Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: chromium-headless | Distribution: Fedora Project |
Version: 139.0.7258.138 | Vendor: Fedora Project |
Release: 1.el10_1 | Build date: Fri Aug 22 14:43:29 2025 |
Group: Unspecified | Build host: buildvm-a64-34.rdu3.fedoraproject.org |
Size: 154003934 | Source RPM: chromium-139.0.7258.138-1.el10_1.src.rpm |
Packager: Fedora Project | |
Url: http://www.chromium.org/Home | |
Summary: A minimal headless shell built from Chromium |
A minimal headless client built from Chromium. headless_shell is built without support for alsa, cups, dbus, gconf, gio, kerberos, pulseaudio, or udev.
BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
* Fri Aug 22 2025 Than Ngo <than@redhat.com> - 139.0.7258.138-1 - Updated to 139.0.7258.138 * CVE-2025-9132: Out of bounds write in V8 * Wed Aug 20 2025 Dominik Mierzejewski <dominik@greysector.net> - 139.0.7258.127-2 - Drop unused yasm build dependency see https://fedoraproject.org/wiki/Changes/DeprecateYASM * Wed Aug 13 2025 Than Ngo <than@redhat.com> - 139.0.7258.127-1 - Updated to 139.0.7258.127 * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Tue Aug 05 2025 Than Ngo <than@redhat.com> - 139.0.7258.66-1 - Updated to 139.0.7258.66 * CVE-2025-8576: Use after free in Extensions * CVE-2025-8578: Use after free in Cast * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome * CVE-2025-8580: Inappropriate implementation in Filesystems * CVE-2025-8581: Inappropriate implementation in Extensions * CVE-2025-8582: Insufficient validation of untrusted input in DOM * CVE-2025-8583: Inappropriate implementation in Permissions * Mon Aug 04 2025 Tom Stellard <tstellar@redhat.com> - 138.0.7204.183-2 - Backport fix for build failure with clang-21 * Wed Jul 30 2025 Than Ngo <than@redhat.com> - 138.0.7204.183-1 - Update to 138.0.7204.183 * CVE-2025-8292: Use after free in Media Stream * Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 138.0.7204.168-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Wed Jul 23 2025 Than Ngo <than@redhat.com> - 138.0.7204.168-1 - Update to 138.0.7204.168 * CVE-2025-8010: Type Confusion in V8 * CVE-2025-8011: Type Confusion in V8 * Wed Jul 16 2025 Than Ngo <than@redhat.com> - 138.0.7204.157-1 - Update to 138.0.7204.157 * CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU * Fri Jul 11 2025 Tom Stellard <tstellar@redhat.com> -138.0.7204.100-2 - Update rust-clanglib patch for clang 21 * Wed Jul 09 2025 Than Ngo <than@redhat.com> - 138.0.7204.100-1 - Update to 138.0.7204.100 * Tue Jul 01 2025 Than Ngo <than@redhat.com> - 138.0.7204.92-1 - Update to 138.0.7204.92 * High CVE-2025-6554: Type Confusion in V8 * Tue Jun 24 2025 Than Ngo <than@redhat.com> - 138.0.7204.49-1 - Update to 138.0.7204.49 * CVE-2025-6555: Use after free in Animation * CVE-2025-6556: Insufficient policy enforcement in Loader * CVE-2025-6557: Insufficient data validation in DevTools * Wed Jun 18 2025 Than Ngo <than@redhat.com> - 137.0.7151.119-1 - Update to 137.0.7151.119 * CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler * Wed Jun 11 2025 Than Ngo <than@redhat.com> - 137.0.7151.103-1 - Update to 137.0.7151.103 * CVE-2025-5958: Use after free in Media * CVE-2025-5959: Type Confusion in V8 - Provide correct version for bundle librarires - Fix rhbz#2368923, Chromium crash * Tue Jun 03 2025 Than Ngo <than@redhat.com> - 137.0.7151.68-1 - Update to 137.0.7151.68 * CVE-2025-5419: Out of bounds read and write in V8 * CVE-2025-5068: Use after free in Blink * Tue May 27 2025 Than Ngo <than@redhat.com> - 137.0.7151.55-1 - Update to 137.0.7151.55 * CVE-2025-5063: Use after free in Compositing * CVE-2025-5280: Out of bounds write in V8 * CVE-2025-5064: Inappropriate implementation in Background Fetch API * CVE-2025-5065: Inappropriate implementation in FileSystemAccess API * CVE-2025-5066: Inappropriate implementation in Messages * CVE-2025-5281: Inappropriate implementation in BFCache * CVE-2025-5283: Use after free in libvpx * CVE-2025-5067: Inappropriate implementation in Tab Strip - Fix FTBFS caused by simdutf and pdfium-png_decoder - Remove chromium-135-gperf.patch and chromium-135-add-cfi-suppressions-for-pipewire-functions.patch, merged by upstream - Refresh ppc64le patches - Enable system simdutf for F43 * Tue May 27 2025 Jitka Plesnikova <jplesnik@redhat.com> - 136.0.7103.113-2 - Rebuilt for flac 1.5.0 * Wed May 14 2025 Than Ngo <than@redhat.com> - 136.0.7103.113-1 - Update to 136.0.7103.113 * CVE-2025-4664: Insufficient policy enforcement in Loader * CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo * Wed May 07 2025 Than Ngo <than@redhat.com> - 136.0.7103.92-1 - Update to 136.0.7103.92 * CVE-2025-4372: Use after free in WebAudio * Tue Apr 29 2025 Than Ngo <than@redhat.com> - 136.0.7103.59-1 - Update to 136.0.7103.59 * CVE-2025-4096: Heap buffer overflow in HTML * CVE-2025-4050: Out of bounds memory access in DevTools * CVE-2025-4051: Insufficient data validation in DevTools * CVE-2025-4052: Inappropriate implementation in DevTools * Thu Apr 24 2025 Than Ngo <than@redhat.com> - 136.0.7103.48-1 - Update to 136.0.7103.48 * Wed Apr 23 2025 Than Ngo <than@redhat.com> - 135.0.7049.114-1 - Update to 135.0.7049.114 * Wed Apr 16 2025 Than Ngo <than@redhat.com> - 135.0.7049.95-1 - Update to 135.0.7049.95 * CVE-2025-3619: Heap buffer overflow in Codecs * CVE-2025-3620: Use after free in USB * Wed Apr 09 2025 Than Ngo <than@redhat.com> - 135.0.7049.84-1 - Update to 135.0.7049.84 * CVE-2025-3066: Use after free in Site Isolation * Wed Apr 02 2025 Jan Grulich <jgrulich@redhat.com> - 135.0.7049.52-2 - Add CFI suppressions for inline PipeWire functions * Tue Apr 01 2025 Than Ngo <than@redhat.com> - 135.0.7049.52-1 - Update to 135.0.7049.52 * Fri Mar 28 2025 Than Ngo <than@redhat.com> - 135.0.7049.41-1 - Update to 135.0.7049.41 * Mon Mar 24 2025 Than Ngo <than@redhat.com> - 134.0.6998.165-1 - Update to 134.0.6998.165 - Fixed rhbz#2354377 - Enable ppc64le support for el10 * Thu Mar 20 2025 Than Ngo <than@redhat.com> - 134.0.6998.117-1 - Update to 134.0.6998.117 * Critical CVE-2025-2476: Use after free in Lens * Mon Mar 17 2025 Than Ngo <than@redhat.com> - 134.0.6998.88-4 - Fixed rhbz#2352698, rebuild for noopenh264 2.6.0 * Fri Mar 14 2025 Than Ngo <than@redhat.com> - 134.0.6998.88-3 - Fixed build errors on ppc64le * Thu Mar 13 2025 Fabio Valentini <decathorpe@gmail.com> - 134.0.6998.88-2 - Rebuild for noopenh264 2.6.0 * Tue Mar 11 2025 Than Ngo <than@redhat.com> - 134.0.6998.88-1 - Update to 134.0.6998.88 * High CVE-2025-1920: Type Confusion in V8 * High CVE-2025-2135: Type Confusion in V8 * High CVE-TBD: Out of bounds write in GPU * Medium CVE-2025-2136: Use after free in Inspector * Medium CVE-2025-2137: Out of bounds read in V8 * Wed Mar 05 2025 Than Ngo <than@redhat.com> - 134.0.6998.35-1 - Update to 134.0.6998.35 * CVE-2025-1914: Out of bounds read in V8 * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools * CVE-2025-1916: Use after free in Profiles * CVE-2025-1917: Inappropriate Implementation in Browser UI * CVE-2025-1918: Out of bounds read in PDFium * CVE-2025-1919: Out of bounds read in Media * CVE-2025-1921: Inappropriate Implementation in Media Stream * CVE-2025-1922: Inappropriate Implementation in Selection * CVE-2025-1923: Inappropriate Implementation in Permission Prompts * Wed Feb 26 2025 Than Ngo <than@redhat.com> - 133.0.6943.141-1 - Update to 133.0.6943.141 * Wed Feb 19 2025 Than Ngo <than@redhat.com> - 133.0.6943.126-1 - Update to 133.0.6943.126 * CVE-2025-0999: Heap buffer overflow in V8 * CVE-2025-1426: Heap buffer overflow in GPU * CVE-2025-1006: Use