Fedora Security Advisories

• chromium-147.0.7727.55-1.el10_2

Update to 147.0.7727.55

• Critical CVE-2026-5858: Heap buffer overflow in WebML
• Critical CVE-2026-5859: Integer overflow in WebML
• High CVE-2026-5860: Use after free in WebRTC
• High CVE-2026-5861: Use after free in V8
• High CVE-2026-5862: Inappropriate implementation in V8
• High CVE-2026-5863: Inappropriate implementation in V8
• High CVE-2026-5864: Heap buffer overflow in WebAudio
• High CVE-2026-5865: Type Confusion in V8
• High CVE-2026-5866: Use after free in Media
• High CVE-2026-5867: Heap buffer overflow in WebML
• High CVE-2026-5868: Heap buffer overflow in ANGLE
• High CVE-2026-5869: Heap buffer overflow in WebML
• High CVE-2026-5870: Integer overflow in Skia
• High CVE-2026-5871: Type Confusion in V8
• High CVE-2026-5872: Use after free in Blink
• High CVE-2026-5873: Out of bounds read and write in V8
• Medium CVE-2026-5874: Use after free in PrivateAI
• Medium CVE-2026-5875: Policy bypass in Blink
• Medium CVE-2026-5876: Side-channel information leakage in Navigation
• Medium CVE-2026-5877: Use after free in Navigation
• Medium CVE-2026-5878: Incorrect security UI in Blink
• Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
• Medium CVE-2026-5880: Incorrect security UI in browser UI
• Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
• Medium CVE-2026-5882: Incorrect security UI in Fullscreen
• Medium CVE-2026-5883: Use after free in Media
• Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
• Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
• Medium CVE-2026-5886: Out of bounds read in WebAudio
• Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
• Medium CVE-2026-5888: Uninitialized Use in WebCodecs
• Medium CVE-2026-5889: Cryptographic Flaw in PDFium
• Medium CVE-2026-5890: Race in WebCodecs
• Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
• Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
• Medium CVE-2026-5893: Race in V8
• Low CVE-2026-5894: Inappropriate implementation in PDF
• Low CVE-2026-5895: Incorrect security UI in Omnibox
• Low CVE-2026-5896: Policy bypass in Audio
• Low CVE-2026-5897: Incorrect security UI in Downloads
• Low CVE-2026-5898: Incorrect security UI in Omnibox
• Low CVE-2026-5899: Incorrect security UI in History Navigation
• Low CVE-2026-5900: Policy bypass in Downloads
• Low CVE-2026-5901: Policy bypass in DevTools
• Low CVE-2026-5902: Race in Media
• Low CVE-2026-5903: Policy bypass in IFrameSandbox
• Low CVE-2026-5904: Use after free in V8
• Low CVE-2026-5905: Incorrect security UI in Permissions
• Low CVE-2026-5906: Incorrect security UI in Omnibox
• Low CVE-2026-5907: Insufficient data validation in Media
• Low CVE-2026-5908: Integer overflow in Media
• Low CVE-2026-5909: Integer overflow in Media
• Low CVE-2026-5910: Integer overflow in Media
• Low CVE-2026-5911: Policy bypass in ServiceWorkers
• Low CVE-2026-5912: Integer overflow in WebRTC
• Low CVE-2026-5913: Out of bounds read in Blink
• Low CVE-2026-5914: Type Confusion in CSS
• Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
• Low CVE-2026-5918: Inappropriate implementation in Navigation
• Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

