Chromium: CVE-2026-11687 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

DEBIAN-CVE-2026-11687

Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11101

Uninitialized Use in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-10909

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

OPENSUSE-SU-2026:20588-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 147.0.7727.101 boo1262174 CVE-2026-6296: Heap buffer overflow in ANGLE CVE-2026-6297: Use after free in Proxy CVE-2026-6298: Heap buffer overflow in Skia CVE-2026-6299: Use after free in Prerender CVE-2026-6358:...

SUSE CVE-2026-6310

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-5284

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-4676

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

KLA90951 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in WebAudio can be exploited to cause denial of service. 2...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.164/165 for Windows/Mac and 146.0.7680.164 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Google Chrome < 124.0.6367.78 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 124.0.6367.78. It is, therefore, affected by multiple vulnerabilities as referenced in the 202404stable-channel-update-for-desktop24 advisory. - Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a...

CVE-2025-10500

Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Fedora 41 : chromium (2025-f814c5f499)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f814c5f499 advisory. - Update to 140.0.7339.185 CVE-2025-10585: Type Confusion in V8 CVE-2025-10500: Use after free in Dawn CVE-2025-10501: Use after free in WebRTC...

Fedora 43 : chromium (2025-2cec357f64)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2cec357f64 advisory. - Update to 140.0.7339.185 CVE-2025-10585: Type Confusion in V8 CVE-2025-10500: Use after free in Dawn CVE-2025-10501: Use after free in WebRTC...

Fedora 42 : chromium (2025-bb1ae3ee9c)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-bb1ae3ee9c advisory. - Update to 140.0.7339.185 CVE-2025-10585: Type Confusion in V8 CVE-2025-10500: Use after free in Dawn CVE-2025-10501: Use after free in WebRTC...

Microsoft Edge (Chromium) < 140.0.3485.81 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 140.0.3485.81. It is, therefore, affected by multiple vulnerabilities as referenced in the September 19, 2025 advisory. - Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16. CVE-2025-10585 - U...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0368-1 Rating: important References: 1249999 Cross-References: CVE-2025-10500 CVE-2025-10501 CVE-2025-10502 CVE-2025-10585 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes four...

Stable Channel Update for Desktop

The Stable channel has been updated to 140.0.7339.185/.186 for Windows/Mac, and 140.0.7339.185 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

Google Chrome < 140.0.7339.185 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 140.0.7339.185. It is, therefore, affected by multiple vulnerabilities as referenced in the 202509stable-channel-update-for-desktop17 advisory. - Use after free in WebRTC. Reported by sherkito on 2025-08-23...

SUSE CVE-2024-4948

Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...