From nobody Wed Jun 10 08:01:00 2026 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZyrr6j0Nz6hKSM for ; Wed, 10 Jun 2026 08:01:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZyrr5vl2z3TJb for ; Wed, 10 Jun 2026 08:01:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781078460; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wAwUdMKmj6lEqXGrGpP1kQep2kcdADepRAubdtuugVs=; b=j9WJ1YL33HX2i0NyvbG4nQiwgCB6zJixovLnRyhG6uJDNmuQNvX77RKnAoQkRNtYywR2gr cJYO0+CBoRowiJ2uXCKXZjC0/XTQMIyarKuFlv+oilpmA1PJWi6QhW6G61S6XX0M+zdpSa 5WY8i0vWdOWqEzBJMLVrPl86StSUQM5ZGRgmva4vbFBoMzXuXLFqXIjW/ZlXdeH/1NEHfn qkqxZmzRwcq8MhoBXIiqeAjU3SNfggtbY7L6NHjn4Veavk5K8dzfB+XX4WuMGq791a+a9f 2n/XdGR5D7j4kBRQ1bAXLsk2/awRRUe+YimXC50UGTdvO4HW1u+SajBwsfqOsA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781078460; a=rsa-sha256; cv=none; b=gB2rukPBoRJ2EKOawPJxi0R3fCD6Y62i4Xi61a48Vb7GLjNe1BhVTBMv6NmWKqJfz/qrSv MwUoQmRWMeAfWp38wLm++jVrZRPCAaIYlc44ZmRKea9X+iNc/PSl+ZdeS6hCQwqPChgIgu vUlF8lYzsPMU5RVtE4LaaD+A2WiHSYtHMgNZrLzycfrpl5sjUA0MsolZXg9YBBp144+XY3 jUDho7mdg1MpV+hvmDjhgEuvxm+IphU3pG71vxj6cKYde2QXsfNSKLI25pn8efUpmh7IZw hHu4kEuAsMySfHsseFHF+5mKMobWoPI3kcDZSwjfzBH2+QbcROhJhAB8w09NZA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781078460; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wAwUdMKmj6lEqXGrGpP1kQep2kcdADepRAubdtuugVs=; b=bR/9mYI5U8YJaVX2Yg/didOr+YB98JDilkPdLfGtQg4h4NqVVRXcsEk8rOAkzqMIrm9lIr FZYFMLTXIpvVcQklYHP1jXkSKOHzFTS2X0YotOduWxSG+EH+zudGYZLh/iqZiIQOz1Mjch mq+4DyQ5jf+CkM+eKBww5a4GHjpTknTYJkkMMoMZQv+oHV9/L/+YtTR8/GHPomeaSNOQnr gPiJYV/AlAuao5kl+Zh+4v6l7DLC+ghCU2AuX96tJKHYVGlIxKVIEyZizAnUeJQC7DWImt 6BzkDJNEaNWvh6rNmDiaoxucrEGa7FDGyhtEUH/LAxSmNc64cB38nD8y/28Rmw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gZyrr5V0wz1B0w for ; Wed, 10 Jun 2026 08:01:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 47d9b by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 10 Jun 2026 08:01:00 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Robert Nagy Subject: git: f9c126158783 - main - security/vuxml: add www/*chromium < 149.0.7827.102 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rnagy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f9c126158783c753bcbd21c0d96334e784e4c8c0 Auto-Submitted: auto-generated Date: Wed, 10 Jun 2026 08:01:00 +0000 Message-Id: <6a2919bc.47d9b.5a142248@gitrepo.freebsd.org> The branch main has been updated by rnagy: URL: https://cgit.FreeBSD.org/ports/commit/?id=f9c126158783c753bcbd21c0d96334e784e4c8c0 commit f9c126158783c753bcbd21c0d96334e784e4c8c0 Author: Robert Nagy AuthorDate: 2026-06-10 08:00:34 +0000 Commit: Robert Nagy CommitDate: 2026-06-10 08:00:34 +0000 security/vuxml: add www/*chromium < 149.0.7827.102 Obtained from: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html --- security/vuxml/vuln/2026.xml | 179 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 153c1343a729..601c0ad58ec3 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,182 @@ + + chromium -- security fixes + + + chromium + 149.0.7827.102 + + + ungoogled-chromium + 149.0.7827.102 + + + + +

Chrome Releases reports:

+
+

This update includes 74 security fixes:

+
    +
  • [516501794] Critical CVE-2026-11628: Use after free in Ozone.