• chromium-147.0.7727.55-1.fc42

Update to 147.0.7727.55

• Critical CVE-2026-5858: Heap buffer overflow in WebML
• Critical CVE-2026-5859: Integer overflow in WebML
• High CVE-2026-5860: Use after free in WebRTC
• High CVE-2026-5861: Use after free in V8
• High CVE-2026-5862: Inappropriate implementation in V8
• High CVE-2026-5863: Inappropriate implementation in V8
• High CVE-2026-5864: Heap buffer overflow in WebAudio
• High CVE-2026-5865: Type Confusion in V8
• High CVE-2026-5866: Use after free in Media
• High CVE-2026-5867: Heap buffer overflow in WebML
• High CVE-2026-5868: Heap buffer overflow in ANGLE
• High CVE-2026-5869: Heap buffer overflow in WebML
• High CVE-2026-5870: Integer overflow in Skia
• High CVE-2026-5871: Type Confusion in V8
• High CVE-2026-5872: Use after free in Blink
• High CVE-2026-5873: Out of bounds read and write in V8
• Medium CVE-2026-5874: Use after free in PrivateAI
• Medium CVE-2026-5875: Policy bypass in Blink
• Medium CVE-2026-5876: Side-channel information leakage in Navigation
• Medium CVE-2026-5877: Use after free in Navigation
• Medium CVE-2026-5878: Incorrect security UI in Blink
• Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
• Medium CVE-2026-5880: Incorrect security UI in browser UI
• Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
• Medium CVE-2026-5882: Incorrect security UI in Fullscreen
• Medium CVE-2026-5883: Use after free in Media
• Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
• Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
• Medium CVE-2026-5886: Out of bounds read in WebAudio
• Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
• Medium CVE-2026-5888: Uninitialized Use in WebCodecs
• Medium CVE-2026-5889: Cryptographic Flaw in PDFium
• Medium CVE-2026-5890: Race in WebCodecs
• Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
• Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
• Medium CVE-2026-5893: Race in V8
• Low CVE-2026-5894: Inappropriate implementation in PDF
• Low CVE-2026-5895: Incorrect security UI in Omnibox
• Low CVE-2026-5896: Policy bypass in Audio
• Low CVE-2026-5897: Incorrect security UI in Downloads
• Low CVE-2026-5898: Incorrect security UI in Omnibox
• Low CVE-2026-5899: Incorrect security UI in History Navigation
• Low CVE-2026-5900: Policy bypass in Downloads
• Low CVE-2026-5901: Policy bypass in DevTools
• Low CVE-2026-5902: Race in Media
• Low CVE-2026-5903: Policy bypass in IFrameSandbox
• Low CVE-2026-5904: Use after free in V8
• Low CVE-2026-5905: Incorrect security UI in Permissions
• Low CVE-2026-5906: Incorrect security UI in Omnibox
• Low CVE-2026-5907: Insufficient data validation in Media
• Low CVE-2026-5908: Integer overflow in Media
• Low CVE-2026-5909: Integer overflow in Media
• Low CVE-2026-5910: Integer overflow in Media
• Low CVE-2026-5911: Policy bypass in ServiceWorkers
• Low CVE-2026-5912: Integer overflow in WebRTC
• Low CVE-2026-5913: Out of bounds read in Blink
• Low CVE-2026-5914: Type Confusion in CSS
• Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
• Low CVE-2026-5918: Inappropriate implementation in Navigation
• Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

