Site Navigation

Date:      Fri, 10 Apr 2026 07:02:06 +0000
From:      Robert Nagy <rnagy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: b37836a814e0 - main - security/vuxml: add www/*chromium < 147.0.7727.55
Message-ID:  <69d8a06e.39102.77ffa0a1@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by rnagy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b37836a814e0de25a297e6b0618f1e68b308e1e0

commit b37836a814e0de25a297e6b0618f1e68b308e1e0
Author:     Robert Nagy <rnagy@FreeBSD.org>
AuthorDate: 2026-04-10 07:01:33 +0000
Commit:     Robert Nagy <rnagy@FreeBSD.org>
CommitDate: 2026-04-10 07:01:33 +0000

    security/vuxml: add www/*chromium < 147.0.7727.55
    
    Obtained from:  https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html
---
 security/vuxml/vuln/2026.xml | 151 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 151 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index aeaeeb40c5e8..85c1c149bcc4 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,154 @@
+  <vuln vid="4b727a1a-5034-42b4-b29b-2289389f4ba8">
+    <topic>chromium -- security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>147.0.7727.55</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>147.0.7727.55</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html">;
+	 <p>This update includes multiple security fixes:</p>
+	 <ul>
+	    <li>Critical CVE-2026-5858: Heap buffer overflow in WebML.</li>
+	    <li>Critical CVE-2026-5859: Integer overflow in WebML.</li>
+	    <li>High CVE-2026-5860: Use after free in WebRTC.</li>
+	    <li>High CVE-2026-5861: Use after free in V8.</li>
+	    <li>High CVE-2026-5862: Inappropriate implementation in V8.</li>
+	    <li>High CVE-2026-5863: Inappropriate implementation in V8.</li>
+	    <li>High CVE-2026-5864: Heap buffer overflow in WebAudio.</li>
+	    <li>High CVE-2026-5865: Type Confusion in V8.</li>
+	    <li>High CVE-2026-5866: Use after free in Media.</li>
+	    <li>High CVE-2026-5867: Heap buffer overflow in WebML.</li>
+	    <li>High CVE-2026-5868: Heap buffer overflow in ANGLE.</li>
+	    <li>High CVE-2026-5869: Heap buffer overflow in WebML.</li>
+	    <li>High CVE-2026-5870: Integer overflow in Skia.</li>
+	    <li>High CVE-2026-5871: Type Confusion in V8.</li>
+	    <li>High CVE-2026-5872: Use after free in Blink.</li>
+	    <li>High CVE-2026-5873: Out of bounds read and write in V8.</li>
+	    <li>Medium CVE-2026-5874: Use after free in PrivateAI.</li>
+	    <li>Medium CVE-2026-5875: Policy bypass in Blink.</li>
+	    <li>Medium CVE-2026-5876: Side-channel information leakage in Navigation.</li>
+	    <li>Medium CVE-2026-5877: Use after free in Navigation.</li>
+	    <li>Medium CVE-2026-5878: Incorrect security UI in Blink.</li>
+	    <li>Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.</li>
+	    <li>Medium CVE-2026-5880: Incorrect security UI in browser UI.</li>
+	    <li>Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess.</li>
+	    <li>Medium CVE-2026-5882: Incorrect security UI in Fullscreen.</li>
+	    <li>Medium CVE-2026-5883: Use after free in Media.</li>
+	    <li>Medium CVE-2026-5884: Insufficient validation of untrusted input in Media.</li>
+	    <li>Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML.</li>
+	    <li>Medium CVE-2026-5886: Out of bounds read in WebAudio.</li>
+	    <li>Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads.</li>
+	    <li>Medium CVE-2026-5888: Uninitialized Use in WebCodecs.</li>
+	    <li>Medium CVE-2026-5889: Cryptographic Flaw in PDFium.</li>
+	    <li>Medium CVE-2026-5890: Race in WebCodecs.</li>
+	    <li>Medium CVE-2026-5891: Insufficient policy enforcement in browser UI.</li>
+	    <li>Medium CVE-2026-5892: Insufficient policy enforcement in PWAs.</li>
+	    <li>Medium CVE-2026-5893: Race in V8.</li>
+	    <li>Low CVE-2026-5894: Inappropriate implementation in PDF.</li>
+	    <li>Low CVE-2026-5895: Incorrect security UI in Omnibox.</li>
+	    <li>Low CVE-2026-5896: Policy bypass in Audio.</li>
+	    <li>Low CVE-2026-5897: Incorrect security UI in Downloads.</li>
+	    <li>Low CVE-2026-5898: Incorrect security UI in Omnibox.</li>
