chromium -- security fixes

Chrome Releases reports: This update includes 74 security fixes: 516501794 Critical CVE-2026-11628: Use after free in Ozone. 516674532 Critical CVE-2026-11629: Use after free in Ozone. 516677924 Critical CVE-2026-11630: Use after free in File Input. 516691130 Critical CVE-2026-11631: Use after fr...

CVE-2025-53844

creationtimestamp| type| source ---|---|--- 2026-05-14 00:08:08+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-critical-high-and-medium-vulnerabilities-fortinet-fortisandbox-fortios 2026-05-17 22:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mm3epeyxsy2u...

Fedora 43 : chromium (2026-af3f470d38)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-af3f470d38 advisory. The updates include fixes for: Critical CVE-2026-7363: Use after free in Canvas Critical CVE-2026-7361: Use after free in iOS Critical CVE-2026-7344...

Fedora 44 : chromium (2026-f5ed344d5c)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f5ed344d5c advisory. The updates include fixes for: Critical CVE-2026-7363: Use after free in Canvas Critical CVE-2026-7361: Use after free in iOS Critical CVE-2026-7344...

Fedora 43 : chromium (2026-952f3c3d9e)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-952f3c3d9e advisory. Update to 147.0.7727.55 Critical CVE-2026-5858: Heap buffer overflow in WebML Critical CVE-2026-5859: Integer overflow in WebML High CVE-2026-5860:...

PT-2026-4684

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4703

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the PackageInstallerService.java component, specifically within the createSessionInternal function. This issue allows an application to potentially alter its ownership due to...

PT-2026-4712

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An integer overflow in multiple functions within ubsan throwing runtime.cpp can cause a UBSan failure. This issue may lead to a remote denial of service without requiring additional executio...

PT-2026-4689

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2026-4715

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4709

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4693

In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4711

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4714

In multiple functions of ubsan throwing runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4707

Name of the Vulnerable Software and Affected Versions ManagedServices affected versions not specified Description An issue exists in the setPackageOrComponentEnabled function of ManagedServices.java related to improper input validation. This can result in a notification policy desync, potentially...

PT-2026-4696

In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4701

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0021 Description A cross-user permission bypass exists due to a confused deputy condition in the hasInteractAcrossUsersFullPermission function within the AppInfoBase.java file. This could allow for local escalation of...

PT-2026-4683

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper input validation in multiple locations allows for the unauthorized revelation of images across different users. This issue can lead to local escalation ...

PT-2026-4706

Look at the security patch preview section of https://t.co/ySklSke3uy. These are from the upcoming patch levels: Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044 High: CVE-2025-22424, CVE-2025-22426, CVE-2025-32348, CVE-2025-48561, CVE-2025-48615,...

PT-2026-4710

Name of the Vulnerable Software and Affected Versions GrapheneOS versions prior to 2026030200 Description An integer overflow in multiple functions within ubsan throwing runtime.cpp can lead to a persistent denial of service. This issue allows for remote denial of service without requiring...