• chromium-147.0.7727.55-1.fc44

Update to 147.0.7727.55

• Critical CVE-2026-5858: Heap buffer overflow in WebML
• Critical CVE-2026-5859: Integer overflow in WebML
• High CVE-2026-5860: Use after free in WebRTC
• High CVE-2026-5861: Use after free in V8
• High CVE-2026-5862: Inappropriate implementation in V8
• High CVE-2026-5863: Inappropriate implementation in V8
• High CVE-2026-5864: Heap buffer overflow in WebAudio
• High CVE-2026-5865: Type Confusion in V8
• High CVE-2026-5866: Use after free in Media
• High CVE-2026-5867: Heap buffer overflow in WebML
• High CVE-2026-5868: Heap buffer overflow in ANGLE
• High CVE-2026-5869: Heap buffer overflow in WebML
• High CVE-2026-5870: Integer overflow in Skia
• High CVE-2026-5871: Type Confusion in V8
• High CVE-2026-5872: Use after free in Blink
• High CVE-2026-5873: Out of bounds read and write in V8
• Medium CVE-2026-5874: Use after free in PrivateAI
• Medium CVE-2026-5875: Policy bypass in Blink
• Medium CVE-2026-5876: Side-channel information leakage in Navigation
• Medium CVE-2026-5877: Use after free in Navigation
• Medium CVE-2026-5878: Incorrect security UI in Blink
• Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
• Medium CVE-2026-5880: Incorrect security UI in browser UI
• Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
• Medium CVE-2026-5882: Incorrect security UI in Fullscreen
• Medium CVE-2026-5883: Use after free in Media
• Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
• Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
• Medium CVE-2026-5886: Out of bounds read in WebAudio
• Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
• Medium CVE-2026-5888: Uninitialized Use in WebCodecs
• Medium CVE-2026-5889: Cryptographic Flaw in PDFium
• Medium CVE-2026-5890: Race in WebCodecs
• Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
• Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
• Medium CVE-2026-5893: Race in V8
• Low CVE-2026-5894: Inappropriate implementation in PDF
• Low CVE-2026-5895: Incorrect security UI in Omnibox
• Low CVE-2026-5896: Policy bypass in Audio
• Low CVE-2026-5897: Incorrect security UI in Downloads
• Low CVE-2026-5898: Incorrect security UI in Omnibox
• Low CVE-2026-5899: Incorrect security UI in History Navigation
• Low CVE-2026-5900: Policy bypass in Downloads
• Low CVE-2026-5901: Policy bypass in DevTools
• Low CVE-2026-5902: Race in Media
• Low CVE-2026-5903: Policy bypass in IFrameSandbox
• Low CVE-2026-5904: Use after free in V8
• Low CVE-2026-5905: Incorrect security UI in Permissions
• Low CVE-2026-5906: Incorrect security UI in Omnibox
• Low CVE-2026-5907: Insufficient data validation in Media
• Low CVE-2026-5908: Integer overflow in Media
• Low CVE-2026-5909: Integer overflow in Media
• Low CVE-2026-5910: Integer overflow in Media
• Low CVE-2026-5911: Policy bypass in ServiceWorkers
• Low CVE-2026-5912: Integer overflow in WebRTC
• Low CVE-2026-5913: Out of bounds read in Blink
• Low CVE-2026-5914: Type Confusion in CSS
• Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
• Low CVE-2026-5918: Inappropriate implementation in Navigation
• Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

• chromium-147.0.7727.55-1.el10_1

Update to 147.0.7727.55

• Critical CVE-2026-5858: Heap buffer overflow in WebML
• Critical CVE-2026-5859: Integer overflow in WebML
• High CVE-2026-5860: Use after free in WebRTC
• High CVE-2026-5861: Use after free in V8
• High CVE-2026-5862: Inappropriate implementation in V8
• High CVE-2026-5863: Inappropriate implementation in V8
• High CVE-2026-5864: Heap buffer overflow in WebAudio
• High CVE-2026-5865: Type Confusion in V8
• High CVE-2026-5866: Use after free in Media
• High CVE-2026-5867: Heap buffer overflow in WebML
• High CVE-2026-5868: Heap buffer overflow in ANGLE
• High CVE-2026-5869: Heap buffer overflow in WebML
• High CVE-2026-5870: Integer overflow in Skia
• High CVE-2026-5871: Type Confusion in V8
• High CVE-2026-5872: Use after free in Blink
• High CVE-2026-5873: Out of bounds read and write in V8
• Medium CVE-2026-5874: Use after free in PrivateAI
• Medium CVE-2026-5875: Policy bypass in Blink
• Medium CVE-2026-5876: Side-channel information leakage in Navigation
• Medium CVE-2026-5877: Use after free in Navigation
• Medium CVE-2026-5878: Incorrect security UI in Blink
• Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
• Medium CVE-2026-5880: Incorrect security UI in browser UI
• Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
• Medium CVE-2026-5882: Incorrect security UI in Fullscreen
• Medium CVE-2026-5883: Use after free in Media
• Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
• Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
• Medium CVE-2026-5886: Out of bounds read in WebAudio
• Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
• Medium CVE-2026-5888: Uninitialized Use in WebCodecs
• Medium CVE-2026-5889: Cryptographic Flaw in PDFium
• Medium CVE-2026-5890: Race in WebCodecs
• Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
• Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
• Medium CVE-2026-5893: Race in V8
• Low CVE-2026-5894: Inappropriate implementation in PDF
• Low CVE-2026-5895: Incorrect security UI in Omnibox
• Low CVE-2026-5896: Policy bypass in Audio
• Low CVE-2026-5897: Incorrect security UI in Downloads
• Low CVE-2026-5898: Incorrect security UI in Omnibox
• Low CVE-2026-5899: Incorrect security UI in History Navigation
• Low CVE-2026-5900: Policy bypass in Downloads
• Low CVE-2026-5901: Policy bypass in DevTools
• Low CVE-2026-5902: Race in Media
• Low CVE-2026-5903: Policy bypass in IFrameSandbox
• Low CVE-2026-5904: Use after free in V8
• Low CVE-2026-5905: Incorrect security UI in Permissions
• Low CVE-2026-5906: Incorrect security UI in Omnibox
• Low CVE-2026-5907: Insufficient data validation in Media
• Low CVE-2026-5908: Integer overflow in Media
• Low CVE-2026-5909: Integer overflow in Media
• Low CVE-2026-5910: Integer overflow in Media
• Low CVE-2026-5911: Policy bypass in ServiceWorkers
• Low CVE-2026-5912: Integer overflow in WebRTC
• Low CVE-2026-5913: Out of bounds read in Blink
• Low CVE-2026-5914: Type Confusion in CSS
• Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
• Low CVE-2026-5918: Inappropriate implementation in Navigation
• Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

• chromium-147.0.7727.55-1.el10_3

Update to 147.0.7727.55

• Critical CVE-2026-5858: Heap buffer overflow in WebML
• Critical CVE-2026-5859: Integer overflow in WebML
• High CVE-2026-5860: Use after free in WebRTC
• High CVE-2026-5861: Use after free in V8
• High CVE-2026-5862: Inappropriate implementation in V8
• High CVE-2026-5863: Inappropriate implementation in V8
• High CVE-2026-5864: Heap buffer overflow in WebAudio
• High CVE-2026-5865: Type Confusion in V8
• High CVE-2026-5866: Use after free in Media
• High CVE-2026-5867: Heap buffer overflow in WebML
• High CVE-2026-5868: Heap buffer overflow in ANGLE
• High CVE-2026-5869: Heap buffer overflow in WebML
• High CVE-2026-5870: Integer overflow in Skia
• High CVE-2026-5871: Type Confusion in V8
• High CVE-2026-5872: Use after free in Blink
• High CVE-2026-5873: Out of bounds read and write in V8
• Medium CVE-2026-5874: Use after free in PrivateAI
• Medium CVE-2026-5875: Policy bypass in Blink
• Medium CVE-2026-5876: Side-channel information leakage in Navigation
• Medium CVE-2026-5877: Use after free in Navigation
• Medium CVE-2026-5878: Incorrect security UI in Blink
• Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
• Medium CVE-2026-5880: Incorrect security UI in browser UI
• Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
• Medium CVE-2026-5882: Incorrect security UI in Fullscreen
• Medium CVE-2026-5883: Use after free in Media
• Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
• Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
• Medium CVE-2026-5886: Out of bounds read in WebAudio
• Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
• Medium CVE-2026-5888: Uninitialized Use in WebCodecs
• Medium CVE-2026-5889: Cryptographic Flaw in PDFium
• Medium CVE-2026-5890: Race in WebCodecs
• Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
• Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
• Medium CVE-2026-5893: Race in V8
• Low CVE-2026-5894: Inappropriate implementation in PDF
• Low CVE-2026-5895: Incorrect security UI in Omnibox
• Low CVE-2026-5896: Policy bypass in Audio
• Low CVE-2026-5897: Incorrect security UI in Downloads
• Low CVE-2026-5898: Incorrect security UI in Omnibox
• Low CVE-2026-5899: Incorrect security UI in History Navigation
• Low CVE-2026-5900: Policy bypass in Downloads
• Low CVE-2026-5901: Policy bypass in DevTools
• Low CVE-2026-5902: Race in Media
• Low CVE-2026-5903: Policy bypass in IFrameSandbox
• Low CVE-2026-5904: Use after free in V8
• Low CVE-2026-5905: Incorrect security UI in Permissions
• Low CVE-2026-5906: Incorrect security UI in Omnibox
• Low CVE-2026-5907: Insufficient data validation in Media
• Low CVE-2026-5908: Integer overflow in Media
• Low CVE-2026-5909: Integer overflow in Media
• Low CVE-2026-5910: Integer overflow in Media
• Low CVE-2026-5911: Policy bypass in ServiceWorkers
• Low CVE-2026-5912: Integer overflow in WebRTC
• Low CVE-2026-5913: Out of bounds read in Blink
• Low CVE-2026-5914: Type Confusion in CSS
• Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
• Low CVE-2026-5918: Inappropriate implementation in Navigation
• Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