after free in Network * Thu Feb 13 2025 Than Ngo <than@redhat.com> - 133.0.6943.98-1 - Update to 133.0.6943.98 * CVE-2025-0995: Use after free in V8 * CVE-2025-0996: Inappropriate implementation in Browser UI * CVE-2025-0997: Use after free in Navigation * CVE-2025-0998: Out of bounds memory access in V8 * Tue Feb 04 2025 Than Ngo <than@redhat.com> - 133.0.6943.53-1 - Update to 133.0.6943.53 * CVE-2025-0444: Use after free in Skia * CVE-2025-0445: Use after free in V8 * CVE-2025-0451: Inappropriate implementation in Extensions API * Wed Jan 29 2025 Than Ngo <than@redhat.com> - 132.0.6834.159-1 - Updated to 132.0.6834.159 * Medium CVE-2025-0762: Use after free in DevTools * Thu Jan 23 2025 Than Ngo <than@redhat.com> - 132.0.6834.110-1 - Update to 132.0.6834.110 * High CVE-2025-0611: Object corruption in V8 * High CVE-2025-0612: Out of bounds memory access in V8 * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 132.0.6834.83-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jan 15 2025 Than Ngo <than@redhat.com> - 132.0.6834.83-1 - Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics * High CVE-2025-0438: Stack buffer overflow in Tracing * Medium CVE-2025-0439: Race in Frames * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen * Medium CVE-2025-0441: Inappropriate implementation in Fenced * Medium CVE-2025-0442: Inappropriate implementation in Payments * Medium CVE-2025-0443: Insufficient data validation in Extensions * Low CVE-2025-0446: Inappropriate implementation in Extensions * Low CVE-2025-0447: Inappropriate implementation in Navigation * Low CVE-2025-0448: Inappropriate implementation in Compositing * Wed Jan 08 2025 Than Ngo <than@redhat.com> - 131.0.6778.264-1 - Update to 131.0.6778.264 * High CVE-2025-0291: Type Confusion in V8 * Thu Dec 19 2024 Than Ngo <than@redhat.com> - 131.0.6778.204-1 - Update to 131.0.6778.204 * High CVE-2024-12692: Type Confusion in V8 * High CVE-2024-12693: Out of bounds memory access in V8 * High CVE-2024-12694: Use after free in Compositing * High CVE-2024-12695: Out of bounds write in V8 * Wed Dec 11 2024 Than Ngo <than@redhat.com> - 131.0.6778.139-1 - Update to 131.0.6778.139 * High CVE-2024-12381: Type Confusion in V8 * High CVE-2024-12382: Use after free in Translate * Wed Dec 04 2024 Than Ngo <than@redhat.com> - 131.0.6778.108-1 - Update to 131.0.6778.108 * High CVE-2024-12053: Type Confusion in V8 * Sat Nov 23 2024 Than Ngo <than@redhat.com> - 131.0.6778.85-2 - Enable qt-ui - Workaround for random crash * Wed Nov 20 2024 Than Ngo <than@redhat.com> - 131.0.6778.85-1 - Update to 131.0.6778.85 * High CVE-2024-11395: Type Confusion in V8 * Tue Nov 12 2024 Than Ngo <than@redhat.com> - 131.0.6778.69-1 - Update to 131.0.6778.69 * High CVE-2024-11110: Inappropriate implementation in Blink * Medium CVE-2024-11111: Inappropriate implementation in Autofill * Medium CVE-2024-11112: Use after free in Media * Medium CVE-2024-11113: Use after free in Accessibility * Medium CVE-2024-11114: Inappropriate implementation in Views * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation * Medium CVE-2024-11116: Inappropriate implementation in Paint * Low CVE-2024-11117: Inappropriate implementation in FileSystem * Sun Nov 10 2024 Than Ngo <than@redhat.com> - 130.0.6723.116-1 - Update to 130.0.6723.116 * High CVE-2024-10826: Use after free in Family Experience * High CVE-2024-10827: Use after free in Serial * Wed Oct 30 2024 Than Ngo <than@redhat.com> - 130.0.6723.91-1 - Update to 130.0.6723.91 * Critical CVE-2024-10487: Out of bounds write in Dawn * High CVE-2024-10488: Use after free in WebRTC * Sat Oct 26 2024 Than Ngo <than@redhat.com> - 130.0.6723.69-1 - Update to 130.0.6723.69 * High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8 * Mon Oct 21 2024 Than Ngo <than@redhat.com> - 130.0.6723.58-2 - Add missing pthread stack size for ppc64 (openpower-patches) * Wed Oct 16 2024 Than Ngo <than@redhat.com> - 130.0.6723.58-1 - update to 130.0.6723.58 * High CVE-2024-9954: Use after free in AI * Medium CVE-2024-9955: Use after free in Web Authentication * Medium CVE-2024-9956: Inappropriate implementation in Web Authentication * Medium CVE-2024-9957: Use after free in UI * Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture * Medium CVE-2024-9959: Use after free in DevTools * Medium CVE-2024-9960: Use after free in Dawn * Medium CVE-2024-9961: Use after free in Parcel Tracking * Medium CVE-2024-9962: Inappropriate implementation in Permissions * Medium CVE-2024-9963: Insufficient data validation in Downloads * Low CVE-2024-9964: Inappropriate implementation in Payments * Low CVE-2024-9965: Insufficient data validation in DevTools * Low CVE-2024-9966: Inappropriate implementation in Navigations * Wed Oct 09 2024 Than Ngo <than@redhat.com> - 129.0.6668.100-1 - update to 129.0.6668.100 * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V8 * Wed Oct 02 2024 Than Ngo <than@redhat.com> - 129.0.6668.89-1 - update to 129.0.6668.89 * High CVE -2024-7025: Integer overflow in Layout * High CVE-2024-9369: Insufficient data validation in Mojo * High CVE-2024-9370: Inappropriate implementation in V8 * Mon Sep 30 2024 Than Ngo <than@redhat.com> - 129.0.6668.70-3 - add clang-19 support * Fri Sep 27 2024 Dominik Mierzejewski <dominik@greysector.net> - 129.0.6668.70-2 - Rebuilt for FFmpeg 7 * Wed Sep 25 2024 Than Ngo <than@redhat.com> - 129.0.6668.70-1 - update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High CVE-2024-9123: Integer overflow in Skia * Thu Sep 19 2024 Than Ngo <than@redhat.com> - 129.0.6668.58-2 - clean up * Tue Sep 17 2024 Than Ngo <than@redhat.com> - 129.0.6668.58-1 - update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium CVE-2024-8905: Inappropriate implementation in V8 * Medium CVE-2024-8906: Incorrect security UI in Downloads * Medium CVE-2024-8907: Insufficient data validation in Omnibox * Low CVE-2024-8908: Inappropriate implementation in Autofill * Low CVE-2024-8909: Inappropriate implementation in UI * Wed Sep 11 2024 Than Ngo <than@redhat.com> - 128.0.6613.137-1 - update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill * Thu Sep 05 2024 Than Ngo <than@redhat.com> - 128.0.6613.119-1 - update to 128.0.6613.119 * High CVE-2024-8362: Use after free in WebAudio * High CVE-2024-7970: Out of bounds write in V8 * Wed Aug 07 2024 Than Ngo <than@redhat.com> - 127.0.6533.99-1 - update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8 * High CVE-2024-7534: Heap buffer overflow in Layout * High CVE-2024-7535: Inappropriate implementation in V8 * High CVE-2024-7536: Use after free in WebAudio * Tue Aug 06 2024 Than Ngo <than@redhat.com> - 127.0.6533.88-3 - fix rhbz#2294773 - Allow enabling vulkan on ozone wayland for AMD vaapi - add ppc64le patch to fix runtime assertion trap on ppc64el systems - refresh ppc64le patch to work around broken 64k allocator code on arm64 * Thu Aug 01 2024 Than Ngo <than@redhat.com> - 127.0.6533.88-2 - remove old patch that seems to be the cause of a crash when the user set user.max_user_namespaces to 0 * Wed Jul 31 2024 Than Ngo <than@redhat.com> - 127.0.6533.88-1 - update to 127.0.6533.88 * Wed Jul 24 2024 Than Ngo <than@redhat.com> - 127.0.6533.72-1 - update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe * Sat Jul 20 2024 Than Ngo <than@redhat.com> - 126.0.6478.182-2 - fix condition for is_cfi/use_thin_lto on aarch64/ppc64le - update powerpc patches * Tue Jul 16 2024 Than Ngo <than@redhat.com> - 126.0.6478.182-1 - update to 126.0.6478.182 * High CVE-2024-6772: Inappropriate implementation in V8 * High CVE-2024-6773: Type Confusion in V8 * High CVE-2024-6774: Use after free in Screen Capture * High CVE-2024-6775: Use after free in Media Stream * High CVE-2024-6776: Use after free in Audio * High CVE-2024-6777: Use after free in Navigation * High CVE-2024-6778: Race in DevTools * High CVE-2024-6779: Out of bounds memory access in V8 * Sun Jul 07 2024 Than Ngo <than@redhat.com> - 126.0.6478.126-2 - fixed rhbz#2293202, chromium Wayland UI regression * Tue Jun 25 2024 Than Ngo <than@redhat.com> - 126.0.6478.126-1 - update to 126.0.6478.126 * High CVE-2024-6290: Use after free in Dawn * High CVE-2024-6291: Use after free in Swiftshader * High CVE-2024-6292: Use after free in Dawn * High CVE-2024-6293: Use after free in Dawn * Wed Jun 19 2024 Than Ngo <than@redhat.com> - 126.0.6478.114-1 - update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High CVE-2024-6102: Out of bounds memory access in Dawn * High CVE-2024-6103: Use after free in Dawn * Wed Jun 12 2024 Than Ngo <than@redhat.com> - 126.0.6478.55-1 - update to 126.0.6478.55 * High CVE-2024-5830: Type Confusion in V8 * High CVE-2024-5831: Use after free in Dawn * High CVE-2024-5832: Use after free in Dawn * High CVE-2024-5833: Type Confusion in V8 * High CVE-2024-5834: Inappropriate implementation in Dawn * High CVE-2024-5835: Heap buffer overflow in Tab Groups * High CVE-2024-5836: Inappropriate Implementation in DevTools * High CVE-2024-5837: Type Confusion in V8 * High CVE-2024-5838: Type Confusion in V8 * Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator * Medium CVE-2024-5840: Policy Bypass in CORS * Medium CVE-2024-5841: Use after free in V8 * Medium CVE-2024-5842: Use after free in Browser UI * Medium CVE-2024-5843: Inappropriate implementation in Downloads * Medium CVE-2024-5844: Heap buffer overflow in Tab Strip * Medium CVE-2024-5845: Use after free in Audio * Medium CVE-2024-5846: Use after free in PDFium * Medium CVE-2024-5847: Use after free in PDFium * Fri May 31 2024 Than Ngo <than@redhat.com> - 125.0.6422.141-1 - update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High CVE-2024-5495: Use after free in Dawn * High CVE-2024-5496: Use after free in Media Session * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * High CVE-2024-5498: Use after free in Presentation API * High CVE-2024-5499: Out of bounds write in Streams API - fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams - cleanup chromium.conf * Wed May 29 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-3 - build against noopenh264 * Tue May 28 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-2 - Workaround for build error on pp64le * Sun May 26 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-1 - update to 125.0.6422.112 * High CVE-2024-5274: Type Confusion in V8 * Wed May 22 2024 Than Ngo <than@redhat.com> - 125.0.6422.76-1 - fix bz#2282246, update to 125.0.6422.76 * High CVE-2024-5157: Use after free in Scheduling * High CVE-2024-5158: Type Confusion in V8 * High CVE-2024-5159: Heap buffer overflow in ANGLE * High CVE-2024-5160: Heap buffer overflow in Dawn - cleanup * Mon May 20 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-3 - remove unneeded BRs - workarounds for el7 build * Sun May 19 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-2 - fix build errors on el7 * Thu May 16 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-1 - update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High CVE-2024-4948: Use after free in Dawn * Medium CVE-2024-4949: Use after free in V8 * Low CVE-2024-4950: Inappropriate implementation in Downloads * Sun May 12 2024 Than Ngo <than@redhat.com> - 125.0.6422.41-1 - update to 125.0.6422.41 * Sat May 11 2024 Than Ngo <than@redhat.com> - 124.0.6367.201-2 - include headless_command_resources.pak for headless_shell * Fri May 10 2024 Than Ngo <than@redhat.com> - 