Lucene search
K

Fedora 42 : chromium (2026-3675ac2066)

🗓️ 23 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

Fedora 42 chromium updated to 147.0.7727.101 fixing multiple critical and high CVEs.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-6297
15 Apr 202619:04
attackerkb
ATTACKERKB
CVE-2026-5903
8 Apr 202621:21
attackerkb
ATTACKERKB
CVE-2026-5279
1 Apr 202604:41
attackerkb
ATTACKERKB
CVE-2026-5871
8 Apr 202621:20
attackerkb
ATTACKERKB
CVE-2026-5866
8 Apr 202621:20
attackerkb
ATTACKERKB
CVE-2026-6301
15 Apr 202619:04
attackerkb
ATTACKERKB
CVE-2026-5291
1 Apr 202604:41
attackerkb
ATTACKERKB
CVE-2026-5289
1 Apr 202604:41
attackerkb
ATTACKERKB
CVE-2026-6310
15 Apr 202619:04
attackerkb
ATTACKERKB
CVE-2026-6304
15 Apr 202619:04
attackerkb
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-3675ac2066
#

include('compat.inc');

if (description)
{
  script_id(309862);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/23");

  script_cve_id(
    "CVE-2026-5272",
    "CVE-2026-5273",
    "CVE-2026-5274",
    "CVE-2026-5275",
    "CVE-2026-5276",
    "CVE-2026-5277",
    "CVE-2026-5278",
    "CVE-2026-5279",
    "CVE-2026-5280",
    "CVE-2026-5281",
    "CVE-2026-5282",
    "CVE-2026-5283",
    "CVE-2026-5284",
    "CVE-2026-5285",
    "CVE-2026-5286",
    "CVE-2026-5287",
    "CVE-2026-5288",
    "CVE-2026-5289",
    "CVE-2026-5290",
    "CVE-2026-5291",
    "CVE-2026-5292",
    "CVE-2026-5858",
    "CVE-2026-5859",
    "CVE-2026-5860",
    "CVE-2026-5861",
    "CVE-2026-5862",
    "CVE-2026-5863",
    "CVE-2026-5864",
    "CVE-2026-5865",
    "CVE-2026-5866",
    "CVE-2026-5867",
    "CVE-2026-5868",
    "CVE-2026-5869",
    "CVE-2026-5870",
    "CVE-2026-5871",
    "CVE-2026-5872",
    "CVE-2026-5873",
    "CVE-2026-5874",
    "CVE-2026-5875",
    "CVE-2026-5876",
    "CVE-2026-5877",
    "CVE-2026-5878",
    "CVE-2026-5879",
    "CVE-2026-5880",
    "CVE-2026-5881",
    "CVE-2026-5882",
    "CVE-2026-5883",
    "CVE-2026-5884",
    "CVE-2026-5885",
    "CVE-2026-5886",
    "CVE-2026-5887",
    "CVE-2026-5888",
    "CVE-2026-5889",
    "CVE-2026-5890",
    "CVE-2026-5891",
    "CVE-2026-5892",
    "CVE-2026-5893",
    "CVE-2026-5894",
    "CVE-2026-5895",
    "CVE-2026-5896",
    "CVE-2026-5897",
    "CVE-2026-5898",
    "CVE-2026-5899",
    "CVE-2026-5900",
    "CVE-2026-5901",
    "CVE-2026-5902",
    "CVE-2026-5903",
    "CVE-2026-5904",
    "CVE-2026-5905",
    "CVE-2026-5906",
    "CVE-2026-5907",
    "CVE-2026-5908",
    "CVE-2026-5909",
    "CVE-2026-5910",
    "CVE-2026-5911",
    "CVE-2026-5912",
    "CVE-2026-5913",
    "CVE-2026-5914",
    "CVE-2026-5915",
    "CVE-2026-5918",
    "CVE-2026-5919",
    "CVE-2026-6296",
    "CVE-2026-6297",
    "CVE-2026-6298",
    "CVE-2026-6299",
    "CVE-2026-6300",
    "CVE-2026-6301",
    "CVE-2026-6302",
    "CVE-2026-6303",
    "CVE-2026-6304",
    "CVE-2026-6305",
    "CVE-2026-6306",
    "CVE-2026-6307",
    "CVE-2026-6308",
    "CVE-2026-6309",
    "CVE-2026-6310",
    "CVE-2026-6311",
    "CVE-2026-6312",
    "CVE-2026-6313",
    "CVE-2026-6314",
    "CVE-2026-6315",
    "CVE-2026-6316",
    "CVE-2026-6317",
    "CVE-2026-6318",
    "CVE-2026-6319",
    "CVE-2026-6358",
    "CVE-2026-6359",
    "CVE-2026-6360",
    "CVE-2026-6361",
    "CVE-2026-6362",
    "CVE-2026-6363",
    "CVE-2026-6364"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/04/15");
  script_xref(name:"FEDORA", value:"2026-3675ac2066");