• chromium-147.0.7727.55-1.el9

Update to 147.0.7727.55

• Critical CVE-2026-5858: Heap buffer overflow in WebML
• Critical CVE-2026-5859: Integer overflow in WebML
• High CVE-2026-5860: Use after free in WebRTC
• High CVE-2026-5861: Use after free in V8
• High CVE-2026-5862: Inappropriate implementation in V8
• High CVE-2026-5863: Inappropriate implementation in V8
• High CVE-2026-5864: Heap buffer overflow in WebAudio
• High CVE-2026-5865: Type Confusion in V8
• High CVE-2026-5866: Use after free in Media
• High CVE-2026-5867: Heap buffer overflow in WebML
• High CVE-2026-5868: Heap buffer overflow in ANGLE
• High CVE-2026-5869: Heap buffer overflow in WebML
• High CVE-2026-5870: Integer overflow in Skia
• High CVE-2026-5871: Type Confusion in V8
• High CVE-2026-5872: Use after free in Blink
• High CVE-2026-5873: Out of bounds read and write in V8
• Medium CVE-2026-5874: Use after free in PrivateAI
• Medium CVE-2026-5875: Policy bypass in Blink
• Medium CVE-2026-5876: Side-channel information leakage in Navigation
• Medium CVE-2026-5877: Use after free in Navigation
• Medium CVE-2026-5878: Incorrect security UI in Blink
• Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
• Medium CVE-2026-5880: Incorrect security UI in browser UI
• Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
• Medium CVE-2026-5882: Incorrect security UI in Fullscreen
• Medium CVE-2026-5883: Use after free in Media
• Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
• Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
• Medium CVE-2026-5886: Out of bounds read in WebAudio
• Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
• Medium CVE-2026-5888: Uninitialized Use in WebCodecs
• Medium CVE-2026-5889: Cryptographic Flaw in PDFium
• Medium CVE-2026-5890: Race in WebCodecs
• Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
• Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
• Medium CVE-2026-5893: Race in V8
• Low CVE-2026-5894: Inappropriate implementation in PDF
• Low CVE-2026-5895: Incorrect security UI in Omnibox
• Low CVE-2026-5896: Policy bypass in Audio
• Low CVE-2026-5897: Incorrect security UI in Downloads
• Low CVE-2026-5898: Incorrect security UI in Omnibox
• Low CVE-2026-5899: Incorrect security UI in History Navigation
• Low CVE-2026-5900: Policy bypass in Downloads
• Low CVE-2026-5901: Policy bypass in DevTools
• Low CVE-2026-5902: Race in Media
• Low CVE-2026-5903: Policy bypass in IFrameSandbox
• Low CVE-2026-5904: Use after free in V8
• Low CVE-2026-5905: Incorrect security UI in Permissions
• Low CVE-2026-5906: Incorrect security UI in Omnibox
• Low CVE-2026-5907: Insufficient data validation in Media
• Low CVE-2026-5908: Integer overflow in Media
• Low CVE-2026-5909: Integer overflow in Media
• Low CVE-2026-5910: Integer overflow in Media
• Low CVE-2026-5911: Policy bypass in ServiceWorkers
• Low CVE-2026-5912: Integer overflow in WebRTC
• Low CVE-2026-5913: Out of bounds read in Blink
• Low CVE-2026-5914: Type Confusion in CSS
• Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
• Low CVE-2026-5918: Inappropriate implementation in Navigation
• Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

• chromium-147.0.7727.55-1.fc43

Update to 147.0.7727.55

• Critical CVE-2026-5858: Heap buffer overflow in WebML
• Critical CVE-2026-5859: Integer overflow in WebML
• High CVE-2026-5860: Use after free in WebRTC
• High CVE-2026-5861: Use after free in V8
• High CVE-2026-5862: Inappropriate implementation in V8
• High CVE-2026-5863: Inappropriate implementation in V8
• High CVE-2026-5864: Heap buffer overflow in WebAudio
• High CVE-2026-5865: Type Confusion in V8
• High CVE-2026-5866: Use after free in Media
• High CVE-2026-5867: Heap buffer overflow in WebML
• High CVE-2026-5868: Heap buffer overflow in ANGLE
• High CVE-2026-5869: Heap buffer overflow in WebML
• High CVE-2026-5870: Integer overflow in Skia
• High CVE-2026-5871: Type Confusion in V8
• High CVE-2026-5872: Use after free in Blink
• High CVE-2026-5873: Out of bounds read and write in V8
• Medium CVE-2026-5874: Use after free in PrivateAI
• Medium CVE-2026-5875: Policy bypass in Blink
• Medium CVE-2026-5876: Side-channel information leakage in Navigation
• Medium CVE-2026-5877: Use after free in Navigation
• Medium CVE-2026-5878: Incorrect security UI in Blink
• Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
• Medium CVE-2026-5880: Incorrect security UI in browser UI
• Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
• Medium CVE-2026-5882: Incorrect security UI in Fullscreen
• Medium CVE-2026-5883: Use after free in Media
• Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
• Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
• Medium CVE-2026-5886: Out of bounds read in WebAudio
• Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
• Medium CVE-2026-5888: Uninitialized Use in WebCodecs
• Medium CVE-2026-5889: Cryptographic Flaw in PDFium
• Medium CVE-2026-5890: Race in WebCodecs
• Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
• Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
• Medium CVE-2026-5893: Race in V8
• Low CVE-2026-5894: Inappropriate implementation in PDF
• Low CVE-2026-5895: Incorrect security UI in Omnibox
• Low CVE-2026-5896: Policy bypass in Audio
• Low CVE-2026-5897: Incorrect security UI in Downloads
• Low CVE-2026-5898: Incorrect security UI in Omnibox
• Low CVE-2026-5899: Incorrect security UI in History Navigation
• Low CVE-2026-5900: Policy bypass in Downloads
• Low CVE-2026-5901: Policy bypass in DevTools
• Low CVE-2026-5902: Race in Media
• Low CVE-2026-5903: Policy bypass in IFrameSandbox
• Low CVE-2026-5904: Use after free in V8
• Low CVE-2026-5905: Incorrect security UI in Permissions
• Low CVE-2026-5906: Incorrect security UI in Omnibox
• Low CVE-2026-5907: Insufficient data validation in Media
• Low CVE-2026-5908: Integer overflow in Media
• Low CVE-2026-5909: Integer overflow in Media
• Low CVE-2026-5910: Integer overflow in Media
• Low CVE-2026-5911: Policy bypass in ServiceWorkers
• Low CVE-2026-5912: Integer overflow in WebRTC
• Low CVE-2026-5913: Out of bounds read in Blink
• Low CVE-2026-5914: Type Confusion in CSS
• Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
• Low CVE-2026-5918: Inappropriate implementation in Navigation
• Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

• mingw-LibRaw-0.21.5-3.fc42

Backport patch for CVE-2026-20884.

Backport fixes for CVE-2026-20889 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660

Update to libraw-0.21.5.

• mingw-LibRaw-0.21.5-3.fc43

Backport patch for CVE-2026-20884.

Backport fixes for CVE-2026-20889 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660

Update to libraw-0.21.5.

• pgadmin4-9.14-2.fc42

Update to pgadmin4-9.14.

• pgadmin4-9.14-2.fc43

Update to pgadmin4-9.14.

• pgadmin4-9.14-2.fc44

Update to pgadmin4-9.14.

• flatpak-1.16.5-1.fc43

Update to 1.16.5. Update notes: https://github.com/flatpak/flatpak/releases/tag/1.16.5

Update to 1.16.4

Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg

• smb4k-4.0.6-1.fc42

Update to version 4.0.6

• stb-0-0.57.20260313git904aa67.el8

Fix access/use of uninitialized memory in stb_image

• smb4k-4.0.6-1.fc43

Update to version 4.0.6

• smb4k-4.0.6-1.fc44

Update to version 4.0.6

• edk2-20260213-3.fc43

update openssl to 3.5.6

• stb-0^20260313git904aa67-2.el9

Fix access/use of uninitialized memory in stb_image

• stb-0^20260313git904aa67-2.el10_1

Fix access/use of uninitialized memory in stb_image