124.0.6367.201-1 - update to 124.0.6367.201 * High CVE-2024-4671: Use after free in Visuals * Wed May 08 2024 Than Ngo <than@redhat.com> - 124.0.6367.155-1 - update to 124.0.6367.155 * High CVE-2024-4558: Use after free in ANGLE * High CVE-2024-4559: Heap buffer overflow in WebAudio * Sun May 05 2024 Than Ngo <than@redhat.com> - 124.0.6367.118-2 - fixed build errors on el8 - refreshed clean_ffmpeg.sh - added missing files for bundle ffmpeg * Wed May 01 2024 Than Ngo <than@redhat.com> - 124.0.6367.118-1 - update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn - use system highway * Sat Apr 27 2024 Than Ngo <than@redhat.com> - 124.0.6367.91-1 - update to 124.0.6367.91 - fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error) - use system dav1d * Wed Apr 24 2024 Than Ngo <than@redhat.com> - 124.0.6367.78-1 - update to 124.0.6367.78 * Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn * Sat Apr 20 2024 Than Ngo <than@redhat.com> - 124.0.6367.60-2 - fix waylang regression * Tue Apr 16 2024 Than Ngo <than@redhat.com> - 124.0.6367.60-1 - update to 124.0.6367.60 * Thu Apr 11 2024 Than Ngo <than@redhat.com> - 123.0.6312.122-1 - update to 123.0.6312.122 * High CVE-2024-3157: Out of bounds write in Compositing * High CVE-2024-3516: Heap buffer overflow in ANGLE * High CVE-2024-3515: Use after free in Dawn * Wed Apr 03 2024 Than Ngo <than@redhat.com> - 123.0.6312.105-1 - update to 123.0.6312.105 * High CVE-2024-3156: Inappropriate implementation in V8 * High CVE-2024-3158: Use after free in Bookmarks * High CVE-2024-3159: Out of bounds memory access in V8 * Wed Mar 27 2024 Than Ngo <than@redhat.com> - 123.0.6312.86-2 - update to 123.0.6312.86 * Critical CVE-2024-2883: Use after free in ANGLE * High CVE-2024-2885: Use after free in Daw * High CVE-2024-2886: Use after free in WebCodecs * High CVE-2024-2887: Type Confusion in WebAssembly * Sat Mar 23 2024 Than Ngo <than@redhat.com> - 123.0.6312.58-2 - fixed bz#2269768 - enable build ppc64le package for F40 - fixed bz#2270321 - VAAPI flags in chromium.conf are out of date - fixed bz#2271183 - disable screen ai service * Wed Mar 20 2024 Than Ngo <than@redhat.com> - 123.0.6312.58-1 - update to 123.0.6312.58 * High CVE-2024-2625: Object lifecycle issue in V8 * Medium CVE-2024-2626: Out of bounds read in Swiftshader * Medium CVE-2024-2627: Use after free in Canvas * Medium CVE-2024-2628: Inappropriate implementation in Downloads * Medium CVE-2024-2629: Incorrect security UI in iOS * Medium CVE-2024-2630: Inappropriate implementation in iOS * Low CVE-2024-2631: Inappropriate implementation in iOS * Fri Mar 15 2024 Than Ngo <than@redhat.com> - 123.0.6312.46-1 - update to 123.0.6312.46 * Wed Mar 13 2024 Than Ngo <than@redhat.com> - 122.0.6261.128-1 - upstream security release 122.0.6261.128 * High CVE-2024-2400: Use after free in Performance Manager * Mon Mar 11 2024 Than Ngo <than@redhat.com> - 122.0.6261.111-2 - enable ppc64le build * Wed Mar 06 2024 Than Ngo <than@redhat.com> - 122.0.6261.111-1 - upstream security release 122.0.6261.111 * High CVE-2024-2173: Out of bounds memory access in V8 * High CVE-2024-2174: Inappropriate implementation in V8 * High CVE-2024-2176: Use after free in FedCM * Sat Mar 02 2024 Jiri Vanek <jvanek@redhat.com> - 122.0.6261.94-2 - Rebuilt for java-21-openjdk as system jdk * Wed Feb 28 2024 Than Ngo <than@redhat.com> - 122.0.6261.94-1 - upstream security release 122.0.6261.94 * High : Type Confusion in V8 - fixed bz#2265957, added correct platform in chromium use agent * Tue Feb 27 2024 Łukasz Wojniłowicz <lukasz.wojnilowicz@gmail.com> - 122.0.6261.69-3 - Make building of chromedriver optional * Tue Feb 27 2024 Jiri Vanek <jvanek@redhat.com> - 122.0.6261.69-2 - Rebuilt for java-21-openjdk as system jdk * Fri Feb 23 2024 Than Ngo <than@redhat.com> - 122.0.6261.69-1 - update to 122.0.6261.69 - fix build error on el8 - bz#2265039, built with -fwrapv for improved memory safety - bz#2265043, built with -ftrivial-auto-var-init=zero for improved security and preditability * Wed Feb 21 2024 Than Ngo <than@redhat.com> - 122.0.6261.57-1 - update to 122.0.6261.57 * High CVE-2024-1669: Out of bounds memory access in Blink * High CVE-2024-1670: Use after free in Mojo * Medium CVE-2024-1671: Inappropriate implementation in Site Isolation * Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy * Medium CVE-2024-1673: Use after free in Accessibility * Medium CVE-2024-1674: Inappropriate implementation in Navigation * Medium CVE-2024-1675: Insufficient policy enforcement in Download * Low CVE-2024-1676: Inappropriate implementation in Navigation. * Sun Feb 18 2024 Than Ngo <than@redhat.com> - 122.0.6261.39-1 - update to 122.0.6261.39 * Wed Feb 14 2024 Than Ngo <than@redhat.com> - 121.0.6167.184-1 - update to 121.0.6167.184 * Wed Feb 07 2024 Than Ngo <than@redhat.com> - 121.0.6167.160-1 - update to 121.0.6167.160 * High CVE-2024-1284: Use after free in Mojo * High CVE-2024-1283: Heap buffer overflow in Skia * Thu Feb 01 2024 Than Ngo <than@redhat.com> - 121.0.6167.139-2 - Support for 64K pages on Linux/AArch64 * Wed Jan 31 2024 Than Ngo <than@redhat.com> - 121.0.6167.139-1 - update to 121.0.6167.139 * High CVE-2024-1060: Use after free in Canvas * High CVE-2024-1059: Use after free in WebRTC * High CVE-2024-1077: Use after free in Network * Wed Jan 24 2024 Than Ngo <than@redhat.com> - 121.0.6167.85-1 - update to 121.0.6167.85 * High CVE-2024-0807: Use after free in WebAudio * High CVE-2024-0812: Inappropriate implementation in Accessibility * High CVE-2024-0808: Integer underflow in WebUI * Medium CVE-2024-0810: Insufficient policy enforcement in DevTools * Medium CVE-2024-0814: Incorrect security UI in Payments * Medium CVE-2024-0813: Use after free in Reading Mode * Medium CVE-2024-0806: Use after free in Passwords * Medium CVE-2024-0805: Inappropriate implementation in Downloads * Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI * Low CVE-2024-0811: Inappropriate implementation in Extensions API * Low CVE-2024-0809: Inappropriate implementation in Autofill * Tue Jan 23 2024 Than Ngo <than@redhat.com> - 121.0.6167.71-1 - update to 121.0.6167.71 * Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 120.0.6099.224-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Tue Jan 16 2024 Than Ngo <than@redhat.com> - 120.0.6099.224-1 - update to 120.0.6099.224 * High CVE-2024-0517: Out of bounds write in V8 * High CVE-2024-0518: Type Confusion in V8 * High CVE-2024-0519: Out of bounds memory access in V8 * Wed Jan 10 2024 Than Ngo <than@redhat.com> - 120.0.6099.216-1 - update to 120.0.6099.216 * High CVE-2024-0333: Insufficient data validation in Extensions * Thu Jan 04 2024 Than Ngo <than@redhat.com> - 120.0.6099.199-1 - new gn update, drop workaround for broken gn on epel 8/9 - update to 120.0.6099.199 * CVE-2024-0222: Use after free in ANGLE * CVE-2024-0223: Heap buffer overflow in ANGLE * CVE-2024-0224: Use after free in WebAudio * CVE-2024-0225: Use after free in WebGPU * Thu Dec 21 2023 Than Ngo <than@redhat.com> - 120.0.6099.129-1 - update to 120.0.6099.129 * High CVE-2023-7024: Heap buffer overflow in WebRTC * Wed Dec 13 2023 Than Ngo <than@redhat.com> - 120.0.6099.109-1 - update to 120.0.6099.109 * High CVE-2023-6702: Type Confusion in V8 * High CVE-2023-6703: Use after free in Blink * High CVE-2023-6704: Use after free in libavif * High CVE-2023-6705: Use after free in WebRTC * High CVE-2023-6706: Use after free in FedCM * Medium CVE-2023-6707: Use after free in CSS * Fri Dec 08 2023 Than Ngo <than@redhat.com> - 120.0.6099.71-1 - update to 120.0.6099.71 * Wed Dec 06 2023 Than Ngo <than@redhat.com> - 120.0.6099.62-2 - drop unsupported ldflag which caused build failure * Tue Dec 05 2023 Than Ngo <than@redhat.com> - 120.0.6099.62-1 - update to 120.0.6099.62 - fixed bz#2252874, built with control flow integrity (CFI) support * Sat Dec 02 2023 Than Ngo <than@redhat.com> - 120.0.6099.56-1 - update to 120.0.6099.56 - enable qt6 UI backend * Sat Dec 02 2023 Than Ngo <than@redhat.com> - 119.0.6045.199-2 - fixed bz#2242271, built with bundleminizip in fedora > 39 - fixed bz#2251884, built with fstack-protector-strong for improved security * Wed Nov 29 2023 Than Ngo <than@redhat.com> - 119.0.6045.199-1 - update to 119.0.6045.199 * Sun Nov 19 2023 Than Ngo <than@redhat.com> - 119.0.6045.159-2 - fix ffmpeg conflicts * Wed Nov 15 2023 Than Ngo <than@redhat.com> - 119.0.6045.159-1 - update to 119.0.6045.159, upstream security release High CVE-2023-5997, use after free in Garbage Collection High CVE-2023-6112, use after free in Navigation - add Requires/Conflicts for ABI break in fmpeg-free 6.0.1 - drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1 - fixed python3 syntaxWarning: invalid escape sequenc - skip clang's patches for epel8 that now gets clang-16 update * Mon Nov 13 2023 Than Ngo <than@redhat.com> - 119.0.6045.123-2 - fixed bz#2240127, Some h.264 mp4s do not play * Wed Nov 08 2023 Than Ngo <than@redhat.com> - 119.0.6045.123-1 - update to 119.0.6045.123, include following security fixes: high CVE-2023-5996: Use after free in WebAudio * Tue Nov 07 2023 Than Ngo <than@redhat.com> - 119.0.6045.105-2 - enable debuginfo * Wed Nov 01 2023 Than Ngo <than@redhat.com> - 119.0.6045.105-1 - update to 119.0.6045.105 * Fri Oct 27 2023 Than Ngo <than@redhat.com> - 119.0.6045.59-1 - update 119.0.6045.59 * Wed Oct 25 2023 Than Ngo <than@redhat.com> - 118.0.5993.117-1 - update to 118.0.5993.117 * Wed Oct 18 2023 Than Ngo <than@redhat.com> - 118.0.5993.88-1 - update to 118.0.5993.88 - cleanup the package dependencies * Mon Oct 16 2023 Than Ngo <than@redhat.com> - 118.0.5993.70-2 - fix tab crash with SIGTRAP when using system ffmpeg * Wed Oct 11 2023 Than Ngo <than@redhat.com> - 118.0.5993.70-1 - update to 118.0.5993.70 - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after free in Cast. * Sat Oct 07 2023 Than Ngo <than@redhat.com> - 118.0.5993.54-1 - update to 118.0.5993.54 - drop use_gnome_keyring as it's removed by upstream * Thu Oct 05 2023 Than Ngo <than@redhat.com> - 117.0.5938.149-1 - update to 117.0.5938.149 - fix CVE-2023-5346: Type Confusion in V8 * Fri Sep 29 2023 Than Ngo <than@redhat.com> - 117.0.5938.132-2 - add workaround for the crash on BTI capable system * Thu Sep 28 2023 Than Ngo <than@redhat.com> - 117.0.5938.132-1 - update to 117.0.5938.132 - CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx. - CVE-2023-5186, use after free in Passwords. - CVE-2023-5187, use after free in Extensions.  * Sat Sep 23 2023 Than Ngo <than@redhat.com> - 117.0.5938.92-2 - backport upstream patch to fix memory leak * Fri Sep 22 2023 Than Ngo <than@redhat.com> - 117.0.5938.92-1 - update to 117.0.5938.92 * Sun Sep 17 2023 Than Ngo <than@redhat.com> - 117.0.5938.88-1 - update to 117.0.5938.88 * Wed Sep 13 2023 Than Ngo <than@redhat.com> - 117.0.5938.62-1 - update to 117.0.5938.62 * Tue Sep 12 2023 Than Ngo <than@redhat.com> - 116.0.5845.187-1 - update to 116.0.5845.187 * Fri Sep 08 2023 Than Ngo <than@redhat.com> - 116.0.5845.179-1 - update to 116.0.5845.179
/usr/lib/.build-id /usr/lib/.build-id/37 /usr/lib/.build-id/37/e3ea7cf7f8f80b8a5975122685b21a8a5f438b /usr/lib64/chromium-browser/headless_command_resources.pak /usr/lib64/chromium-browser/headless_lib_data.pak /usr/lib64/chromium-browser/headless_lib_strings.pak /usr/lib64/chromium-browser/headless_shell
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 24 04:26:21 2025