    • +
  • [516674532] Critical CVE-2026-11629: Use after free in Ozone.
    • +
  • [516677924] Critical CVE-2026-11630: Use after free in File Input.
    • +
  • [516691130] Critical CVE-2026-11631: Use after free in Aura.
    • +
  • [516707881] Critical CVE-2026-11632: Use after free in TabStrip.
    • +
  • [516963272] Critical CVE-2026-11633: Use after free in Bluetooth.
    • +
  • [516975148] Critical CVE-2026-11634: Use after free in Gamepad.
    • +
  • [516987814] Critical CVE-2026-11635: Use after free in Bluetooth.
    • +
  • [517023053] Critical CVE-2026-11636: Use after free in Autofill.
    • +
  • [517040438] Critical CVE-2026-11637: Use after free in Views.
    • +
  • [517047197] Critical CVE-2026-11638: Use after free in Printing.
    • +
  • [517227707] Critical CVE-2026-11639: Use after free in Compositing.
    • +
  • [517339758] Critical CVE-2026-11640: Integer overflow in libyuv.
    • +
  • [517418936] Critical CVE-2026-11641: Use after free in Bluetooth.
    • +
  • [517678820] Critical CVE-2026-11642: Use after free in Web Apps.
    • +
  • [518006379] Critical CVE-2026-11643: Use after free in Proxy.
    • +
  • [518043597] Critical CVE-2026-11644: Use after free in Views.
    • +
  • [506689381] High CVE-2026-11645: Out of bounds memory access in V8.
    • +
  • [517168239] High CVE-2026-11646: Use after free in ViewTransitions.
    • +
  • [502156940] High CVE-2026-11647: Use after free in Printing.
    • +
  • [506684534] High CVE-2026-11648: Use after free in FullScreen.
    • +
  • [511270083] High CVE-2026-11649: Use after free in V8.
    • +
  • [511279942] High CVE-2026-11650: Use after free in V8.
    • +
  • [511736002] High CVE-2026-11651: Use after free in Network.
    • +
  • [513156160] High CVE-2026-11652: Use after free in Extensions.
    • +
  • [513321171] High CVE-2026-11653: Insufficient validation of untrusted input in Extensions.
    • +
  • [513362710] High CVE-2026-11654: Use after free in CameraCapture.
    • +
  • [513396305] High CVE-2026-11655: Integer overflow in Media.
    • +
  • [513424000] High CVE-2026-11656: Use after free in ServiceWorker.
    • +
  • [513465272] High CVE-2026-11657: Use after free in Payments.
    • +
  • [513564337] High CVE-2026-11658: Insufficient validation of untrusted input in Extensions.
    • +
  • [513702971] High CVE-2026-11659: Insufficient validation of untrusted input in UI.
    • +
  • [513731890] High CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page.
    • +
  • [513748868] High CVE-2026-11661: Use after free in Views.
    • +
  • [513773313] High CVE-2026-11662: Type Confusion in Bindings.
    • +
  • [513820666] High CVE-2026-11663: Use after free in Skia.
    • +
  • [513830374] High CVE-2026-11664: Use after free in Payments.
    • +
  • [513948465] High CVE-2026-11665: Out of bounds read in Dawn.
    • +
  • [514009323] High CVE-2026-11666: Insufficient validation of untrusted input in Input.
    • +
  • [514671098] High CVE-2026-11667: Out of bounds read in WebRTC.
    • +
  • [515419790] High CVE-2026-11668: Uninitialized Use in Codecs.
    • +
  • [515429352] High CVE-2026-11669: Integer overflow in Media.
    • +
  • [515469283] High CVE-2026-11670: Use after free in PDF.
    • +
  • [516608438] High CVE-2026-11671: Use after free in Navigation.
    • +
  • [516794471] High CVE-2026-11672: Out of bounds write in GPU.
    • +
  • [516902973] High CVE-2026-11673: Use after free in InterestGroups.
    • +
  • [516910450] High CVE-2026-11674: Use after free in Guest View.
    • +
  • [516915337] High CVE-2026-11675: Insufficient validation of untrusted input in Skia.
    • +
  • [516949298] High CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
    • +
  • [516979551] High CVE-2026-11677: Race in Network.