  script_name(english:"Fedora 42 : chromium (2026-3675ac2066)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2026-3675ac2066 advisory.

    Update to 147.0.7727.101

      * Critical CVE-2026-6296: Heap buffer overflow in ANGLE
      * Critical CVE-2026-6297: Use after free in Proxy
      * Critical CVE-2026-6298: Heap buffer overflow in Skia
      * Critical CVE-2026-6299: Use after free in Prerender
      * Critical CVE-2026-6358: Use after free in XR
      * High CVE-2026-6359: Use after free in Video
      * High CVE-2026-6300: Use after free in CSS
      * High CVE-2026-6301: Type Confusion in Turbofan
      * High CVE-2026-6302: Use after free in Video
      * High CVE-2026-6303: Use after free in Codecs
      * High CVE-2026-6304: Use after free in Graphite
      * High CVE-2026-6305: Heap buffer overflow in PDFium
      * High CVE-2026-6306: Heap buffer overflow in PDFium
      * High CVE-2026-6307: Type Confusion in Turbofan
      * High CVE-2026-6308: Out of bounds read in Media
      * High CVE-2026-6309: Use after free in Viz
      * High CVE-2026-6360: Use after free in FileSystem
      * High CVE-2026-6310: Use after free in Dawn
      * High CVE-2026-6311: Uninitialized Use in Accessibility
      * High CVE-2026-6312: Insufficient policy enforcement in Passwords
      * High CVE-2026-6313: Insufficient policy enforcement in CORS
      * High CVE-2026-6314: Out of bounds write in GPU
      * High CVE-2026-6315: Use after free in Permissions
      * High CVE-2026-6316: Use after free in Forms
      * High CVE-2026-6361: Heap buffer overflow in PDFium
      * High CVE-2026-6362: Use after free in Codecs
      * High CVE-2026-6317: Use after free in Cast
      * Medium CVE-2026-6363: Type Confusion in V8
      * Medium CVE-2026-6318: Use after free in Codecs
      * Medium CVE-2026-6319: Use after free in Payments
      * Medium CVE-2026-6364: Out of bounds read in Skia