+	    <li>Low CVE-2026-5899: Incorrect security UI in History Navigation.</li>
+	    <li>Low CVE-2026-5900: Policy bypass in Downloads.</li>
+	    <li>Low CVE-2026-5901: Policy bypass in DevTools.</li>
+	    <li>Low CVE-2026-5902: Race in Media.</li>
+	    <li>Low CVE-2026-5903: Policy bypass in IFrameSandbox.</li>
+	    <li>Low CVE-2026-5904: Use after free in V8.</li>
+	    <li>Low CVE-2026-5905: Incorrect security UI in Permissions.</li>
+	    <li>Low CVE-2026-5906: Incorrect security UI in Omnibox.</li>
+	    <li>Low CVE-2026-5907: Insufficient data validation in Media.</li>
+	    <li>Low CVE-2026-5908: Integer overflow in Media.</li>
+	    <li>Low CVE-2026-5909: Integer overflow in Media.</li>
+	    <li>Low CVE-2026-5910: Integer overflow in Media.</li>
+	    <li>Low CVE-2026-5911: Policy bypass in ServiceWorkers.</li>
+	    <li>Low CVE-2026-5912: Integer overflow in WebRTC.</li>
+	    <li>Low CVE-2026-5913: Out of bounds read in Blink.</li>
+	    <li>Low CVE-2026-5914: Type Confusion in CSS.</li>
+	    <li>Low CVE-2026-5915: Insufficient validation of untrusted input in WebML.</li>
+	    <li>Low CVE-2026-5918: Inappropriate implementation in Navigation.</li>
+	    <li>Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2026-5858</cvename>
+      <cvename>CVE-2026-5859</cvename>
+      <cvename>CVE-2026-5860</cvename>
+      <cvename>CVE-2026-5861</cvename>
+      <cvename>CVE-2026-5862</cvename>
+      <cvename>CVE-2026-5863</cvename>
+      <cvename>CVE-2026-5864</cvename>
+      <cvename>CVE-2026-5865</cvename>
+      <cvename>CVE-2026-5866</cvename>
+      <cvename>CVE-2026-5867</cvename>
+      <cvename>CVE-2026-5868</cvename>
+      <cvename>CVE-2026-5869</cvename>
+      <cvename>CVE-2026-5870</cvename>
+      <cvename>CVE-2026-5871</cvename>
+      <cvename>CVE-2026-5872</cvename>
+      <cvename>CVE-2026-5873</cvename>
+      <cvename>CVE-2026-5874</cvename>
+      <cvename>CVE-2026-5875</cvename>
+      <cvename>CVE-2026-5876</cvename>
+      <cvename>CVE-2026-5877</cvename>
+      <cvename>CVE-2026-5878</cvename>
+      <cvename>CVE-2026-5879</cvename>
+      <cvename>CVE-2026-5880</cvename>
+      <cvename>CVE-2026-5881</cvename>
+      <cvename>CVE-2026-5882</cvename>
+      <cvename>CVE-2026-5883</cvename>
+      <cvename>CVE-2026-5884</cvename>
+      <cvename>CVE-2026-5885</cvename>
+      <cvename>CVE-2026-5886</cvename>
+      <cvename>CVE-2026-5887</cvename>
+      <cvename>CVE-2026-5888</cvename>
+      <cvename>CVE-2026-5889</cvename>
+      <cvename>CVE-2026-5890</cvename>
+      <cvename>CVE-2026-5891</cvename>
+      <cvename>CVE-2026-5892</cvename>
+      <cvename>CVE-2026-5893</cvename>
+      <cvename>CVE-2026-5894</cvename>
+      <cvename>CVE-2026-5895</cvename>
+      <cvename>CVE-2026-5896</cvename>
+      <cvename>CVE-2026-5897</cvename>
+      <cvename>CVE-2026-5898</cvename>
+      <cvename>CVE-2026-5899</cvename>
+      <cvename>CVE-2026-5900</cvename>
+      <cvename>CVE-2026-5901</cvename>
+      <cvename>CVE-2026-5902</cvename>
+      <cvename>CVE-2026-5903</cvename>
+      <cvename>CVE-2026-5904</cvename>
+      <cvename>CVE-2026-5905</cvename>
+      <cvename>CVE-2026-5906</cvename>
+      <cvename>CVE-2026-5907</cvename>
+      <cvename>CVE-2026-5908</cvename>
+      <cvename>CVE-2026-5909</cvename>
+      <cvename>CVE-2026-5910</cvename>
+      <cvename>CVE-2026-5911</cvename>
+      <cvename>CVE-2026-5912</cvename>
+      <cvename>CVE-2026-5913</cvename>
+      <cvename>CVE-2026-5914</cvename>
+      <cvename>CVE-2026-5915</cvename>
+      <cvename>CVE-2026-5918</cvename>
+      <cvename>CVE-2026-5919</cvename>
+      <url>https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html</url>;
+    </references>
+    <dates>
+      <discovery>2026-04-07</discovery>
+      <entry>2026-04-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="359d8e42-33fb-11f1-8ac1-b42e991fc52e">
     <topic>Mozilla -- Memory safety bugs</topic>
     <affects>

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69d8a06e.39102.77ffa0a1>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact