Site Navigation

Date:      Tue, 24 Mar 2026 07:33:04 +0000
From:      Robert Nagy <rnagy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 5904291f9c7c - main - security/vuxml: add www/*chromium < 146.0.7680.164
Message-ID:  <69c23e30.46e3b.4f2aa952@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by rnagy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5904291f9c7cdcddddc61a1f140ac231bd75912e

commit 5904291f9c7cdcddddc61a1f140ac231bd75912e
Author:     Robert Nagy <rnagy@FreeBSD.org>
AuthorDate: 2026-03-24 07:32:18 +0000
Commit:     Robert Nagy <rnagy@FreeBSD.org>
CommitDate: 2026-03-24 07:33:01 +0000

    security/vuxml: add www/*chromium < 146.0.7680.164
    
    Obtained from:  https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html
    Obtained from:  https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html
---
 security/vuxml/vuln/2026.xml | 130 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 130 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index c20eb2266bcc..387e87110fe1 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,133 @@
+  <vuln vid="07d6b170-fed8-4ee2-ba96-b6d61b6d6a26">
+    <topic>chromium -- security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>146.0.7680.164</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>146.0.7680.164</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html">;
+	 <p>This update includes 8 security fixes:</p>
+	 <ul>
+	    <li>[485397284] High CVE-2026-4673: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18</li>
+	    <li>[488188166] High CVE-2026-4674: Out of bounds read in CSS. Reported by Syn4pse on 2026-02-27</li>
+	    <li>[488270257] High CVE-2026-4675: Heap buffer overflow in WebGL. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-02-27</li>
+	    <li>[488613135] High CVE-2026-4676: Use after free in Dawn. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-01</li>
+	    <li>[490533968] High CVE-2026-4677: Out of bounds read in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-07</li>
+	    <li>[491164019] High CVE-2026-4678: Use after free in WebGPU. Reported by Google on 2026-03-10</li>
+	    <li>[491516670] High CVE-2026-4679: Integer overflow in Fonts. Reported by GF, Un3xploitable Of DeadSec on 2026-03-11</li>
+	    <li>[491869946] High CVE-2026-4680: Use after free in FedCM. Reported by Shaheen Fazim on 2026-03-12</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2026-4673</cvename>
+      <cvename>CVE-2026-4674</cvename>
+      <cvename>CVE-2026-4675</cvename>
+      <cvename>CVE-2026-4676</cvename>
+      <cvename>CVE-2026-4677</cvename>
+      <cvename>CVE-2026-4678</cvename>
+      <cvename>CVE-2026-4679</cvename>
+      <cvename>CVE-2026-4680</cvename>
+      <url>https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html</url>;
+    </references>
+    <dates>
+      <discovery>2026-03-23</discovery>
+      <entry>2026-03-24</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="3c370171-b6b6-463a-8746-ee49bea08c87">
+    <topic>chromium -- security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>146.0.7680.153</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>146.0.7680.153</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html">;
+	 <p>This update includes 26 security fixes:</p>
+	 <ul>
+	    <li>[475877320] Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15</li>
+	    <li>[485935305] Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20</li>
+	    <li>[489381399] Critical CVE-2026-4441: Use after free in Base. Reported by Google on 2026-03-03</li>
+	    <li>[484751092] High CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse on 2026-02-16</li>
+	    <li>[485292589] High CVE-2026-4443: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18</li>
+	    <li>[486349161] High CVE-2026-4444: Stack buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-21</li>
+	    <li>[486421953] High CVE-2026-4445: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22</li>
+	    <li>[486421954] High CVE-2026-4446: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22</li>
+	    <li>[486657483] High CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge on 2026-02-23</li>
+	    <li>[486972661] High CVE-2026-4448: Heap buffer overflow in ANGLE. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-02-23</li>
+	    <li>[487117772] High CVE-2026-4449: Use after free in Blink. Reported by Syn4pse on 2026-02-24</li>
+	    <li>[487746373] High CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c on 2026-02-26</li>
+	    <li>[487768779] High CVE-2026-4451: Insufficient validation of untrusted input in Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-26</li>
+	    <li>[487977696] High CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-26</li>
+	    <li>[488400770] High CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip on 2026-02-27</li>
+	    <li>[488585488] High CVE-2026-4454: Use after free in Network. Reported by heapracer (@heapracer) on 2026-03-01</li>
+	    <li>[488585504] High CVE-2026-4455: Heap buffer overflow in PDFium. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-01</li>
+	    <li>[488617440] High CVE-2026-4456: Use after free in Digital Credentials API. Reported by sean wong on 2026-02-28</li>
+	    <li>[488803413] High CVE-2026-4457: Type Confusion in V8. Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-03-01</li>
+	    <li>[489619753] High CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim on 2026-03-04</li>
+	    <li>[490246422] High CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-06</li>
+	    <li>[490254124] High CVE-2026-4460: Out of bounds read in Skia. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-06</li>
+	    <li>[490558172] High CVE-2026-4461: Inappropriate implementation in V8. Reported by Google on 2026-03-07</li>
+	    <li>[491080830] High CVE-2026-4462: Out of bounds read in Blink. Reported by heapracer (@heapracer) on 2026-03-09</li>
+	    <li>[491358681] High CVE-2026-4463: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-10</li>
+	    <li>[487208468] Medium CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun on 2026-02-24</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2026-4439</cvename>
+      <cvename>CVE-2026-4440</cvename>
+      <cvename>CVE-2026-4441</cvename>
+      <cvename>CVE-2026-4442</cvename>
+      <cvename>CVE-2026-4443</cvename>
+      <cvename>CVE-2026-4444</cvename>
+      <cvename>CVE-2026-4445</cvename>
+      <cvename>CVE-2026-4446</cvename>
+      <cvename>CVE-2026-4447</cvename>
+      <cvename>CVE-2026-4448</cvename>
+      <cvename>CVE-2026-4449</cvename>
+      <cvename>CVE-2026-4450</cvename>
+      <cvename>CVE-2026-4451</cvename>
+      <cvename>CVE-2026-4452</cvename>
+      <cvename>CVE-2026-4453</cvename>
+      <cvename>CVE-2026-4454</cvename>
+      <cvename>CVE-2026-4455</cvename>
+      <cvename>CVE-2026-4456</cvename>
+      <cvename>CVE-2026-4457</cvename>
+      <cvename>CVE-2026-4458</cvename>
+      <cvename>CVE-2026-4459</cvename>
+      <cvename>CVE-2026-4460</cvename>
+      <cvename>CVE-2026-4461</cvename>
+      <cvename>CVE-2026-4462</cvename>
+      <cvename>CVE-2026-4463</cvename>
+      <cvename>CVE-2026-4464</cvename>
+      <url>https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html</url>;
+    </references>
+    <dates>
+      <discovery>2026-03-18</discovery>
+      <entry>2026-03-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="832a823b-25b5-11f1-b6f8-5404a68ad561">
     <topic>traefik -- Multiple vulnerabilities</topic>
     <affects>

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69c23e30.46e3b.4f2aa952>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact