Fedora Security Advisories

• chromium-148.0.7778.215-1.fc44

Update to 148.0.7778.215

• CVE-2026-9872: Out of bounds write in GPU
• CVE-2026-9873: Use after free in Network
• CVE-2026-9874: Use after free in Dawn
• CVE-2026-9875: Out of bounds read in WebGL
• CVE-2026-9876: Use after free in WebGL
• CVE-2026-9877: Use after free in ANGLE
• CVE-2026-9878: Use after free in ANGLE
• CVE-2026-9879: Out of bounds write in ANGLE
• CVE-2026-9880: Insufficient validation of untrusted input in WebGL
• CVE-2026-9881: Use after free in Bluetooth
• CVE-2026-9882: Integer overflow in ANGLE
• CVE-2026-9883: Use after free in Base
• CVE-2026-9884: Use after free in Browser
• CVE-2026-9885: Insufficient validation of untrusted input in UI
• CVE-2026-9886: Use after free in Base
• CVE-2026-9887: Use after free in Proxy
• CVE-2026-9888: Use after free in WebView
• CVE-2026-9889: Out of bounds read and write in Dawn
• CVE-2026-9890: Use after free in XR
• CVE-2026-9891: Use after free in Extensions
• CVE-2026-9892: Inappropriate implementation in Skia
• CVE-2026-9893: Use after free in Skia
• CVE-2026-9894: Use after free in GPU
• CVE-2026-9895: Out of bounds read in GPU
• CVE-2026-9896: Out of bounds write in V8
• CVE-2026-9897: Use after free in DOM
• CVE-2026-9898: Insufficient validation of untrusted input in GPU
• CVE-2026-9899: Use after free in ANGLE
• CVE-2026-9900: Out of bounds write in ANGLE
• CVE-2026-9901: Use after free in ANGLE
• CVE-2026-9902: Use after free in Accessibility
• CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
• CVE-2026-9904: Use after free in ANGLE
• CVE-2026-9905: Use after free in Accessibility
• CVE-2026-9906: Out of bounds write in GPU
• CVE-2026-9907: Out of bounds read in Dawn
• CVE-2026-9908: Out of bounds read in ANGLE
• CVE-2026-9909: Integer overflow in Skia
• CVE-2026-9910: Out of bounds memory access in ANGLE
• CVE-2026-9911: Integer overflow in ANGLE
• CVE-2026-9912: Inappropriate implementation in GPU
• CVE-2026-9913: Inappropriate implementation in ANGLE
• CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9915: Heap buffer overflow in ANGLE
• CVE-2026-9916: Out of bounds write in ANGLE
• CVE-2026-9917: Uninitialized Use in WebGL
• CVE-2026-9918: Inappropriate implementation in Tint
• CVE-2026-9919: Out of bounds read in WebGL
• CVE-2026-9920: Uninitialized Use in GPU
• CVE-2026-9921: Uninitialized Use in WebGL
• CVE-2026-9922: Use after free in GPU
• CVE-2026-9923: Use after free in Skia
• CVE-2026-9924: Heap buffer overflow in ANGLE
• CVE-2026-9925: Use after free in ANGLE
• CVE-2026-9926: Heap buffer overflow in ANGLE
• CVE-2026-9927: Use after free in ANGLE
• CVE-2026-9928: Out of bounds read in ANGLE
• CVE-2026-9929: Inappropriate implementation in WebGL
• CVE-2026-9930: Out of bounds write in Dawn
• CVE-2026-9931: Use after free in GPU
• CVE-2026-9932: Use after free in ANGLE
• CVE-2026-9933: Use after free in Input
• CVE-2026-9934: Use after free in Aura
• CVE-2026-9935: Uninitialized Use in ANGLE
• CVE-2026-9936: Use after free in GFX
• CVE-2026-9937: Use after free in UI
• CVE-2026-9938: Inappropriate implementation in V8
• CVE-2026-9939: Heap buffer overflow in WebCodecs
• CVE-2026-9940: Heap buffer overflow in ANGLE
• CVE-2026-9941: Use after free in ANGLE
• CVE-2026-9942: Uninitialized Use in ANGLE
• CVE-2026-9943: Out of bounds read in WebGL
• CVE-2026-9944: Uninitialized Use in ANGLE
• CVE-2026-9945: Use after free in Media
• CVE-2026-9946: Use after free in ANGLE
• CVE-2026-9947: Use after free in XML
• CVE-2026-9948: Use after free in Views
