Fedora 44 : chromium (2026-6e868c481c)

🗓️ 13 Mar 2026 00:00:00Reported by TenableType

Fedora 44 chromium update to 146.0.7680.71 fixes WebML and UI security flaws.

Reporter	Title	Published	Views	Family All 659
FreeBSD	qt6-webengine -- multiple vulnerabilities	29 Jan 202600:00	–	freebsd
FreeBSD	chromium -- security fixes	10 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-3930	11 Mar 202622:04	–	attackerkb
ATTACKERKB	CVE-2026-3923	11 Mar 202622:04	–	attackerkb
ATTACKERKB	CVE-2026-3929	11 Mar 202622:04	–	attackerkb
ATTACKERKB	CVE-2026-3920	11 Mar 202622:04	–	attackerkb
ATTACKERKB	CVE-2026-3919	11 Mar 202622:04	–	attackerkb
ATTACKERKB	CVE-2026-3918	11 Mar 202622:04	–	attackerkb
ATTACKERKB	CVE-2026-3935	11 Mar 202622:04	–	attackerkb
ATTACKERKB	CVE-2026-3932	11 Mar 202622:04	–	attackerkb

Source	Link
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2026-6e868c481c
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-6e868c481c
#

include('compat.inc');

if (description)
{
  script_id(302231);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/18");

  script_cve_id(
    "CVE-2026-3913",
    "CVE-2026-3914",
    "CVE-2026-3915",
    "CVE-2026-3916",
    "CVE-2026-3917",
    "CVE-2026-3918",
    "CVE-2026-3919",
    "CVE-2026-3920",
    "CVE-2026-3921",
    "CVE-2026-3922",
    "CVE-2026-3923",
    "CVE-2026-3924",
    "CVE-2026-3925",
    "CVE-2026-3926",
    "CVE-2026-3927",
    "CVE-2026-3928",
    "CVE-2026-3929",
    "CVE-2026-3930",
    "CVE-2026-3931",
    "CVE-2026-3932",
    "CVE-2026-3934",
    "CVE-2026-3935",
    "CVE-2026-3936",
    "CVE-2026-3937",
    "CVE-2026-3938",
    "CVE-2026-3939",
    "CVE-2026-3940",
    "CVE-2026-3941",
    "CVE-2026-3942"
  );
  script_xref(name:"FEDORA", value:"2026-6e868c481c");

  script_name(english:"Fedora 44 : chromium (2026-6e868c481c)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2026-6e868c481c advisory.

    Update to 146.0.7680.71

          * CVE-2026-3913: Heap buffer overflow in WebML
          * CVE-2026-3914: Integer overflow in WebML
          * CVE-2026-3915: Heap buffer overflow in WebML
          * CVE-2026-3916: Out of bounds read in Web Speech
          * CVE-2026-3917: Use after free in Agents
          * CVE-2026-3918: Use after free in WebMCP
          * CVE-2026-3919: Use after free in Extensions
          * CVE-2026-3920: Out of bounds memory access in WebML
          * CVE-2026-3921: Use after free in TextEncoding
          * CVE-2026-3922: Use after free in MediaStream
          * CVE-2026-3923: Use after free in WebMIDI
          * CVE-2026-3924: Use after free in WindowDialog
          * CVE-2026-3925: Incorrect security UI in LookalikeChecks
          * CVE-2026-3926: Out of bounds read in V8
          * CVE-2026-3927: Incorrect security UI in PictureInPicture
          * CVE-2026-3928: Insufficient policy enforcement in Extensions
          * CVE-2026-3929: Side-channel information leakage in ResourceTiming
          * CVE-2026-3930: Unsafe navigation in Navigation
          * CVE-2026-3931: Heap buffer overflow in Skia
          * CVE-2026-3932: Insufficient policy enforcement in PDF
          * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
          * CVE-2026-3935: Incorrect security UI in WebAppInstalls
          * CVE-2026-3936: Use after free in WebView
          * CVE-2026-3937: Incorrect security UI in Downloads
          * CVE-2026-3938: Insufficient policy enforcement in Clipboard
          * CVE-2026-3939: Insufficient policy enforcement in PDF
          * CVE-2026-3940: Insufficient policy enforcement in DevTools
          * CVE-2026-3941: Insufficient policy enforcement in DevTools
          * CVE-2026-3942: Incorrect security UI in PictureInPicture


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-6e868c481c");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-3936");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-3932");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:44");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^44([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 44', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '44',
    'pkgs': [
      {'reference':'chromium-146.0.7680.71-1.fc44', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');
}

18 Mar 2026 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.5 - 9.6

EPSS0.00148

SSVC