[SECURITY] Fedora 44 Update: chromium-147.0.7727.137-1.fc44

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f5ed344d5c 2026-05-03 00:48:41.051399+00:00 --------------------------------------------------------------------------------

Name : chromium Product : Fedora 44 Version : 147.0.7727.137 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink).

-------------------------------------------------------------------------------- Update Information:

The updates include fixes for: Critical CVE-2026-7363: Use after free in Canvas Critical CVE-2026-7361: Use after free in iOS Critical CVE-2026-7344: Use after free in Accessibility Critical CVE-2026-7343: Use after free in Views High CVE-2026-7333: Use after free in GPU High CVE-2026-7360: Insufficient validation of untrusted input in Compositing High CVE-2026-7359: Use after free in ANGLE High CVE-2026-7358: Use after free in Animation High CVE-2026-7334: Use after free in Views High CVE-2026-7357: Use after free in GPU High CVE-2026-7356: Use after free in Navigation High CVE-2026-7354: Out of bounds read and write in Angle High CVE-2026-7353: Heap buffer overflow in Skia High CVE-2026-7352: Use after free in Media High CVE-2026-7351: Race in MHTML High CVE-2026-7350: Use after free in WebMIDI High CVE-2026-7349: Use after free in Cast High CVE-2026-7348: Use after free in Codecs High CVE-2026-7335: Use after free in media High CVE-2026-7336: Use after free in WebRTC High CVE-2026-7337: Type Confusion in V8 High CVE-2026-7347: Use after free in Chromoting High CVE-2026-7346: Inappropriate implementation in Tint High CVE-2026-7345: Insufficient validation of untrusted input in Feedback High CVE-2026-7338: Use after free in Cast High CVE-2026-7342: Use after free in WebView High CVE-2026-7341: Use after free in WebRTC Medium CVE-2026-7339: Heap buffer overflow in WebRTC Medium CVE-2026-7340: Integer overflow in ANGLE Medium CVE-2026-7355: Use after free in Media -------------------------------------------------------------------------------- ChangeLog:

* Wed Apr 29 2026 Than Ngo than@redhat.com - 147.0.7727.137-1 - Update to 147.0.7727.137 * Critical CVE-2026-7363: Use after free in Canvas * Critical CVE-2026-7361: Use after free in iOS * Critical CVE-2026-7344: Use after free in Accessibility * Critical CVE-2026-7343: Use after free in Views * High CVE-2026-7333: Use after free in GPU * High CVE-2026-7360: Insufficient validation of untrusted input in Compositing * High CVE-2026-7359: Use after free in ANGLE * High CVE-2026-7358: Use after free in Animation * High CVE-2026-7334: Use after free in Views * High CVE-2026-7357: Use after free in GPU * High CVE-2026-7356: Use after free in Navigation * High CVE-2026-7354: Out of bounds read and write in Angle * High CVE-2026-7353: Heap buffer overflow in Skia * High CVE-2026-7352: Use after free in Media * High CVE-2026-7351: Race in MHTML * High CVE-2026-7350: Use after free in WebMIDI * High CVE-2026-7349: Use after free in Cast * High CVE-2026-7348: Use after free in Codecs * High CVE-2026-7335: Use after free in media * High CVE-2026-7336: Use after free in WebRTC * High CVE-2026-7337: Type Confusion in V8 * High CVE-2026-7347: Use after free in Chromoting * High CVE-2026-7346: Inappropriate implementation in Tint * High CVE-2026-7345: Insufficient validation of untrusted input in Feedback * High CVE-2026-7338: Use after free in Cast * High CVE-2026-7342: Use after free in WebView * High CVE-2026-7341: Use after free in WebRTC * Medium CVE-2026-7339: Heap buffer overflow in WebRTC * Medium CVE-2026-7340: Integer overflow in ANGLE * Medium CVE-2026-7355: Use after free in Media * Sun Apr 26 2026 Than Ngo than@redhat.com - 147.0.7727.116-2 - Fix FTBFS with rust 1.95 - Backport the upstream fix GL native pixmap import support reset in GpuInit -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2463710 - CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-2026-7347 ... chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463710 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f5ed344d5c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------