• CVE-2026-9949: Use after free in Core
• CVE-2026-9950: Insufficient validation of untrusted input in iOS
• CVE-2026-9951: Use after free in UI
• CVE-2026-9952: Use after free in WebAudio
• CVE-2026-9953: Out of bounds read in ANGLE
• CVE-2026-9954: Use after free in TabStrip
• CVE-2026-9955: Inappropriate implementation in iOS
• CVE-2026-9956: Use after free in iOS
• CVE-2026-9957: Use after free in PDF
• CVE-2026-9958: Use after free in PDFium
• CVE-2026-9959: Race in WebRTC
• CVE-2026-9960: Integer overflow in PDFium
• CVE-2026-9961: Use after free in SurfaceCapture
• CVE-2026-9962: Use after free in WebRTC
• CVE-2026-9963: Uninitialized Use in iOS
• CVE-2026-9964: Use after free in Bluetooth
• CVE-2026-9965: Out of bounds write in ANGLE
• CVE-2026-9966: Integer overflow in XML
• CVE-2026-9967: Out of bounds write in GPU
• CVE-2026-9968: Integer overflow in V8
• CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9970: Use after free in WebGL
• CVE-2026-9971: Inappropriate implementation in iOS
• CVE-2026-9972: Uninitialized Use in Gamepad
• CVE-2026-9973: Out of bounds write in V8
• CVE-2026-9974: Out of bounds write in GPU
• CVE-2026-9975: Out of bounds read and write in ANGLE
• CVE-2026-9976: Inappropriate implementation in USB
• CVE-2026-9977: Insufficient validation of untrusted input in WebShare
• CVE-2026-9978: Use after free in Glic
• CVE-2026-9979: Insufficient validation of untrusted input in Input
• CVE-2026-9980: Insufficient validation of untrusted input in Printing
• CVE-2026-9981: Inappropriate implementation in Skia
• CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9983: Type Confusion in Skia
• CVE-2026-9984: Use after free in UI
• CVE-2026-9985: Insufficient validation of untrusted input in Media
• CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
• CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
• CVE-2026-9988: Use after free in WebRTC
• CVE-2026-9989: Inappropriate implementation in Media
• CVE-2026-9990: Use after free in WebAppInstalls
• CVE-2026-9991: Inappropriate implementation in Media
• CVE-2026-9992: Use after free in Network
• CVE-2026-9993: Use after free in Views
• CVE-2026-9994: Use after free in Core
• CVE-2026-9995: Use after free in WebXR
• CVE-2026-9996: Out of bounds read in WebRTC
• CVE-2026-9997: Use after free in Input
• CVE-2026-9998: Integer overflow in Skia
• CVE-2026-9999: Inappropriate implementation in ANGLE
• CVE-2026-10000: Use after free in Passwords
• CVE-2026-10001: Use after free in PerformanceManager
• CVE-2026-10002: Use after free in PDFium
• CVE-2026-10003: Use after free in Views
• CVE-2026-10004: Insufficient validation of untrusted input in Passwords
• CVE-2026-10005: Use after free in WebAppInstalls
• CVE-2026-10006: Race in WebAudio
• CVE-2026-10007: Use after free in SVG
• CVE-2026-10008: Uninitialized Use in GPU
• CVE-2026-10009: Integer overflow in Skia
• CVE-2026-10010: Inappropriate implementation in Input
• CVE-2026-10011: Inappropriate implementation in Skia
• CVE-2026-10012: Use after free in Skia
• CVE-2026-10013: Use after free in WebCodecs
• CVE-2026-10014: Use after free in WebMIDI
• CVE-2026-10015: Integer overflow in WTF
• CVE-2026-10016: Use after free in DOM
• CVE-2026-10017: Out of bounds read in Headless
• CVE-2026-10018: Integer overflow in ANGLE
• CVE-2026-10019: Integer overflow in ANGLE
• CVE-2026-10020: Insufficient validation of untrusted input in Skia
• CVE-2026-10021: Insufficient validation of untrusted input in USB
• CVE-2026-10022: Type Confusion in V8

• chromium-148.0.7778.215-1.el10_2

Update to 148.0.7778.215

• CVE-2026-9872: Out of bounds write in GPU
• CVE-2026-9873: Use after free in Network
• CVE-2026-9874: Use after free in Dawn
• CVE-2026-9875: Out of bounds read in WebGL
• CVE-2026-9876: Use after free in WebGL
• CVE-2026-9877: Use after free in ANGLE
• CVE-2026-9878: Use after free in ANGLE
• CVE-2026-9879: Out of bounds write in ANGLE
• CVE-2026-9880: Insufficient validation of untrusted input in WebGL
• CVE-2026-9881: Use after free in Bluetooth
• CVE-2026-9882: Integer overflow in ANGLE
• CVE-2026-9883: Use after free in Base
• CVE-2026-9884: Use after free in Browser
• CVE-2026-9885: Insufficient validation of untrusted input in UI
• CVE-2026-9886: Use after free in Base
• CVE-2026-9887: Use after free in Proxy
• CVE-2026-9888: Use after free in WebView
• CVE-2026-9889: Out of bounds read and write in Dawn
• CVE-2026-9890: Use after free in XR
• CVE-2026-9891: Use after free in Extensions
• CVE-2026-9892: Inappropriate implementation in Skia
• CVE-2026-9893: Use after free in Skia
• CVE-2026-9894: Use after free in GPU
• CVE-2026-9895: Out of bounds read in GPU
• CVE-2026-9896: Out of bounds write in V8
• CVE-2026-9897: Use after free in DOM
• CVE-2026-9898: Insufficient validation of untrusted input in GPU
• CVE-2026-9899: Use after free in ANGLE
• CVE-2026-9900: Out of bounds write in ANGLE
• CVE-2026-9901: Use after free in ANGLE
• CVE-2026-9902: Use after free in Accessibility
• CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
• CVE-2026-9904: Use after free in ANGLE
• CVE-2026-9905: Use after free in Accessibility
• CVE-2026-9906: Out of bounds write in GPU
• CVE-2026-9907: Out of bounds read in Dawn
• CVE-2026-9908: Out of bounds read in ANGLE
• CVE-2026-9909: Integer overflow in Skia
• CVE-2026-9910: Out of bounds memory access in ANGLE
• CVE-2026-9911: Integer overflow in ANGLE
• CVE-2026-9912: Inappropriate implementation in GPU
• CVE-2026-9913: Inappropriate implementation in ANGLE
• CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9915: Heap buffer overflow in ANGLE
• CVE-2026-9916: Out of bounds write in ANGLE
• CVE-2026-9917: Uninitialized Use in WebGL
• CVE-2026-9918: Inappropriate implementation in Tint
• CVE-2026-9919: Out of bounds read in WebGL
• CVE-2026-9920: Uninitialized Use in GPU
• CVE-2026-9921: Uninitialized Use in WebGL
• CVE-2026-9922: Use after free in GPU
• CVE-2026-9923: Use after free in Skia
• CVE-2026-9924: Heap buffer overflow in ANGLE
• CVE-2026-9925: Use after free in ANGLE
• CVE-2026-9926: Heap buffer overflow in ANGLE
• CVE-2026-9927: Use after free in ANGLE
• CVE-2026-9928: Out of bounds read in ANGLE
• CVE-2026-9929: Inappropriate implementation in WebGL
• CVE-2026-9930: Out of bounds write in Dawn
• CVE-2026-9931: Use after free in GPU
• CVE-2026-9932: Use after free in ANGLE
• CVE-2026-9933: Use after free in Input
• CVE-2026-9934: Use after free in Aura
• CVE-2026-9935: Uninitialized Use in ANGLE
• CVE-2026-9936: Use after free in GFX
• CVE-2026-9937: Use after free in UI
• CVE-2026-9938: Inappropriate implementation in V8
• CVE-2026-9939: Heap buffer overflow in WebCodecs
• CVE-2026-9940: Heap buffer overflow in ANGLE
• CVE-2026-9941: Use after free in ANGLE
• CVE-2026-9942: Uninitialized Use in ANGLE
• CVE-2026-9943: Out of bounds read in WebGL
• CVE-2026-9944: Uninitialized Use in ANGLE
• CVE-2026-9945: Use after free in Media
• CVE-2026-9946: Use after free in ANGLE
• CVE-2026-9947: Use after free in XML
• CVE-2026-9948: Use after free in Views
• CVE-2026-9949: Use after free in Core
• CVE-2026-9950: Insufficient validation of untrusted input in iOS
• CVE-2026-9951: Use after free in UI
• CVE-2026-9952: Use after free in WebAudio
• CVE-2026-9953: Out of bounds read in ANGLE
• CVE-2026-9954: Use after free in TabStrip
• CVE-2026-9955: Inappropriate implementation in iOS
• CVE-2026-9956: Use after free in iOS
• CVE-2026-9957: Use after free in PDF
• CVE-2026-9958: Use after free in PDFium
• CVE-2026-9959: Race in WebRTC
• CVE-2026-9960: Integer overflow in PDFium
• CVE-2026-9961: Use after free in SurfaceCapture
• CVE-2026-9962: Use after free in WebRTC
• CVE-2026-9963: Uninitialized Use in iOS
• CVE-2026-9964: Use after free in Bluetooth
• CVE-2026-9965: Out of bounds write in ANGLE
• CVE-2026-9966: Integer overflow in XML
• CVE-2026-9967: Out of bounds write in GPU
• CVE-2026-9968: Integer overflow in V8
• CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9970: Use after free in WebGL
• CVE-2026-9971: Inappropriate implementation in iOS
• CVE-2026-9972: Uninitialized Use in Gamepad
• CVE-2026-9973: Out of bounds write in V8
• CVE-2026-9974: Out of bounds write in GPU
• CVE-2026-9975: Out of bounds read and write in ANGLE
• CVE-2026-9976: Inappropriate implementation in USB
• CVE-2026-9977: Insufficient validation of untrusted input in WebShare
• CVE-2026-9978: Use after free in Glic
• CVE-2026-9979: Insufficient validation of untrusted input in Input
• CVE-2026-9980: Insufficient validation of untrusted input in Printing
• CVE-2026-9981: Inappropriate implementation in Skia
• CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9983: Type Confusion in Skia
• CVE-2026-9984: Use after free in UI
• CVE-2026-9985: Insufficient validation of untrusted input in Media
• CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
• CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
• CVE-2026-9988: Use after free in WebRTC
• CVE-2026-9989: Inappropriate implementation in Media
• CVE-2026-9990: Use after free in WebAppInstalls
• CVE-2026-9991: Inappropriate implementation in Media
• CVE-2026-9992: Use after free in Network
• CVE-2026-9993: Use after free in Views
• CVE-2026-9994: Use after free in Core
• CVE-2026-9995: Use after free in WebXR
• CVE-2026-9996: Out of bounds read in WebRTC
• CVE-2026-9997: Use after free in Input
• CVE-2026-9998: Integer overflow in Skia
• CVE-2026-9999: Inappropriate implementation in ANGLE
• CVE-2026-10000: Use after free in Passwords
• CVE-2026-10001: Use after free in PerformanceManager
• CVE-2026-10002: Use after free in PDFium
• CVE-2026-10003: Use after free in Views
• CVE-2026-10004: Insufficient validation of untrusted input in Passwords
• CVE-2026-10005: Use after free in WebAppInstalls
• CVE-2026-10006: Race in WebAudio
• CVE-2026-10007: Use after free in SVG
• CVE-2026-10008: Uninitialized Use in GPU
• CVE-2026-10009: Integer overflow in Skia
• CVE-2026-10010: Inappropriate implementation in Input
• CVE-2026-10011: Inappropriate implementation in Skia
• CVE-2026-10012: Use after free in Skia
• CVE-2026-10013: Use after free in WebCodecs
• CVE-2026-10014: Use after free in WebMIDI
• CVE-2026-10015: Integer overflow in WTF
• CVE-2026-10016: Use after free in DOM
• CVE-2026-10017: Out of bounds read in Headless
• CVE-2026-10018: Integer overflow in ANGLE
• CVE-2026-10019: Integer overflow in ANGLE
• CVE-2026-10020: Insufficient validation of untrusted input in Skia
• CVE-2026-10021: Insufficient validation of untrusted input in USB
• CVE-2026-10022: Type Confusion in V8

• chromium-148.0.7778.215-1.el10_3

Update to 148.0.7778.215

• CVE-2026-9872: Out of bounds write in GPU
• CVE-2026-9873: Use after free in Network
• CVE-2026-9874: Use after free in Dawn
• CVE-2026-9875: Out of bounds read in WebGL
• CVE-2026-9876: Use after free in WebGL
• CVE-2026-9877: Use after free in ANGLE
• CVE-2026-9878: Use after free in ANGLE
• CVE-2026-9879: Out of bounds write in ANGLE
• CVE-2026-9880: Insufficient validation of untrusted input in WebGL
• CVE-2026-9881: Use after free in Bluetooth
• CVE-2026-9882: Integer overflow in ANGLE
• CVE-2026-9883: Use after free in Base
• CVE-2026-9884: Use after free in Browser
• CVE-2026-9885: Insufficient validation of untrusted input in UI
• CVE-2026-9886: Use after free in Base
• CVE-2026-9887: Use after free in Proxy
• CVE-2026-9888: Use after free in WebView
• CVE-2026-9889: Out of bounds read and write in Dawn
• CVE-2026-9890: Use after free in XR
• CVE-2026-9891: Use after free in Extensions
• CVE-2026-9892: Inappropriate implementation in Skia
• CVE-2026-9893: Use after free in Skia
• CVE-2026-9894: Use after free in GPU
• CVE-2026-9895: Out of bounds read in GPU
• CVE-2026-9896: Out of bounds write in V8
• CVE-2026-9897: Use after free in DOM
• CVE-2026-9898: Insufficient validation of untrusted input in GPU
• CVE-2026-9899: Use after free in ANGLE
• CVE-2026-9900: Out of bounds write in ANGLE
• CVE-2026-9901: Use after free in ANGLE
• CVE-2026-9902: Use after free in Accessibility
• CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
• CVE-2026-9904: Use after free in ANGLE
• CVE-2026-9905: Use after free in Accessibility
• CVE-2026-9906: Out of bounds write in GPU
• CVE-2026-9907: Out of bounds read in Dawn
• CVE-2026-9908: Out of bounds read in ANGLE
• CVE-2026-9909: Integer overflow in Skia
• CVE-2026-9910: Out of bounds memory access in ANGLE
• CVE-2026-9911: Integer overflow in ANGLE
• CVE-2026-9912: Inappropriate implementation in GPU
• CVE-2026-9913: Inappropriate implementation in ANGLE
• CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9915: Heap buffer overflow in ANGLE
• CVE-2026-9916: Out of bounds write in ANGLE
• CVE-2026-9917: Uninitialized Use in WebGL
• CVE-2026-9918: Inappropriate implementation in Tint
• CVE-2026-9919: Out of bounds read in WebGL
• CVE-2026-9920: Uninitialized Use in GPU
• CVE-2026-9921: Uninitialized Use in WebGL
• CVE-2026-9922: Use after free in GPU
• CVE-2026-9923: Use after free in Skia
• CVE-2026-9924: Heap buffer overflow in ANGLE
• CVE-2026-9925: Use after free in ANGLE
• CVE-2026-9926: Heap buffer overflow in ANGLE
• CVE-2026-9927: Use after free in ANGLE
• CVE-2026-9928: Out of bounds read in ANGLE
• CVE-2026-9929: Inappropriate implementation in WebGL
• CVE-2026-9930: Out of bounds write in Dawn
• CVE-2026-9931: Use after free in GPU
• CVE-2026-9932: Use after free in ANGLE
• CVE-2026-9933: Use after free in Input
• CVE-2026-9934: Use after free in Aura
• CVE-2026-9935: Uninitialized Use in ANGLE
• CVE-2026-9936: Use after free in GFX
• CVE-2026-9937: Use after free in UI
• CVE-2026-9938: Inappropriate implementation in V8
• CVE-2026-9939: Heap buffer overflow in WebCodecs
• CVE-2026-9940: Heap buffer overflow in ANGLE
• CVE-2026-9941: Use after free in ANGLE
• CVE-2026-9942: Uninitialized Use in ANGLE
• CVE-2026-9943: Out of bounds read in WebGL
• CVE-2026-9944: Uninitialized Use in ANGLE
• CVE-2026-9945: Use after free in Media
• CVE-2026-9946: Use after free in ANGLE
• CVE-2026-9947: Use after free in XML
• CVE-2026-9948: Use after free in Views
• CVE-2026-9949: Use after free in Core
• CVE-2026-9950: Insufficient validation of untrusted input in iOS
• CVE-2026-9951: Use after free in UI
• CVE-2026-9952: Use after free in WebAudio
• CVE-2026-9953: Out of bounds read in ANGLE
• CVE-2026-9954: Use after free in TabStrip
• CVE-2026-9955: Inappropriate implementation in iOS
• CVE-2026-9956: Use after free in iOS
• CVE-2026-9957: Use after free in PDF
• CVE-2026-9958: Use after free in PDFium
• CVE-2026-9959: Race in WebRTC
• CVE-2026-9960: Integer overflow in PDFium
• CVE-2026-9961: Use after free in SurfaceCapture
• CVE-2026-9962: Use after free in WebRTC
• CVE-2026-9963: Uninitialized Use in iOS
• CVE-2026-9964: Use after free in Bluetooth
• CVE-2026-9965: Out of bounds write in ANGLE
• CVE-2026-9966: Integer overflow in XML
• CVE-2026-9967: Out of bounds write in GPU
• CVE-2026-9968: Integer overflow in V8
• CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9970: Use after free in WebGL
• CVE-2026-9971: Inappropriate implementation in iOS
• CVE-2026-9972: Uninitialized Use in Gamepad
• CVE-2026-9973: Out of bounds write in V8
• CVE-2026-9974: Out of bounds write in GPU
• CVE-2026-9975: Out of bounds read and write in ANGLE
• CVE-2026-9976: Inappropriate implementation in USB
• CVE-2026-9977: Insufficient validation of untrusted input in WebShare
• CVE-2026-9978: Use after free in Glic
• CVE-2026-9979: Insufficient validation of untrusted input in Input
• CVE-2026-9980: Insufficient validation of untrusted input in Printing
• CVE-2026-9981: Inappropriate implementation in Skia
• CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9983: Type Confusion in Skia
• CVE-2026-9984: Use after free in UI
• CVE-2026-9985: Insufficient validation of untrusted input in Media
• CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
• CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
• CVE-2026-9988: Use after free in WebRTC
• CVE-2026-9989: Inappropriate implementation in Media
• CVE-2026-9990: Use after free in WebAppInstalls
• CVE-2026-9991: Inappropriate implementation in Media
• CVE-2026-9992: Use after free in Network
• CVE-2026-9993: Use after free in Views
• CVE-2026-9994: Use after free in Core
• CVE-2026-9995: Use after free in WebXR
• CVE-2026-9996: Out of bounds read in WebRTC
• CVE-2026-9997: Use after free in Input
• CVE-2026-9998: Integer overflow in Skia
• CVE-2026-9999: Inappropriate implementation in ANGLE
• CVE-2026-10000: Use after free in Passwords
• CVE-2026-10001: Use after free in PerformanceManager
• CVE-2026-10002: Use after free in PDFium
• CVE-2026-10003: Use after free in Views
• CVE-2026-10004: Insufficient validation of untrusted input in Passwords
• CVE-2026-10005: Use after free in WebAppInstalls
• CVE-2026-10006: Race in WebAudio
• CVE-2026-10007: Use after free in SVG
• CVE-2026-10008: Uninitialized Use in GPU
• CVE-2026-10009: Integer overflow in Skia
• CVE-2026-10010: Inappropriate implementation in Input
• CVE-2026-10011: Inappropriate implementation in Skia
• CVE-2026-10012: Use after free in Skia
• CVE-2026-10013: Use after free in WebCodecs
• CVE-2026-10014: Use after free in WebMIDI
• CVE-2026-10015: Integer overflow in WTF
• CVE-2026-10016: Use after free in DOM
• CVE-2026-10017: Out of bounds read in Headless
• CVE-2026-10018: Integer overflow in ANGLE
• CVE-2026-10019: Integer overflow in ANGLE
• CVE-2026-10020: Insufficient validation of untrusted input in Skia
• CVE-2026-10021: Insufficient validation of untrusted input in USB
• CVE-2026-10022: Type Confusion in V8

• chromium-148.0.7778.215-1.el9

Update to 148.0.7778.215

• CVE-2026-9872: Out of bounds write in GPU
• CVE-2026-9873: Use after free in Network
• CVE-2026-9874: Use after free in Dawn
• CVE-2026-9875: Out of bounds read in WebGL
• CVE-2026-9876: Use after free in WebGL
• CVE-2026-9877: Use after free in ANGLE
• CVE-2026-9878: Use after free in ANGLE
• CVE-2026-9879: Out of bounds write in ANGLE
• CVE-2026-9880: Insufficient validation of untrusted input in WebGL
• CVE-2026-9881: Use after free in Bluetooth
• CVE-2026-9882: Integer overflow in ANGLE
• CVE-2026-9883: Use after free in Base
• CVE-2026-9884: Use after free in Browser
• CVE-2026-9885: Insufficient validation of untrusted input in UI
• CVE-2026-9886: Use after free in Base
• CVE-2026-9887: Use after free in Proxy
• CVE-2026-9888: Use after free in WebView
• CVE-2026-9889: Out of bounds read and write in Dawn
• CVE-2026-9890: Use after free in XR
• CVE-2026-9891: Use after free in Extensions
• CVE-2026-9892: Inappropriate implementation in Skia
• CVE-2026-9893: Use after free in Skia
• CVE-2026-9894: Use after free in GPU
• CVE-2026-9895: Out of bounds read in GPU
• CVE-2026-9896: Out of bounds write in V8
• CVE-2026-9897: Use after free in DOM
• CVE-2026-9898: Insufficient validation of untrusted input in GPU
• CVE-2026-9899: Use after free in ANGLE
• CVE-2026-9900: Out of bounds write in ANGLE
• CVE-2026-9901: Use after free in ANGLE
• CVE-2026-9902: Use after free in Accessibility
• CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
• CVE-2026-9904: Use after free in ANGLE
• CVE-2026-9905: Use after free in Accessibility
• CVE-2026-9906: Out of bounds write in GPU
• CVE-2026-9907: Out of bounds read in Dawn
• CVE-2026-9908: Out of bounds read in ANGLE
• CVE-2026-9909: Integer overflow in Skia
• CVE-2026-9910: Out of bounds memory access in ANGLE
• CVE-2026-9911: Integer overflow in ANGLE
• CVE-2026-9912: Inappropriate implementation in GPU
• CVE-2026-9913: Inappropriate implementation in ANGLE
• CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9915: Heap buffer overflow in ANGLE
• CVE-2026-9916: Out of bounds write in ANGLE
• CVE-2026-9917: Uninitialized Use in WebGL
• CVE-2026-9918: Inappropriate implementation in Tint
• CVE-2026-9919: Out of bounds read in WebGL
• CVE-2026-9920: Uninitialized Use in GPU
• CVE-2026-9921: Uninitialized Use in WebGL
• CVE-2026-9922: Use after free in GPU
• CVE-2026-9923: Use after free in Skia
• CVE-2026-9924: Heap buffer overflow in ANGLE
• CVE-2026-9925: Use after free in ANGLE
• CVE-2026-9926: Heap buffer overflow in ANGLE
• CVE-2026-9927: Use after free in ANGLE
• CVE-2026-9928: Out of bounds read in ANGLE
• CVE-2026-9929: Inappropriate implementation in WebGL
• CVE-2026-9930: Out of bounds write in Dawn
• CVE-2026-9931: Use after free in GPU
• CVE-2026-9932: Use after free in ANGLE
• CVE-2026-9933: Use after free in Input
• CVE-2026-9934: Use after free in Aura
• CVE-2026-9935: Uninitialized Use in ANGLE
• CVE-2026-9936: Use after free in GFX
• CVE-2026-9937: Use after free in UI
• CVE-2026-9938: Inappropriate implementation in V8
• CVE-2026-9939: Heap buffer overflow in WebCodecs
• CVE-2026-9940: Heap buffer overflow in ANGLE
• CVE-2026-9941: Use after free in ANGLE
• CVE-2026-9942: Uninitialized Use in ANGLE
• CVE-2026-9943: Out of bounds read in WebGL
• CVE-2026-9944: Uninitialized Use in ANGLE
• CVE-2026-9945: Use after free in Media
• CVE-2026-9946: Use after free in ANGLE
• CVE-2026-9947: Use after free in XML
• CVE-2026-9948: Use after free in Views
• CVE-2026-9949: Use after free in Core
• CVE-2026-9950: Insufficient validation of untrusted input in iOS
• CVE-2026-9951: Use after free in UI
• CVE-2026-9952: Use after free in WebAudio
• CVE-2026-9953: Out of bounds read in ANGLE
• CVE-2026-9954: Use after free in TabStrip
• CVE-2026-9955: Inappropriate implementation in iOS
• CVE-2026-9956: Use after free in iOS
• CVE-2026-9957: Use after free in PDF
• CVE-2026-9958: Use after free in PDFium
• CVE-2026-9959: Race in WebRTC
• CVE-2026-9960: Integer overflow in PDFium
• CVE-2026-9961: Use after free in SurfaceCapture
• CVE-2026-9962: Use after free in WebRTC
• CVE-2026-9963: Uninitialized Use in iOS
• CVE-2026-9964: Use after free in Bluetooth
• CVE-2026-9965: Out of bounds write in ANGLE
• CVE-2026-9966: Integer overflow in XML
• CVE-2026-9967: Out of bounds write in GPU
• CVE-2026-9968: Integer overflow in V8
• CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9970: Use after free in WebGL
• CVE-2026-9971: Inappropriate implementation in iOS
• CVE-2026-9972: Uninitialized Use in Gamepad
• CVE-2026-9973: Out of bounds write in V8
• CVE-2026-9974: Out of bounds write in GPU
• CVE-2026-9975: Out of bounds read and write in ANGLE
• CVE-2026-9976: Inappropriate implementation in USB
• CVE-2026-9977: Insufficient validation of untrusted input in WebShare
• CVE-2026-9978: Use after free in Glic
• CVE-2026-9979: Insufficient validation of untrusted input in Input
• CVE-2026-9980: Insufficient validation of untrusted input in Printing
• CVE-2026-9981: Inappropriate implementation in Skia
• CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9983: Type Confusion in Skia
• CVE-2026-9984: Use after free in UI
• CVE-2026-9985: Insufficient validation of untrusted input in Media
• CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
• CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
• CVE-2026-9988: Use after free in WebRTC
• CVE-2026-9989: Inappropriate implementation in Media
• CVE-2026-9990: Use after free in WebAppInstalls
• CVE-2026-9991: Inappropriate implementation in Media
• CVE-2026-9992: Use after free in Network
• CVE-2026-9993: Use after free in Views
• CVE-2026-9994: Use after free in Core
• CVE-2026-9995: Use after free in WebXR
• CVE-2026-9996: Out of bounds read in WebRTC
• CVE-2026-9997: Use after free in Input
• CVE-2026-9998: Integer overflow in Skia
• CVE-2026-9999: Inappropriate implementation in ANGLE
• CVE-2026-10000: Use after free in Passwords
• CVE-2026-10001: Use after free in PerformanceManager
• CVE-2026-10002: Use after free in PDFium
• CVE-2026-10003: Use after free in Views
• CVE-2026-10004: Insufficient validation of untrusted input in Passwords
• CVE-2026-10005: Use after free in WebAppInstalls
• CVE-2026-10006: Race in WebAudio
• CVE-2026-10007: Use after free in SVG
• CVE-2026-10008: Uninitialized Use in GPU
• CVE-2026-10009: Integer overflow in Skia
• CVE-2026-10010: Inappropriate implementation in Input
• CVE-2026-10011: Inappropriate implementation in Skia
• CVE-2026-10012: Use after free in Skia
• CVE-2026-10013: Use after free in WebCodecs
• CVE-2026-10014: Use after free in WebMIDI
• CVE-2026-10015: Integer overflow in WTF
• CVE-2026-10016: Use after free in DOM
• CVE-2026-10017: Out of bounds read in Headless
• CVE-2026-10018: Integer overflow in ANGLE
• CVE-2026-10019: Integer overflow in ANGLE
• CVE-2026-10020: Insufficient validation of untrusted input in Skia
• CVE-2026-10021: Insufficient validation of untrusted input in USB
• CVE-2026-10022: Type Confusion in V8

• chromium-148.0.7778.215-1.fc43

Update to 148.0.7778.215

• CVE-2026-9872: Out of bounds write in GPU
• CVE-2026-9873: Use after free in Network
• CVE-2026-9874: Use after free in Dawn
• CVE-2026-9875: Out of bounds read in WebGL
• CVE-2026-9876: Use after free in WebGL
• CVE-2026-9877: Use after free in ANGLE
• CVE-2026-9878: Use after free in ANGLE
• CVE-2026-9879: Out of bounds write in ANGLE
• CVE-2026-9880: Insufficient validation of untrusted input in WebGL
• CVE-2026-9881: Use after free in Bluetooth
• CVE-2026-9882: Integer overflow in ANGLE
• CVE-2026-9883: Use after free in Base
• CVE-2026-9884: Use after free in Browser
• CVE-2026-9885: Insufficient validation of untrusted input in UI
• CVE-2026-9886: Use after free in Base
• CVE-2026-9887: Use after free in Proxy
• CVE-2026-9888: Use after free in WebView
• CVE-2026-9889: Out of bounds read and write in Dawn
• CVE-2026-9890: Use after free in XR
• CVE-2026-9891: Use after free in Extensions
• CVE-2026-9892: Inappropriate implementation in Skia
• CVE-2026-9893: Use after free in Skia
• CVE-2026-9894: Use after free in GPU
• CVE-2026-9895: Out of bounds read in GPU
• CVE-2026-9896: Out of bounds write in V8
• CVE-2026-9897: Use after free in DOM
• CVE-2026-9898: Insufficient validation of untrusted input in GPU
• CVE-2026-9899: Use after free in ANGLE
• CVE-2026-9900: Out of bounds write in ANGLE
• CVE-2026-9901: Use after free in ANGLE
• CVE-2026-9902: Use after free in Accessibility
• CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
• CVE-2026-9904: Use after free in ANGLE
• CVE-2026-9905: Use after free in Accessibility
• CVE-2026-9906: Out of bounds write in GPU
• CVE-2026-9907: Out of bounds read in Dawn
• CVE-2026-9908: Out of bounds read in ANGLE
• CVE-2026-9909: Integer overflow in Skia
• CVE-2026-9910: Out of bounds memory access in ANGLE
• CVE-2026-9911: Integer overflow in ANGLE
• CVE-2026-9912: Inappropriate implementation in GPU
• CVE-2026-9913: Inappropriate implementation in ANGLE
• CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9915: Heap buffer overflow in ANGLE
• CVE-2026-9916: Out of bounds write in ANGLE
• CVE-2026-9917: Uninitialized Use in WebGL
• CVE-2026-9918: Inappropriate implementation in Tint
• CVE-2026-9919: Out of bounds read in WebGL
• CVE-2026-9920: Uninitialized Use in GPU
• CVE-2026-9921: Uninitialized Use in WebGL
• CVE-2026-9922: Use after free in GPU
• CVE-2026-9923: Use after free in Skia
• CVE-2026-9924: Heap buffer overflow in ANGLE
• CVE-2026-9925: Use after free in ANGLE
• CVE-2026-9926: Heap buffer overflow in ANGLE
• CVE-2026-9927: Use after free in ANGLE
• CVE-2026-9928: Out of bounds read in ANGLE
• CVE-2026-9929: Inappropriate implementation in WebGL
• CVE-2026-9930: Out of bounds write in Dawn
• CVE-2026-9931: Use after free in GPU
• CVE-2026-9932: Use after free in ANGLE
• CVE-2026-9933: Use after free in Input
• CVE-2026-9934: Use after free in Aura
• CVE-2026-9935: Uninitialized Use in ANGLE
• CVE-2026-9936: Use after free in GFX
• CVE-2026-9937: Use after free in UI
• CVE-2026-9938: Inappropriate implementation in V8
• CVE-2026-9939: Heap buffer overflow in WebCodecs
• CVE-2026-9940: Heap buffer overflow in ANGLE
• CVE-2026-9941: Use after free in ANGLE
• CVE-2026-9942: Uninitialized Use in ANGLE
• CVE-2026-9943: Out of bounds read in WebGL
• CVE-2026-9944: Uninitialized Use in ANGLE
• CVE-2026-9945: Use after free in Media
• CVE-2026-9946: Use after free in ANGLE
• CVE-2026-9947: Use after free in XML
• CVE-2026-9948: Use after free in Views
