-9963: Uninitialized Use in iOS
* CVE-2026-9964: Use after free in Bluetooth
* CVE-2026-9965: Out of bounds write in ANGLE
* CVE-2026-9966: Integer overflow in XML
* CVE-2026-9967: Out of bounds write in GPU
* CVE-2026-9968: Integer overflow in V8
* CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9970: Use after free in WebGL
* CVE-2026-9971: Inappropriate implementation in iOS
* CVE-2026-9972: Uninitialized Use in Gamepad
* CVE-2026-9973: Out of bounds write in V8
* CVE-2026-9974: Out of bounds write in GPU
* CVE-2026-9975: Out of bounds read and write in ANGLE
* CVE-2026-9976: Inappropriate implementation in USB
* CVE-2026-9977: Insufficient validation of untrusted input in WebShare
* CVE-2026-9978: Use after free in Glic
* CVE-2026-9979: Insufficient validation of untrusted input in Input
* CVE-2026-9980: Insufficient validation of untrusted input in Printing
* CVE-2026-9981: Inappropriate implementation in Skia
* CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9983: Type Confusion in Skia
* CVE-2026-9984: Use after free in UI
* CVE-2026-9985: Insufficient validation of untrusted input in Media
* CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
* CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-9988: Use after free in WebRTC
* CVE-2026-9989: Inappropriate implementation in Media
* CVE-2026-9990: Use after free in WebAppInstalls
* CVE-2026-9991: Inappropriate implementation in Media
* CVE-2026-9992: Use after free in Network
* CVE-2026-9993: Use after free in Views
* CVE-2026-9994: Use after free in Core
* CVE-2026-9995: Use after free in WebXR
* CVE-2026-9996: Out of bounds read in WebRTC
* CVE-2026-9997: Use after free in Input
* CVE-2026-9998: Integer overflow in Skia
* CVE-2026-9999: Inappropriate implementation in ANGLE
* CVE-2026-10000: Use after free in Passwords
* CVE-2026-10001: Use after free in PerformanceManager
* CVE-2026-10002: Use after free in PDFium
* CVE-2026-10003: Use after free in Views
* CVE-2026-10004: Insufficient validation of untrusted input in Passwords
* CVE-2026-10005: Use after free in WebAppInstalls
* CVE-2026-10006: Race in WebAudio
* CVE-2026-10007: Use after free in SVG
* CVE-2026-10008: Uninitialized Use in GPU
* CVE-2026-10009: Integer overflow in Skia
* CVE-2026-10010: Inappropriate implementation in Input
* CVE-2026-10011: Inappropriate implementation in Skia
* CVE-2026-10012: Use after free in Skia
* CVE-2026-10013: Use after free in WebCodecs
* CVE-2026-10014: Use after free in WebMIDI
* CVE-2026-10015: Integer overflow in WTF
* CVE-2026-10016: Use after free in DOM
* CVE-2026-10017: Out of bounds read in Headless
* CVE-2026-10018: Integer overflow in ANGLE
* CVE-2026-10019: Integer overflow in ANGLE
* CVE-2026-10020: Insufficient validation of untrusted input in Skia
* CVE-2026-10021: Insufficient validation of untrusted input in USB
* CVE-2026-10022: Type Confusion in V8

---
diff --git a/chromium-148-Add-chromatic-pixels-feature-based-on-muted-hue-colors-for-dark-mode.patch b/chromium-148-Add-chromatic-pixels-feature-based-on-muted-hue-colors-for-dark-mode.patch
new file mode 100644
index 0000000..ba9ac9c
--- /dev/null
+++ b/chromium-148-Add-chromatic-pixels-feature-based-on-muted-hue-colors-for-dark-mode.patch
@@ -0,0 +1,160 @@
+commit 210a781e7b791586bbb898f9a8c9d025bf30593a
+Author: Prashant Nevase <pnevase@microsoft.com>
+Date:   Sun May 24 13:56:54 2026 -0700
+
+    Add chromatic pixels feature based on muted-hue colors for dark mode.
+    
+    This cl adds new feature based on muted-hue or limited color palette.
+    This new feature uses a low chroma threshold so it counts both vivid
+    colors and muted/mid-tone colors that still carry hue information,
+    distinct from `saturated_pixel_ratio`, which counts only highly
+    saturated pixels.
+    
+    This helps skipping images whose pixels are mostly chromatic (muted/
+    mid-tone hues), e.g. emotes, stickers, or character art. Their semantic
+    hue must be preserved. Grayscale text and JPEG chroma noise stay below
+    `kFeatureChromaticPixelRatioThreshold` and are still inverted.
+    
+    Bug: 449909524
+    Change-Id: I0a22736f3403b5e33e1ab395909b5de159eab366
+    Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7866369
+    Commit-Queue: Stephen Chenney <schenney@chromium.org>
+    Auto-Submit: Prashant Nevase <pnevase@microsoft.com>
+    Reviewed-by: Stephen Chenney <schenney@chromium.org>
+    Cr-Commit-Position: refs/heads/main@{#1635553}
+
+diff --git a/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.cc b/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.cc
+index 0111db051cca..ff66f21e8c7b 100644
+--- a/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.cc
++++ b/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.cc
+@@ -29,6 +29,14 @@ constexpr int kHighLightnessThreshold = 96;
+ // typical photographic colors which usually have chroma below 60.
+ constexpr int kHighSaturationThreshold = 80;
+ 
++// Per-pixel chroma at or above which the pixel is considered chromatic
++// (i.e. not effectively gray). Set well below kHighSaturationThreshold so
++// that muted / mid-tone colors found in illustrated assets (olive, teal,
++// maroon, pastels) are still counted as chromatic. Anti-aliased fringes
++// around grayscale text and minor JPEG chroma noise typically stay below
++// chroma ~15, so this floor still excludes them.
++constexpr int kChromaticThreshold = 20;
++
+ // Decision tree thresholds for classifying images
+ 
+ // Lower and upper color thresholds for grayscale and color images.
+@@ -53,6 +61,13 @@ constexpr float kFeatureHighSaturationRatioThreshold = 0.3f;
+ // below kFeatureHighSaturationRatioThreshold.
+ constexpr float kFeatureLowSaturationRatioThreshold = 0.1f;
+ 
++// Chromatic pixel ratio threshold above which a limited-palette colorful
++// image is considered to carry semantic color information end-to-end
++// (rather than being a near-grayscale icon with a tiny color accent) and
++// is skipped from inversion. Tuned so dark / grayscale text with
++// anti-aliased fringes or minor chroma noise stays below this floor.
++constexpr float kFeatureChromaticPixelRatioThreshold = 0.5f;
++
+ bool IsColorGray(const SkColor& color) {
+   return abs(static_cast<int>(SkColorGetR(color)) -
+              static_cast<int>(SkColorGetG(color))) +
+@@ -84,6 +99,17 @@ bool IsColorSaturated(const SkColor& color) {
+   return chroma >= kHighSaturationThreshold;
+ }
+ 
++bool IsColorChromatic(const SkColor& color) {
++  // Same chroma metric as IsColorSaturated() but with a much lower
++  // threshold, so muted / mid-tone colors are still counted as carrying
++  // hue information.