    • +
  • [516986556] High CVE-2026-11678: Integer overflow in libyuv.
    • +
  • [516997135] High CVE-2026-11679: Use after free in Codecs.
    • +
  • [517004487] High CVE-2026-11680: Use after free in Media.
    • +
  • [517050585] High CVE-2026-11681: Use after free in Ozone.
    • +
  • [517103584] High CVE-2026-11682: Insufficient validation of untrusted input in Views.
    • +
  • [517129549] High CVE-2026-11683: Use after free in WebCodecs.
    • +
  • [517130229] High CVE-2026-11684: Insufficient policy enforcement in Network.
    • +
  • [517183713] High CVE-2026-11685: Insufficient data validation in MediaCapture.
    • +
  • [517247333] High CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
    • +
  • [517303276] High CVE-2026-11687: Use after free in Dawn.
    • +
  • [517309206] High CVE-2026-11688: Object lifecycle issue in SVG.
    • +
  • [517486004] High CVE-2026-11689: Insufficient validation of untrusted input in Passwords.
    • +
  • [517533654] High CVE-2026-11690: Out of bounds read and write in Media.
    • +
  • [517585486] High CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page.
    • +
  • [517607902] High CVE-2026-11692: Use after free in Read Anything.
    • +
  • [517644287] High CVE-2026-11693: Inappropriate implementation in Plugins.
    • +
  • [517705966] High CVE-2026-11694: Use after free in ServiceWorker.
    • +
  • [517762104] High CVE-2026-11695: Inappropriate implementation in Passwords.
    • +
  • [517993381] High CVE-2026-11696: Uninitialized Use in Video.
    • +
  • [518105731] High CVE-2026-11697: Insufficient validation of untrusted input in UI.
    • +
  • [518235412] High CVE-2026-11698: Use after free in Bluetooth.
    • +
  • [518237527] High CVE-2026-11699: Use after free in Bluetooth.
    • +
  • [511732085] Medium CVE-2026-11700: Use after free in Tracing.
    • +
  • [516413817] Medium CVE-2026-11701: Insufficient validation of untrusted input in Guest View.
    • +
+
+ + + + CVE-2026-11628 + CVE-2026-11629 + CVE-2026-11630 + CVE-2026-11631 + CVE-2026-11632 + CVE-2026-11633 + CVE-2026-11634 + CVE-2026-11635 + CVE-2026-11636 + CVE-2026-11637 + CVE-2026-11638 + CVE-2026-11639 + CVE-2026-11640 + CVE-2026-11641 + CVE-2026-11642 + CVE-2026-11643 + CVE-2026-11644 + CVE-2026-11645 + CVE-2026-11646 + CVE-2026-11647 + CVE-2026-11648 + CVE-2026-11649 + CVE-2026-11650 + CVE-2026-11651 + CVE-2026-11652 + CVE-2026-11653 + CVE-2026-11654 + CVE-2026-11655 + CVE-2026-11656 + CVE-2026-11657 + CVE-2026-11658 + CVE-2026-11659 + CVE-2026-11660 + CVE-2026-11661 + CVE-2026-11662 + CVE-2026-11663 + CVE-2026-11664 + CVE-2026-11665 + CVE-2026-11666 + CVE-2026-11667 + CVE-2026-11668 + CVE-2026-11669 + CVE-2026-11670 + CVE-2026-11671 + CVE-2026-11672 + CVE-2026-11673 + CVE-2026-11674 + CVE-2026-11675 + CVE-2026-11676 + CVE-2026-11677 + CVE-2026-11678 + CVE-2026-11679 + CVE-2026-11680 + CVE-2026-11681 + CVE-2026-11682 + CVE-2026-11683 + CVE-2026-11684 + CVE-2026-11685 + CVE-2026-11686 + CVE-2026-11687 + CVE-2026-11688 + CVE-2026-11689 + CVE-2026-11690 + CVE-2026-11691 + CVE-2026-11692 + CVE-2026-11693 + CVE-2026-11694 + CVE-2026-11695 + CVE-2026-11696 + CVE-2026-11697 + CVE-2026-11698 + CVE-2026-11699 + CVE-2026-11700 + CVE-2026-11701 + https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html + + + 2026-06-08 + 2026-06-10 + + + FreeBSD -- Insufficient response validation in the ldns stub resolver