• CVE-2026-9949: Use after free in Core
• CVE-2026-9950: Insufficient validation of untrusted input in iOS
• CVE-2026-9951: Use after free in UI
• CVE-2026-9952: Use after free in WebAudio
• CVE-2026-9953: Out of bounds read in ANGLE
• CVE-2026-9954: Use after free in TabStrip
• CVE-2026-9955: Inappropriate implementation in iOS
• CVE-2026-9956: Use after free in iOS
• CVE-2026-9957: Use after free in PDF
• CVE-2026-9958: Use after free in PDFium
• CVE-2026-9959: Race in WebRTC
• CVE-2026-9960: Integer overflow in PDFium
• CVE-2026-9961: Use after free in SurfaceCapture
• CVE-2026-9962: Use after free in WebRTC
• CVE-2026-9963: Uninitialized Use in iOS
• CVE-2026-9964: Use after free in Bluetooth
• CVE-2026-9965: Out of bounds write in ANGLE
• CVE-2026-9966: Integer overflow in XML
• CVE-2026-9967: Out of bounds write in GPU
• CVE-2026-9968: Integer overflow in V8
• CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9970: Use after free in WebGL
• CVE-2026-9971: Inappropriate implementation in iOS
• CVE-2026-9972: Uninitialized Use in Gamepad
• CVE-2026-9973: Out of bounds write in V8
• CVE-2026-9974: Out of bounds write in GPU
• CVE-2026-9975: Out of bounds read and write in ANGLE
• CVE-2026-9976: Inappropriate implementation in USB
• CVE-2026-9977: Insufficient validation of untrusted input in WebShare
• CVE-2026-9978: Use after free in Glic
• CVE-2026-9979: Insufficient validation of untrusted input in Input
• CVE-2026-9980: Insufficient validation of untrusted input in Printing
• CVE-2026-9981: Inappropriate implementation in Skia
• CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
• CVE-2026-9983: Type Confusion in Skia
• CVE-2026-9984: Use after free in UI
• CVE-2026-9985: Insufficient validation of untrusted input in Media
• CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
• CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
• CVE-2026-9988: Use after free in WebRTC
• CVE-2026-9989: Inappropriate implementation in Media
• CVE-2026-9990: Use after free in WebAppInstalls
• CVE-2026-9991: Inappropriate implementation in Media
• CVE-2026-9992: Use after free in Network
• CVE-2026-9993: Use after free in Views
• CVE-2026-9994: Use after free in Core
• CVE-2026-9995: Use after free in WebXR
• CVE-2026-9996: Out of bounds read in WebRTC
• CVE-2026-9997: Use after free in Input
• CVE-2026-9998: Integer overflow in Skia
• CVE-2026-9999: Inappropriate implementation in ANGLE
• CVE-2026-10000: Use after free in Passwords
• CVE-2026-10001: Use after free in PerformanceManager
• CVE-2026-10002: Use after free in PDFium
• CVE-2026-10003: Use after free in Views
• CVE-2026-10004: Insufficient validation of untrusted input in Passwords
• CVE-2026-10005: Use after free in WebAppInstalls
• CVE-2026-10006: Race in WebAudio
• CVE-2026-10007: Use after free in SVG
• CVE-2026-10008: Uninitialized Use in GPU
• CVE-2026-10009: Integer overflow in Skia
• CVE-2026-10010: Inappropriate implementation in Input
• CVE-2026-10011: Inappropriate implementation in Skia
• CVE-2026-10012: Use after free in Skia
• CVE-2026-10013: Use after free in WebCodecs
• CVE-2026-10014: Use after free in WebMIDI
• CVE-2026-10015: Integer overflow in WTF
• CVE-2026-10016: Use after free in DOM
• CVE-2026-10017: Out of bounds read in Headless
• CVE-2026-10018: Integer overflow in ANGLE
• CVE-2026-10019: Integer overflow in ANGLE
• CVE-2026-10020: Insufficient validation of untrusted input in Skia
• CVE-2026-10021: Insufficient validation of untrusted input in USB
• CVE-2026-10022: Type Confusion in V8

• rsync-3.4.3-1.fc43

New version 3.4.3. The rsync-patches are no longer supported so I removed them. The only patch used from that repo is detect-renamed and detect-renamed-lax. I keep these alive for F43 at least but maintaining them is becoming harder and harder. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232

• rsync-3.4.3-1.fc44

New version 3.4.3. The rsync-patches are no longer supported so I removed them. The only patch used from that repo is detect-renamed and detect-renamed-lax. I keep these alive for F43 at least but maintaining them is becoming harder and harder. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232

• keylime-7.14.2-1.fc43

Updating for Keylime release v7.14.2:

• This includes the fix for CVE-2026-6420.
• Update keylime-selinux policy to the latest version 44.1.0

• keylime-7.14.2-1.fc44

Updating for Keylime release v7.14.2:

• This includes the fix for CVE-2026-6420.
• Update keylime-selinux policy to the latest version 44.1.0

• perl-CryptX-0.089-1.el10_3

Fixes CVE-2026-41565

• perl-CryptX-0.089-1.el10_2

Fixes CVE-2026-41565

• perl-CryptX-0.089-1.el8

Fixes CVE-2026-41565

• perl-CryptX-0.089-1.el9

Fixes CVE-2026-41565

• perl-CryptX-0.089-1.fc44

Fixes CVE-2026-41565

• perl-CryptX-0.089-1.fc43

Fixes CVE-2026-41565

• freeipa-4.13.1-7.fc43
• samba-4.23.8-1.fc43

Update to Samba 4.23.8 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

• freeipa-4.13.1-12.fc44
• samba-4.24.3-1.fc44

Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

• freeipa-4.13.1-16.fc45
• samba-4.24.3-1.fc45

Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238

• pdns-5.0.5-1.el9

• Update to 5.0.5
• Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html

• libre-4.8.1-1.el10_3

• fmt/pl: add pl_strip_html()
• sys/fs: add getpwuid fallback for fs_gethome
• tls: remove unused include rsa.h
• ice: check source address of incoming application packets
• websock: Fix integer overflow in websock_decode() masked frame check
  • https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
  • https://github.com/baresip/baresip/issues/3705