    ----

    Update to 147.0.7727.55

      * Critical CVE-2026-5858: Heap buffer overflow in WebML
      * Critical CVE-2026-5859: Integer overflow in WebML
      * High CVE-2026-5860: Use after free in WebRTC
      * High CVE-2026-5861: Use after free in V8
      * High CVE-2026-5862: Inappropriate implementation in V8
      * High CVE-2026-5863: Inappropriate implementation in V8
      * High CVE-2026-5864: Heap buffer overflow in WebAudio
      * High CVE-2026-5865: Type Confusion in V8
      * High CVE-2026-5866: Use after free in Media
      * High CVE-2026-5867: Heap buffer overflow in WebML
      * High CVE-2026-5868: Heap buffer overflow in ANGLE
      * High CVE-2026-5869: Heap buffer overflow in WebML
      * High CVE-2026-5870: Integer overflow in Skia
      * High CVE-2026-5871: Type Confusion in V8
      * High CVE-2026-5872: Use after free in Blink
      * High CVE-2026-5873: Out of bounds read and write in V8
      * Medium CVE-2026-5874: Use after free in PrivateAI
      * Medium CVE-2026-5875: Policy bypass in Blink
      * Medium CVE-2026-5876: Side-channel information leakage in Navigation
      * Medium CVE-2026-5877: Use after free in Navigation
      * Medium CVE-2026-5878: Incorrect security UI in Blink
      * Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
      * Medium CVE-2026-5880: Incorrect security UI in browser UI
      * Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
      * Medium CVE-2026-5882: Incorrect security UI in Fullscreen
      * Medium CVE-2026-5883: Use after free in Media
      * Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
      * Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
      * Medium CVE-2026-5886: Out of bounds read in WebAudio
      * Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
      * Medium CVE-2026-5888: Uninitialized Use in WebCodecs
      * Medium CVE-2026-5889: Cryptographic Flaw in PDFium
      * Medium CVE-2026-5890: Race in WebCodecs
      * Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
      * Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
      * Medium CVE-2026-5893: Race in V8
      * Low CVE-2026-5894: Inappropriate implementation in PDF
      * Low CVE-2026-5895: Incorrect security UI in Omnibox
      * Low CVE-2026-5896: Policy bypass in Audio
      * Low CVE-2026-5897: Incorrect security UI in Downloads
      * Low CVE-2026-5898: Incorrect security UI in Omnibox
      * Low CVE-2026-5899: Incorrect security UI in History Navigation
      * Low CVE-2026-5900: Policy bypass in Downloads
      * Low CVE-2026-5901: Policy bypass in DevTools
      * Low CVE-2026-5902: Race in Media
      * Low CVE-2026-5903: Policy bypass in IFrameSandbox
      * Low CVE-2026-5904: Use after free in V8
      * Low CVE-2026-5905: Incorrect security UI in Permissions
      * Low CVE-2026-5906: Incorrect security UI in Omnibox
      * Low CVE-2026-5907: Insufficient data validation in Media
      * Low CVE-2026-5908: Integer overflow in Media
      * Low CVE-2026-5909: Integer overflow in Media
      * Low CVE-2026-5910: Integer overflow in Media
      * Low CVE-2026-5911: Policy bypass in ServiceWorkers
      * Low CVE-2026-5912: Integer overflow in WebRTC
      * Low CVE-2026-5913: Out of bounds read in Blink
      * Low CVE-2026-5914: Type Confusion in CSS
      * Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
      * Low CVE-2026-5918: Inappropriate implementation in Navigation
      * Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets


    ----

    Update to 146.0.7680.177

      * High CVE-2026-5273: Use after free in CSS
      * High CVE-2026-5272: Heap buffer overflow in GPU
      * High CVE-2026-5274: Integer overflow in Codecs
      * High CVE-2026-5275: Heap buffer overflow in ANGLE
      * High CVE-2026-5276: Insufficient policy enforcement in WebUSB
      * High CVE-2026-5277: Integer overflow in ANGLE
      * High CVE-2026-5278: Use after free in Web MIDI
      * High CVE-2026-5279: Object corruption in V8
      * High CVE-2026-5280: Use after free in WebCodecs
      * High CVE-2026-5281: Use after free in Dawn
      * High CVE-2026-5282: Out of bounds read in WebCodecs
      * High CVE-2026-5283: Inappropriate implementation in ANGLE
      * High CVE-2026-5284: Use after free in Dawn
      * High CVE-2026-5285: Use after free in WebGL
      * High CVE-2026-5286: Use after free in Dawn
      * High CVE-2026-5287: Use after free in PDF
      * High CVE-2026-5288: Use after free in WebView
      * High CVE-2026-5289: Use after free in Navigation
      * High CVE-2026-5290: Use after free in Compositing
      * Medium CVE-2026-5291: Inappropriate implementation in WebGL
      * Medium CVE-2026-5292: Out of bounds read in WebCodecs


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-3675ac2066");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-5883");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:42");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^42([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 42', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '42',
    'pkgs': [
      {'reference':'chromium-147.0.7727.101-1.fc42', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation