From nobody Fri Apr 10 07:02:06 2026
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fsSR7385Vz6Y9b9
	for <dev-commits-ports-main@mlmmj.nyi.freebsd.org>; Fri, 10 Apr 2026 07:02:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4fsSR72VBtz3WSC
	for <dev-commits-ports-main@FreeBSD.org>; Fri, 10 Apr 2026 07:02:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1775804531;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VUktvEM+l1Fna4Syemrup6AoaiY6q6k9aPi9qphhYko=;
	b=CCAzDzLpmZgosjokP9dyr5EvcjW4SX0dxyhT5dSaWMtuanPkGgFUeIh3is7Y7zOKsizZOl
	aW9DFotgj1uDUHKXCs/HTnQBDoKVHBvphEKGHLuji919et/gT8685GFb2z1CopUwZe4T7E
	0Kdq+gQUZnOivldIsRGpoAczPmLoN93zLcpAGDl6NWF2xGXmjhEAQ9wTdw8HrSwES2fiLZ
	EyB683QwJrofJeegciOZLc1LflFod4hw4x0VvThQb74h6dQgXwsORTLNK2SZXRX+iVe86p
	iW6QxhK60LX5a3pNUk8MjAWDrf4xt7r5Qzx74jxC8P+rA5lt57CLdKfZhqu8bA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775804531; a=rsa-sha256; cv=none;
	b=t8celQqXnSglzf18TB5e0io+oBOPqYONbguqSdtM8w7Drv2+OACDXFSssP9OoCbXpgRw9N
	OatujEHotiMp4/cnZ/jCMpMHCJ3R7sQSGk8nPAjIOpYUhpLlcaf4Tnydkt88kelt906c12
	9EF0eqEv0wnvtAd/wjj21Z64/aS8bek+eiPOJiHKj1wvG8/ipDBvID9HBd+hqhwuKIvAaV
	GXYUw8SCF8KZf5qc76m/lXAACQr5HitV6m8DxdMJ4hv6BBBiZWzAMxsh6dXD0+8G1aJ1LJ
	qR+CaGr72ZbImMSM84RcYAa744isQeHnaVF1wnOgeuAoRkgMgqhblIYBO5zQhw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1775804531;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VUktvEM+l1Fna4Syemrup6AoaiY6q6k9aPi9qphhYko=;
	b=pnups5M7hbHVra1bB+Y5xBBHe68Ty5TkJkp0sLhkLzmH+9bkUdYQMQb4OF45F0386HoOXC
	C9EXXOSPliv32BESrtaC85Wbza9ECRyxjDHNV7oQSWlmkDrs7s/irSX+LhudEbSaM4rerd
	CrSgSNPWpNcx0c0gv93HkaJ4SkoNjBnLK3pPcIHDEZ5tGJUw2Krd0LPt0zP/e0QBw6UEIs
	wdyPm1wqj4vR3YlDZ7ZP03LWhVS8KqYqbr7CKzeQoIzCcyAdk+xvtQxYDH/POh2e3om/ZA
	A1va59zvKk6WdI9LjW4YsKZz492+qqMsuAHiLFJblzZMsw/kSeSAhf9Arkim3A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fsSR723CfzZTY
	for <dev-commits-ports-main@FreeBSD.org>; Fri, 10 Apr 2026 07:02:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 39102
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Fri, 10 Apr 2026 07:02:06 +0000
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
From: Robert Nagy <rnagy@FreeBSD.org>
Subject: git: b37836a814e0 - main - security/vuxml: add www/*chromium < 147.0.7727.55
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rnagy
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: b37836a814e0de25a297e6b0618f1e68b308e1e0
Auto-Submitted: auto-generated
Date: Fri, 10 Apr 2026 07:02:06 +0000
Message-Id: <69d8a06e.39102.77ffa0a1@gitrepo.freebsd.org>

The branch main has been updated by rnagy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b37836a814e0de25a297e6b0618f1e68b308e1e0

commit b37836a814e0de25a297e6b0618f1e68b308e1e0
Author:     Robert Nagy <rnagy@FreeBSD.org>
AuthorDate: 2026-04-10 07:01:33 +0000
Commit:     Robert Nagy <rnagy@FreeBSD.org>
CommitDate: 2026-04-10 07:01:33 +0000

    security/vuxml: add www/*chromium < 147.0.7727.55
    
    Obtained from:  https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html
---
 security/vuxml/vuln/2026.xml | 151 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 151 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index aeaeeb40c5e8..85c1c149bcc4 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,154 @@
+  <vuln vid="4b727a1a-5034-42b4-b29b-2289389f4ba8">
+    <topic>chromium -- security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>147.0.7727.55</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>147.0.7727.55</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html">
+	 <p>This update includes multiple security fixes:</p>
+	 <ul>
+	    <li>Critical CVE-2026-5858: Heap buffer overflow in WebML.</li>
+	    <li>Critical CVE-2026-5859: Integer overflow in WebML.</li>
+	    <li>High CVE-2026-5860: Use after free in WebRTC.</li>
+	    <li>High CVE-2026-5861: Use after free in V8.</li>
+	    <li>High CVE-2026-5862: Inappropriate implementation in V8.</li>
+	    <li>High CVE-2026-5863: Inappropriate implementation in V8.</li>
+	    <li>High CVE-2026-5864: Heap buffer overflow in WebAudio.</li>
+	    <li>High CVE-2026-5865: Type Confusion in V8.</li>
+	    <li>High CVE-2026-5866: Use after free in Media.</li>
+	    <li>High CVE-2026-5867: Heap buffer overflow in WebML.</li>
+	    <li>High CVE-2026-5868: Heap buffer overflow in ANGLE.</li>
+	    <li>High CVE-2026-5869: Heap buffer overflow in WebML.</li>
+	    <li>High CVE-2026-5870: Integer overflow in Skia.</li>
+	    <li>High CVE-2026-5871: Type Confusion in V8.</li>
+	    <li>High CVE-2026-5872: Use after free in Blink.</li>
+	    <li>High CVE-2026-5873: Out of bounds read and write in V8.</li>
+	    <li>Medium CVE-2026-5874: Use after free in PrivateAI.</li>
+	    <li>Medium CVE-2026-5875: Policy bypass in Blink.</li>
+	    <li>Medium CVE-2026-5876: Side-channel information leakage in Navigation.</li>
+	    <li>Medium CVE-2026-5877: Use after free in Navigation.</li>
+	    <li>Medium CVE-2026-5878: Incorrect security UI in Blink.</li>
+	    <li>Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.</li>
+	    <li>Medium CVE-2026-5880: Incorrect security UI in browser UI.</li>
+	    <li>Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess.</li>
+	    <li>Medium CVE-2026-5882: Incorrect security UI in Fullscreen.</li>
+	    <li>Medium CVE-2026-5883: Use after free in Media.</li>
+	    <li>Medium CVE-2026-5884: Insufficient validation of untrusted input in Media.</li>
+	    <li>Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML.</li>
+	    <li>Medium CVE-2026-5886: Out of bounds read in WebAudio.</li>
+	    <li>Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads.</li>
+	    <li>Medium CVE-2026-5888: Uninitialized Use in WebCodecs.</li>
+	    <li>Medium CVE-2026-5889: Cryptographic Flaw in PDFium.</li>
+	    <li>Medium CVE-2026-5890: Race in WebCodecs.</li>
+	    <li>Medium CVE-2026-5891: Insufficient policy enforcement in browser UI.</li>
+	    <li>Medium CVE-2026-5892: Insufficient policy enforcement in PWAs.</li>
+	    <li>Medium CVE-2026-5893: Race in V8.</li>
+	    <li>Low CVE-2026-5894: Inappropriate implementation in PDF.</li>
+	    <li>Low CVE-2026-5895: Incorrect security UI in Omnibox.</li>
+	    <li>Low CVE-2026-5896: Policy bypass in Audio.</li>
+	    <li>Low CVE-2026-5897: Incorrect security UI in Downloads.</li>
+	    <li>Low CVE-2026-5898: Incorrect security UI in Omnibox.</li>
+	    <li>Low CVE-2026-5899: Incorrect security UI in History Navigation.</li>
+	    <li>Low CVE-2026-5900: Policy bypass in Downloads.</li>
+	    <li>Low CVE-2026-5901: Policy bypass in DevTools.</li>
+	    <li>Low CVE-2026-5902: Race in Media.</li>
+	    <li>Low CVE-2026-5903: Policy bypass in IFrameSandbox.</li>
+	    <li>Low CVE-2026-5904: Use after free in V8.</li>
+	    <li>Low CVE-2026-5905: Incorrect security UI in Permissions.</li>
+	    <li>Low CVE-2026-5906: Incorrect security UI in Omnibox.</li>
+	    <li>Low CVE-2026-5907: Insufficient data validation in Media.</li>
+	    <li>Low CVE-2026-5908: Integer overflow in Media.</li>
+	    <li>Low CVE-2026-5909: Integer overflow in Media.</li>
+	    <li>Low CVE-2026-5910: Integer overflow in Media.</li>
+	    <li>Low CVE-2026-5911: Policy bypass in ServiceWorkers.</li>
+	    <li>Low CVE-2026-5912: Integer overflow in WebRTC.</li>
+	    <li>Low CVE-2026-5913: Out of bounds read in Blink.</li>
+	    <li>Low CVE-2026-5914: Type Confusion in CSS.</li>
+	    <li>Low CVE-2026-5915: Insufficient validation of untrusted input in WebML.</li>
+	    <li>Low CVE-2026-5918: Inappropriate implementation in Navigation.</li>
+	    <li>Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2026-5858</cvename>
+      <cvename>CVE-2026-5859</cvename>
+      <cvename>CVE-2026-5860</cvename>
+      <cvename>CVE-2026-5861</cvename>
+      <cvename>CVE-2026-5862</cvename>
+      <cvename>CVE-2026-5863</cvename>
+      <cvename>CVE-2026-5864</cvename>
+      <cvename>CVE-2026-5865</cvename>
+      <cvename>CVE-2026-5866</cvename>
+      <cvename>CVE-2026-5867</cvename>
+      <cvename>CVE-2026-5868</cvename>
+      <cvename>CVE-2026-5869</cvename>
+      <cvename>CVE-2026-5870</cvename>
+      <cvename>CVE-2026-5871</cvename>
+      <cvename>CVE-2026-5872</cvename>
+      <cvename>CVE-2026-5873</cvename>
+      <cvename>CVE-2026-5874</cvename>
+      <cvename>CVE-2026-5875</cvename>
+      <cvename>CVE-2026-5876</cvename>
+      <cvename>CVE-2026-5877</cvename>
+      <cvename>CVE-2026-5878</cvename>
+      <cvename>CVE-2026-5879</cvename>
+      <cvename>CVE-2026-5880</cvename>
+      <cvename>CVE-2026-5881</cvename>
+      <cvename>CVE-2026-5882</cvename>
+      <cvename>CVE-2026-5883</cvename>
+      <cvename>CVE-2026-5884</cvename>
+      <cvename>CVE-2026-5885</cvename>
+      <cvename>CVE-2026-5886</cvename>
+      <cvename>CVE-2026-5887</cvename>
+      <cvename>CVE-2026-5888</cvename>
+      <cvename>CVE-2026-5889</cvename>
+      <cvename>CVE-2026-5890</cvename>
+      <cvename>CVE-2026-5891</cvename>
+      <cvename>CVE-2026-5892</cvename>
+      <cvename>CVE-2026-5893</cvename>
+      <cvename>CVE-2026-5894</cvename>
+      <cvename>CVE-2026-5895</cvename>
+      <cvename>CVE-2026-5896</cvename>
+      <cvename>CVE-2026-5897</cvename>
+      <cvename>CVE-2026-5898</cvename>
+      <cvename>CVE-2026-5899</cvename>
+      <cvename>CVE-2026-5900</cvename>
+      <cvename>CVE-2026-5901</cvename>
+      <cvename>CVE-2026-5902</cvename>
+      <cvename>CVE-2026-5903</cvename>
+      <cvename>CVE-2026-5904</cvename>
+      <cvename>CVE-2026-5905</cvename>
+      <cvename>CVE-2026-5906</cvename>
+      <cvename>CVE-2026-5907</cvename>
+      <cvename>CVE-2026-5908</cvename>
+      <cvename>CVE-2026-5909</cvename>
+      <cvename>CVE-2026-5910</cvename>
+      <cvename>CVE-2026-5911</cvename>
+      <cvename>CVE-2026-5912</cvename>
+      <cvename>CVE-2026-5913</cvename>
+      <cvename>CVE-2026-5914</cvename>
+      <cvename>CVE-2026-5915</cvename>
+      <cvename>CVE-2026-5918</cvename>
+      <cvename>CVE-2026-5919</cvename>
+      <url>https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html</url>
+    </references>
+    <dates>
+      <discovery>2026-04-07</discovery>
+      <entry>2026-04-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="359d8e42-33fb-11f1-8ac1-b42e991fc52e">
     <topic>Mozilla -- Memory safety bugs</topic>
     <affects>