++  int r = SkColorGetR(color);
++  int g = SkColorGetG(color);
++  int b = SkColorGetB(color);
++  int chroma = std::max({r, g, b}) - std::min({r, g, b});
++  return chroma >= kChromaticThreshold;
++}
++
+ }  // namespace
+ 
+ DarkModeImageClassifier::DarkModeImageClassifier() = default;
+@@ -229,6 +255,7 @@ DarkModeImageClassifier::Features DarkModeImageClassifier::ComputeFeatures(
+   int color_pixels = 0;
+   int high_luma_pixels = 0;
+   int saturated_pixels = 0;
++  int chromatic_pixels = 0;
+   for (const SkColor& sample : sampled_pixels) {
+     if (!IsColorGray(sample)) {
+       color_pixels++;
+@@ -241,6 +268,10 @@ DarkModeImageClassifier::Features DarkModeImageClassifier::ComputeFeatures(
+     if (IsColorSaturated(sample)) {
+       saturated_pixels++;
+     }
++
++    if (IsColorChromatic(sample)) {
++      chromatic_pixels++;
++    }
+   }
+ 
+   ColorMode color_mode = (color_pixels > samples_count / 100)
+@@ -257,6 +288,8 @@ DarkModeImageClassifier::Features DarkModeImageClassifier::ComputeFeatures(
+       static_cast<float>(high_luma_pixels) / samples_count;
+   features.saturated_pixel_ratio =
+       static_cast<float>(saturated_pixels) / samples_count;
++  features.chromatic_pixel_ratio =
++      static_cast<float>(chromatic_pixels) / samples_count;
+ 
+   return features;
+ }
+@@ -354,6 +387,17 @@ DarkModeResult DarkModeImageClassifier::ClassifyUsingDecisionTree(
+     return DarkModeResult::kDoNotApplyFilter;
+   }
+ 
++  // Skip limited-palette colorful images whose pixels are mostly chromatic
++  // (muted / mid-tone hues), e.g. emotes, stickers, or character art. Their
++  // semantic hue must be preserved. Grayscale text and JPEG chroma noise
++  // stay below |kFeatureChromaticPixelRatioThreshold| and are still inverted.
++  if (features.is_colorful &&
++      features.color_buckets_ratio <
++          kFeatureHighColorCountThreshold[features.is_colorful] &&
++      features.chromatic_pixel_ratio > kFeatureChromaticPixelRatioThreshold) {
++    return DarkModeResult::kDoNotApplyFilter;
++  }
++
+   // Very few colors means it's not a photo, apply the filter.
+   if (features.color_buckets_ratio <
+       kFeatureLowColorCountThreshold[features.is_colorful]) {
+diff --git a/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.h b/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.h
+index e04a437d223a..686f0ddcb11c 100644
+--- a/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.h
++++ b/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier.h
+@@ -47,6 +47,13 @@ class PLATFORM_EXPORT DarkModeImageClassifier {
+     // image. Used to detect images dominated by vivid flat colors whose
+     // colors carry meaning and should be preserved rather than inverted.
+     float saturated_pixel_ratio;
++
++    // Ratio of chromatic (non-near-gray) pixels to all sampled pixels in the
++    // image. Uses a low chroma threshold so it counts both vivid colors and
++    // muted / mid-tone colors that still carry hue information. Distinct
++    // from |saturated_pixel_ratio|, which counts only highly saturated
++    // pixels.
++    float chromatic_pixel_ratio;
+   };
+ 
+   DarkModeResult Classify(const SkPixmap& pixmap, const SkIRect& src) const;
+diff --git a/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier_test.cc b/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier_test.cc
+index 6ec427db1d72..477b0a8e3344 100644
+--- a/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier_test.cc
++++ b/third_party/blink/renderer/platform/graphics/dark_mode_image_classifier_test.cc
+@@ -492,4 +492,15 @@ TEST_F(DarkModeImageClassifierTest,
+             DarkModeResult::kDoNotApplyFilter);
+ }
+ 
++TEST_F(DarkModeImageClassifierTest, SyntheticImageWithMutedChromaticColors) {
++  // Colorful, limited-palette image with muted mid-tone colors (chroma in
++  // [20, 80), luma < 96).
++  constexpr SkColor kMutedTeal = SkColorSetRGB(60, 100, 80);
++  SkBitmap bitmap = MakeStripedBitmap(kMutedTeal, kMutedTeal, 0, 0);
++  SkPixmap pixmap;
++  ASSERT_TRUE(bitmap.peekPixels(&pixmap));
++  EXPECT_EQ(image_classifier()->Classify(pixmap, bitmap.bounds()),
++            DarkModeResult::kDoNotApplyFilter);
++}
++
+ }  // namespace blink

diff --git a/chromium.spec b/chromium.spec
index 2a1d7d5..6d0b04a 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -262,7 +262,7 @@
 %endif
 
 Name:	chromium
-Version: 148.0.7778.178
+Version: 148.0.7778.215
 Release: 1%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@@ -524,6 +524,7 @@ Patch600: chromium-148-Add-luminance-ratio-feature-for-dark-mode-image-classific
 Patch601: chromium-148-Prefix-dark-mode-decision-tree-threshold-constants-with-kFeature.patch
 Patch602: chromium-148-Add-saturation-feature-for-dark-mode-image-classification.patch
 Patch603: chromium-148-Add-AutoDarkModeSkipImages-flag-to-bypass-image-dark-mode.patch
+Patch604: chromium-148-Add-chromatic-pixels-feature-based-on-muted-hue-colors-for-dark-mode.patch
 
 # Use chromium-latest.py to generate clean tarball from released build tarballs, found here:
 # http://build.chromium.org/buildbot/official/
@@ -1240,6 +1241,7 @@ Qt6 UI for chromium.
 %patch -P601 -p1 -b .Prefix-dark-mode-decision-tree-threshold-constants-with-kFeature
 %patch -P602 -p1 -b .Add-saturation-feature-for-dark-mode-image-classification
 %patch -P603 -p1 -b .Add-AutoDarkModeSkipImages-flag-to-bypass-image-dark-mode
+%patch -P604 -p1 -b .Add-chromatic-pixels-feature-based-on-muted-hue-colors-for-dark-mode
 
 # Change shebang in all relevant files in this directory and all subdirectories
 # See `man find` for how the `-exec command {} +` syntax works
@@ -1891,6 +1893,160 @@ fi
 %endif
 
 %changelog
+* Fri May 29 2026 Than Ngo <than@redhat.com> - 148.0.7778.215-1
+- Update to 148.0.7778.215
+  * CVE-2026-9872: Out of bounds write in GPU
+  * CVE-2026-9873: Use after free in Network
+  * CVE-2026-9874: Use after free in Dawn
+  * CVE-2026-9875: Out of bounds read in WebGL
+  * CVE-2026-9876: Use after free in WebGL
+  * CVE-2026-9877: Use after free in ANGLE
+  * CVE-2026-9878: Use after free in ANGLE
+  * CVE-2026-9879: Out of bounds write in ANGLE
+  * CVE-2026-9880: Insufficient validation of untrusted input in WebGL
+  * CVE-2026-9881: Use after free in Bluetooth
+  * CVE-2026-9882: Integer overflow in ANGLE
+  * CVE-2026-9883: Use after free in Base
+  * CVE-2026-9884: Use after free in Browser
+  * CVE-2026-9885: Insufficient validation of untrusted input in UI
+  * CVE-2026-9886: Use after free in Base
+  * CVE-2026-9887: Use after free in Proxy
+  * CVE-2026-9888: Use after free in WebView
+  * CVE-2026-9889: Out of bounds read and write in Dawn
+  * CVE-2026-9890: Use after free in XR
+  * CVE-2026-9891: Use after free in Extensions
+  * CVE-2026-9892: Inappropriate implementation in Skia
+  * CVE-2026-9893: Use after free in Skia
+  * CVE-2026-9894: Use after free in GPU
+  * CVE-2026-9895: Out of bounds read in GPU
+  * CVE-2026-9896: Out of bounds write in V8
+  * CVE-2026-9897: Use after free in DOM
+  * CVE-2026-9898: Insufficient validation of untrusted input in GPU
+  * CVE-2026-9899: Use after free in ANGLE
+  * CVE-2026-9900: Out of bounds write in ANGLE
+  * CVE-2026-9901: Use after free in ANGLE
+  * CVE-2026-9902: Use after free in Accessibility
+  * CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
+  * CVE-2026-9904: Use after free in ANGLE
+  * CVE-2026-9905: Use after free in Accessibility
+  * CVE-2026-9906: Out of bounds write in GPU
+  * CVE-2026-9907: Out of bounds read in Dawn
+  * CVE-2026-9908: Out of bounds read in ANGLE
+  * CVE-2026-9909: Integer overflow in Skia
+  * CVE-2026-9910: Out of bounds memory access in ANGLE
+  * CVE-2026-9911: Integer overflow in ANGLE
+  * CVE-2026-9912: Inappropriate implementation in GPU
+  * CVE-2026-9913: Inappropriate implementation in ANGLE
+  * CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
+  * CVE-2026-9915: Heap buffer overflow in ANGLE
+  * CVE-2026-9916: Out of bounds write in ANGLE
+  * CVE-2026-9917: Uninitialized Use in WebGL
+  * CVE-2026-9918: Inappropriate implementation in Tint
+  * CVE-2026-9919: Out of bounds read in WebGL
+  * CVE-2026-9920: Uninitialized Use in GPU
+  * CVE-2026-9921: Uninitialized Use in WebGL
+  * CVE-2026-9922: Use after free in GPU
+  * CVE-2026-9923: Use after free in Skia
+  * CVE-2026-9924: Heap buffer overflow in ANGLE
+  * CVE-2026-9925: Use after free in ANGLE
+  * CVE-2026-9926: Heap buffer overflow in ANGLE
+  * CVE-2026-9927: Use after free in ANGLE
+  * CVE-2026-9928: Out of bounds read in ANGLE
+  * CVE-2026-9929: Inappropriate implementation in WebGL
+  * CVE-2026-9930: Out of bounds write in Dawn
+  * CVE-2026-9931: Use after free in GPU
+  * CVE-2026-9932: Use after free in ANGLE
+  * CVE-2026-9933: Use after free in Input
+  * CVE-2026-9934: Use after free in Aura
+  * CVE-2026-9935: Uninitialized Use in ANGLE
+  * CVE-2026-9936: Use after free in GFX
+  * CVE-2026-9937: Use after free in UI
+  * CVE-2026-9938: Inappropriate implementation in V8
+  * CVE-2026-9939: Heap buffer overflow in WebCodecs
+  * CVE-2026-9940: Heap buffer overflow in ANGLE
+  * CVE-2026-9941: Use after free in ANGLE
+  * CVE-2026-9942: Uninitialized Use in ANGLE
+  * CVE-2026-9943: Out of bounds read in WebGL
+  * CVE-2026-9944: Uninitialized Use in ANGLE
+  * CVE-2026-9945: Use after free in Media
+  * CVE-2026-9946: Use after free in ANGLE
+  * CVE-2026-9947: Use after free in XML
+  * CVE-2026-9948: Use after free in Views
+  * CVE-2026-9949: Use after free in Core
+  * CVE-2026-9950: Insufficient validation of untrusted input in iOS
+  * CVE-2026-9951: Use after free in UI
+  * CVE-2026-9952: Use after free in WebAudio
+  * CVE-2026-9953: Out of bounds read in ANGLE
+  * CVE-2026-9954: Use after free in TabStrip
+  * CVE-2026-9955: Inappropriate implementation in iOS
+  * CVE-2026-9956: Use after free in iOS
+  * CVE-2026-9957: Use after free in PDF
+  * CVE-2026-9958: Use after free in PDFium
+  * CVE-2026-9959: Race in WebRTC
+  * CVE-2026-9960: Integer overflow in PDFium
+  * CVE-2026-9961: Use after free in SurfaceCapture
+  * CVE-2026-9962: Use after free in WebRTC
+  * CVE-2026-9963: Uninitialized Use in iOS
+  * CVE-2026-9964: Use after free in Bluetooth
+  * CVE-2026-9965: Out of bounds write in ANGLE
+  * CVE-2026-9966: Integer overflow in XML
+  * CVE-2026-9967: Out of bounds write in GPU
+  * CVE-2026-9968: Integer overflow in V8
+  * CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
+  * CVE-2026-9970: Use after free in WebGL
+  * CVE-2026-9971: Inappropriate implementation in iOS
+  * CVE-2026-9972: Uninitialized Use in Gamepad
+  * CVE-2026-9973: Out of bounds write in V8
+  * CVE-2026-9974: Out of bounds write in GPU
+  * CVE-2026-9975: Out of bounds read and write in ANGLE
+  * CVE-2026-9976: Inappropriate implementation in USB
+  * CVE-2026-9977: Insufficient validation of untrusted input in WebShare
+  * CVE-2026-9978: Use after free in Glic
+  * CVE-2026-9979: Insufficient validation of untrusted input in Input
+  * CVE-2026-9980: Insufficient validation of untrusted input in Printing
+  * CVE-2026-9981: Inappropriate implementation in Skia
+  * CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
+  * CVE-2026-9983: Type Confusion in Skia
+  * CVE-2026-9984: Use after free in UI
+  * CVE-2026-9985: Insufficient validation of untrusted input in Media
+  * CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
+  * CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
+  * CVE-2026-9988: Use after free in WebRTC
+  * CVE-2026-9989: Inappropriate implementation in Media
+  * CVE-2026-9990: Use after free in WebAppInstalls
+  * CVE-2026-9991: Inappropriate implementation in Media
+  * CVE-2026-9992: Use after free in Network
+  * CVE-2026-9993: Use after free in Views
+  * CVE-2026-9994: Use after free in Core
+  * CVE-2026-9995: Use after free in WebXR
+  * CVE-2026-9996: Out of bounds read in WebRTC
+  * CVE-2026-9997: Use after free in Input
+  * CVE-2026-9998: Integer overflow in Skia
+  * CVE-2026-9999: Inappropriate implementation in ANGLE
+  * CVE-2026-10000: Use after free in Passwords
+  * CVE-2026-10001: Use after free in PerformanceManager
+  * CVE-2026-10002: Use after free in PDFium
+  * CVE-2026-10003: Use after free in Views
+  * CVE-2026-10004: Insufficient validation of untrusted input in Passwords
+  * CVE-2026-10005: Use after free in WebAppInstalls
+  * CVE-2026-10006: Race in WebAudio
+  * CVE-2026-10007: Use after free in SVG
+  * CVE-2026-10008: Uninitialized Use in GPU
+  * CVE-2026-10009: Integer overflow in Skia
+  * CVE-2026-10010: Inappropriate implementation in Input
+  * CVE-2026-10011: Inappropriate implementation in Skia
+  * CVE-2026-10012: Use after free in Skia
+  * CVE-2026-10013: Use after free in WebCodecs
+  * CVE-2026-10014: Use after free in WebMIDI
+  * CVE-2026-10015: Integer overflow in WTF
+  * CVE-2026-10016: Use after free in DOM
+  * CVE-2026-10017: Out of bounds read in Headless
+  * CVE-2026-10018: Integer overflow in ANGLE
+  * CVE-2026-10019: Integer overflow in ANGLE
+  * CVE-2026-10020: Insufficient validation of untrusted input in Skia
+  * CVE-2026-10021: Insufficient validation of untrusted input in USB
+  * CVE-2026-10022: Type Confusion in V8
+
 * Wed May 20 2026 Than Ngo <than@redhat.com> - 148.0.7778.178-1
 - Update to 148.0.7778.178
   * CVE-2026-9111: Use after free in WebRTC

diff --git a/sources b/sources
index eabdf8b..c8446af 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (node-v22.22.0-stripped.tar.gz) = f32a8a73063b3c78cbacf941e11dd529ebcf2618b3ba661966312e49ee9870c43a3acf256e8d331a4b0b621b16a501810c02a3ad763c75884cc250addca8e106
-SHA512 (chromium-148.0.7778.178-clean.tar.xz) = 66a7879842702800051529f9c6b0a3915d4fc4f8fa357defa2b88d7d5f59f02a807ab6922d0a3c8d59569fbf80f5ade5ed2a2e8cddafac74a250c8dcdfa25ee7
+SHA512 (chromium-148.0.7778.215-clean.tar.xz) = 1453154f676201ec088f2c3f523f9f55dc984d5585e54b67a905f05e7ebda827834c739398f40b6432d3be1d14d09280808eafbafa0d8301dffb3c6eb56485f5

             reply	other threads:[~2026-05-29 14:26 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-29 14:09 Than Ngo [this message]
2026-05-29 14:25 ` [rpms/chromium] f44: Update to 148.0.7778.215 Than Ngo
2026-05-29 14:26 ` [rpms/chromium] f43: " Than Ngo
2026-05-29 16:05 ` [rpms/chromium] epel10: " Than Ngo
2026-05-29 16:14 ` [rpms/chromium] epel10.2: " Than Ngo
2026-05-29 16:23 ` [rpms/chromium] epel9: " Than Ngo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=rpms-chromium-7d2676f3720f@fedoraproject.org \
    --to=than@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox