Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

chromium-headless-141.0.7390.107-1.fc41 RPM for x86_64

From Fedora 41 updates for x86_64 / Packages / c

Name: chromium-headless Distribution: Fedora Project
Version: 141.0.7390.107 Vendor: Fedora Project
Release: 1.fc41 Build date: Wed Oct 15 20:10:14 2025
Group: Unspecified Build host: buildhw-x86-04.rdu3.fedoraproject.org
Size: 170042583 Source RPM: chromium-141.0.7390.107-1.fc41.src.rpm
Packager: Fedora Project
Url: http://www.chromium.org/Home
Summary: A minimal headless shell built from Chromium
A minimal headless client built from Chromium. headless_shell is built
without support for alsa, cups, dbus, gconf, gio, kerberos, pulseaudio, or
udev.

Provides

Requires

License

BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)

Changelog

* Wed Oct 15 2025 Than Ngo <than@redhat.com> - 141.0.7390.107-1
  - Update 141.0.7390.107
    * High CVE-2025-11756: Use after free in Safe Browsing
* Sun Oct 12 2025 Than Ngo <than@redhat.com> - 141.0.7390.76-1
  - Update to 141.0.7390.76
* Wed Oct 08 2025 Than Ngo <than@redhat.com> - 141.0.7390.65-1
  - Update to 141.0.7390.65
    * High CVE-2025-11458: Heap buffer overflow in Sync
    * High CVE-2025-11460: Use after free in Storage
    * Medium CVE-2025-11211: Out of bounds read in WebCodecs
* Fri Oct 03 2025 Tom Stellard <tstellar@redhat.com> - 141.0.7390.54-2
  - Fix build with clang-22
* Thu Oct 02 2025 Than Ngo <than@redhat.com> - 141.0.7390.54-1
  - Update to 141.0.7390.54
    * High CVE-2025-11205: Heap buffer overflow in WebGPU
    * High CVE-2025-11206: Heap buffer overflow in Video
    * Medium CVE-2025-11207: Side-channel information leakage in Storage
    * Medium CVE-2025-11208: Inappropriate implementation in Media
    * Medium CVE-2025-11209: Inappropriate implementation in Omnibox
    * Medium CVE-2025-11210: Side-channel information leakage in Tab
    * Medium CVE-2025-11211: Out of bounds read in Media
    * Medium CVE-2025-11212: Inappropriate implementation in Media
    * Medium CVE-2025-11213: Inappropriate implementation in Omnibox
    * Medium CVE-2025-11215: Off by one error in V8
    * Low CVE-2025-11216: Inappropriate implementation in Storage
    * Low CVE-2025-11219: Use after free in V8
* Wed Sep 24 2025 Than Ngo <than@redhat.com> - 140.0.7339.207-1
  - Update to 140.0.7339.207
    * CVE-2025-10890: Side-channel information leakage in V8
    * CVE-2025-10891: Integer overflow in V8
    * CVE-2025-10892: Integer overflow in V8
* Wed Sep 17 2025 Than Ngo <than@redhat.com> - 140.0.7339.185-1
  - Update to 140.0.7339.185
    * CVE-2025-10585: Type Confusion in V8
    * CVE-2025-10500: Use after free in Dawn
    * CVE-2025-10501: Use after free in WebRTC
    * CVE-2025-10502: Heap buffer overflow in ANGLE
* Thu Sep 11 2025 Than Ngo <than@redhat.com> - 140.0.7339.127-1
  - Update to 140.0.7339.127
    * CVE-2025-10200: Use after free in Serviceworker
    * CVE-2025-10201: Inappropriate implementation in Mojo
* Wed Sep 03 2025 Than Ngo <than@redhat.com> - 140.0.7339.80-1
  - Update to 140.0.7339.80
    * CVE-2025-9864: Use after free in V8
    * CVE-2025-9865: Inappropriate implementation in Toolbar
    * CVE-2025-9866: Inappropriate implementation in Extensions
      CVE-2025-9867: Inappropriate implementation in Downloads
* Thu Aug 28 2025 Than Ngo <than@redhat.com> - 139.0.7258.154-1
  - Update to 139.0.7258.154
    * CVE-2025-9478: Use after free in ANGLE
* Fri Aug 22 2025 Than Ngo <than@redhat.com> - 139.0.7258.138-1
  - Updated to 139.0.7258.138
    * CVE-2025-9132: Out of bounds write in V8
* Wed Aug 20 2025 Dominik Mierzejewski <dominik@greysector.net> - 139.0.7258.127-2
  - Drop unused yasm build dependency
    see https://fedoraproject.org/wiki/Changes/DeprecateYASM
* Wed Aug 13 2025 Than Ngo <than@redhat.com> - 139.0.7258.127-1
  - Updated to 139.0.7258.127
    * CVE-2025-8879: Heap buffer overflow in libaom
    * CVE-2025-8880: Race in V8
    * CVE-2025-8901: Out of bounds write in ANGLE
    * CVE-2025-8881: Inappropriate implementation in File Picker
    * CVE-2025-8882: Use after free in Aura
* Tue Aug 05 2025 Than Ngo <than@redhat.com> - 139.0.7258.66-1
  - Updated to 139.0.7258.66
    * CVE-2025-8576: Use after free in Extensions
    * CVE-2025-8578: Use after free in Cast
    * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
    * CVE-2025-8580: Inappropriate implementation in Filesystems
    * CVE-2025-8581: Inappropriate implementation in Extensions
    * CVE-2025-8582: Insufficient validation of untrusted input in DOM
    * CVE-2025-8583: Inappropriate implementation in Permissions
* Mon Aug 04 2025 Tom Stellard <tstellar@redhat.com> - 138.0.7204.183-2
  - Backport fix for build failure with clang-21
* Wed Jul 30 2025 Than Ngo <than@redhat.com> - 138.0.7204.183-1
  - Update to 138.0.7204.183
    * CVE-2025-8292: Use after free in Media Stream
* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 138.0.7204.168-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jul 23 2025 Than Ngo <than@redhat.com> - 138.0.7204.168-1
  - Update to 138.0.7204.168
    * CVE-2025-8010: Type Confusion in V8
    * CVE-2025-8011: Type Confusion in V8
* Wed Jul 16 2025 Than Ngo <than@redhat.com> - 138.0.7204.157-1
  - Update to 138.0.7204.157
    * CVE-2025-7656: Integer overflow in V8
    * CVE-2025-7657: Use after free in WebRTC
    * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU
* Fri Jul 11 2025 Tom Stellard <tstellar@redhat.com> -138.0.7204.100-2
  - Update rust-clanglib patch for clang 21
* Wed Jul 09 2025 Than Ngo <than@redhat.com> - 138.0.7204.100-1
  - Update to 138.0.7204.100
* Tue Jul 01 2025 Than Ngo <than@redhat.com> - 138.0.7204.92-1
  - Update to 138.0.7204.92
    * High CVE-2025-6554: Type Confusion in V8
* Tue Jun 24 2025 Than Ngo <than@redhat.com> - 138.0.7204.49-1
  - Update to 138.0.7204.49
    * CVE-2025-6555: Use after free in Animation
    * CVE-2025-6556: Insufficient policy enforcement in Loader
    * CVE-2025-6557: Insufficient data validation in DevTools
* Wed Jun 18 2025 Than Ngo <than@redhat.com> - 137.0.7151.119-1
  - Update to 137.0.7151.119
    * CVE-2025-6191: Integer overflow in V8
    * CVE-2025-6192: Use after free in Profiler
* Wed Jun 11 2025 Than Ngo <than@redhat.com> - 137.0.7151.103-1
  - Update to 137.0.7151.103
    * CVE-2025-5958: Use after free in Media
    * CVE-2025-5959: Type Confusion in V8
  - Provide correct version for bundle librarires
  - Fix rhbz#2368923, Chromium crash
* Tue Jun 03 2025 Than Ngo <than@redhat.com> - 137.0.7151.68-1
  - Update to 137.0.7151.68
    * CVE-2025-5419: Out of bounds read and write in V8
    * CVE-2025-5068: Use after free in Blink
* Tue May 27 2025 Than Ngo <than@redhat.com> - 137.0.7151.55-1
  - Update to 137.0.7151.55
    * CVE-2025-5063: Use after free in Compositing
    * CVE-2025-5280: Out of bounds write in V8
    * CVE-2025-5064: Inappropriate implementation in Background Fetch API
    * CVE-2025-5065: Inappropriate implementation in FileSystemAccess API
    * CVE-2025-5066: Inappropriate implementation in Messages
    * CVE-2025-5281: Inappropriate implementation in BFCache
    * CVE-2025-5283: Use after free in libvpx
    * CVE-2025-5067: Inappropriate implementation in Tab Strip
  - Fix FTBFS caused by simdutf and pdfium-png_decoder
  - Remove chromium-135-gperf.patch and chromium-135-add-cfi-suppressions-for-pipewire-functions.patch, merged by upstream
  - Refresh ppc64le patches
  - Enable system simdutf for F43
* Tue May 27 2025 Jitka Plesnikova <jplesnik@redhat.com> - 136.0.7103.113-2
  - Rebuilt for flac 1.5.0
* Wed May 14 2025 Than Ngo <than@redhat.com> - 136.0.7103.113-1
  - Update to 136.0.7103.113
    * CVE-2025-4664: Insufficient policy enforcement in Loader
    * CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo
* Wed May 07 2025 Than Ngo <than@redhat.com> - 136.0.7103.92-1
  - Update to 136.0.7103.92
    * CVE-2025-4372: Use after free in WebAudio
* Tue Apr 29 2025 Than Ngo <than@redhat.com> - 136.0.7103.59-1
  - Update to 136.0.7103.59
    * CVE-2025-4096: Heap buffer overflow in HTML
    * CVE-2025-4050: Out of bounds memory access in DevTools
    * CVE-2025-4051: Insufficient data validation in DevTools
    * CVE-2025-4052: Inappropriate implementation in DevTools
* Thu Apr 24 2025 Than Ngo <than@redhat.com> - 136.0.7103.48-1
  - Update to 136.0.7103.48
* Wed Apr 23 2025 Than Ngo <than@redhat.com> - 135.0.7049.114-1
  - Update to 135.0.7049.114
* Wed Apr 16 2025 Than Ngo <than@redhat.com> - 135.0.7049.95-1
  - Update to 135.0.7049.95
    * CVE-2025-3619: Heap buffer overflow in Codecs
    * CVE-2025-3620: Use after free in USB
* Wed Apr 09 2025 Than Ngo <than@redhat.com> - 135.0.7049.84-1
  - Update to 135.0.7049.84
    * CVE-2025-3066: Use after free in Site Isolation
* Wed Apr 02 2025 Jan Grulich <jgrulich@redhat.com> - 135.0.7049.52-2
  - Add CFI suppressions for inline PipeWire functions
* Tue Apr 01 2025 Than Ngo <than@redhat.com> - 135.0.7049.52-1
  - Update to 135.0.7049.52
* Fri Mar 28 2025 Than Ngo <than@redhat.com> - 135.0.7049.41-1
  - Update to 135.0.7049.41
* Mon Mar 24 2025 Than Ngo <than@redhat.com> - 134.0.6998.165-1
  - Update to 134.0.6998.165
  - Fixed rhbz#2354377 - Enable ppc64le support for el10
* Thu Mar 20 2025 Than Ngo <than@redhat.com> -  134.0.6998.117-1
  - Update to 134.0.6998.117
    * Critical CVE-2025-2476: Use after free in Lens
* Mon Mar 17 2025 Than Ngo <than@redhat.com> -  134.0.6998.88-4
  - Fixed rhbz#2352698, rebuild for noopenh264 2.6.0
* Fri Mar 14 2025 Than Ngo <than@redhat.com> -  134.0.6998.88-3
  - Fixed build errors on ppc64le
* Thu Mar 13 2025 Fabio Valentini <decathorpe@gmail.com> - 134.0.6998.88-2
  - Rebuild for noopenh264 2.6.0
* Tue Mar 11 2025 Than Ngo <than@redhat.com> -  134.0.6998.88-1
  - Update to 134.0.6998.88
    * High CVE-2025-1920: Type Confusion in V8
    * High CVE-2025-2135: Type Confusion in V8
    * High CVE-TBD: Out of bounds write in GPU
    * Medium CVE-2025-2136: Use after free in Inspector
    * Medium CVE-2025-2137: Out of bounds read in V8
* Wed Mar 05 2025 Than Ngo <than@redhat.com> -  134.0.6998.35-1
  - Update to 134.0.6998.35
    * CVE-2025-1914: Out of bounds read in V8
    * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools
    * CVE-2025-1916: Use after free in Profiles
    * CVE-2025-1917: Inappropriate Implementation in Browser UI
    * CVE-2025-1918: Out of bounds read in PDFium
    * CVE-2025-1919: Out of bounds read in Media
    * CVE-2025-1921: Inappropriate Implementation in Media Stream
    * CVE-2025-1922: Inappropriate Implementation in Selection
    * CVE-2025-1923: Inappropriate Implementation in Permission Prompts
* Wed Feb 26 2025 Than Ngo <than@redhat.com> - 133.0.6943.141-1
  - Update to 133.0.6943.141
* Wed Feb 19 2025 Than Ngo <than@redhat.com> - 133.0.6943.126-1
  - Update to 133.0.6943.126
    * CVE-2025-0999: Heap buffer overflow in V8
    * CVE-2025-1426: Heap buffer overflow in GPU
    * CVE-2025-1006: Use after free in Network
* Thu Feb 13 2025 Than Ngo <than@redhat.com> - 133.0.6943.98-1
  - Update to 133.0.6943.98
    * CVE-2025-0995: Use after free in V8
    * CVE-2025-0996: Inappropriate implementation in Browser UI
    * CVE-2025-0997: Use after free in Navigation
    * CVE-2025-0998: Out of bounds memory access in V8
* Tue Feb 04 2025 Than Ngo <than@redhat.com> - 133.0.6943.53-1
  - Update to 133.0.6943.53
    * CVE-2025-0444: Use after free in Skia
    * CVE-2025-0445: Use after free in V8
    * CVE-2025-0451: Inappropriate implementation in Extensions API
* Wed Jan 29 2025 Than Ngo <than@redhat.com> - 132.0.6834.159-1
  - Updated to 132.0.6834.159
    * Medium CVE-2025-0762: Use after free in DevTools
* Thu Jan 23 2025 Than Ngo <than@redhat.com> - 132.0.6834.110-1
  - Update to 132.0.6834.110
    * High CVE-2025-0611: Object corruption in V8
    * High CVE-2025-0612: Out of bounds memory access in V8
* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 132.0.6834.83-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jan 15 2025 Than Ngo <than@redhat.com> - 132.0.6834.83-1
  - Update to 132.0.6834.83
    * High CVE-2025-0434: Out of bounds memory access in V8
    * High CVE-2025-0435: Inappropriate implementation in Navigation
    * High CVE-2025-0436: Integer overflow in Skia
    * High CVE-2025-0437: Out of bounds read in Metrics
    * High CVE-2025-0438: Stack buffer overflow in Tracing
    * Medium CVE-2025-0439: Race in Frames
    * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen
    * Medium CVE-2025-0441: Inappropriate implementation in Fenced
    * Medium CVE-2025-0442: Inappropriate implementation in Payments
    * Medium CVE-2025-0443: Insufficient data validation in Extensions
    * Low CVE-2025-0446: Inappropriate implementation in Extensions
    * Low CVE-2025-0447: Inappropriate implementation in Navigation
    * Low CVE-2025-0448: Inappropriate implementation in Compositing
* Wed Jan 08 2025 Than Ngo <than@redhat.com> - 131.0.6778.264-1
  - Update to 131.0.6778.264
    * High CVE-2025-0291: Type Confusion in V8
* Thu Dec 19 2024 Than Ngo <than@redhat.com> - 131.0.6778.204-1
  - Update to 131.0.6778.204
    * High CVE-2024-12692: Type Confusion in V8
    * High CVE-2024-12693: Out of bounds memory access in V8
    * High CVE-2024-12694: Use after free in Compositing
    * High CVE-2024-12695: Out of bounds write in V8
* Wed Dec 11 2024 Than Ngo <than@redhat.com> - 131.0.6778.139-1
  - Update to 131.0.6778.139
    * High CVE-2024-12381: Type Confusion in V8
    * High CVE-2024-12382: Use after free in Translate
* Wed Dec 04 2024 Than Ngo <than@redhat.com> - 131.0.6778.108-1
  - Update to 131.0.6778.108
    * High CVE-2024-12053: Type Confusion in V8
* Sat Nov 23 2024 Than Ngo <than@redhat.com> - 131.0.6778.85-2
  - Enable qt-ui
  - Workaround for random crash
* Wed Nov 20 2024 Than Ngo <than@redhat.com> - 131.0.6778.85-1
  - Update to 131.0.6778.85
    * High CVE-2024-11395: Type Confusion in V8
* Tue Nov 12 2024 Than Ngo <than@redhat.com> - 131.0.6778.69-1
  - Update to 131.0.6778.69
    * High CVE-2024-11110: Inappropriate implementation in Blink
    * Medium CVE-2024-11111: Inappropriate implementation in Autofill
    * Medium CVE-2024-11112: Use after free in Media
    * Medium CVE-2024-11113: Use after free in Accessibility
    * Medium CVE-2024-11114: Inappropriate implementation in Views
    * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
    * Medium CVE-2024-11116: Inappropriate implementation in Paint
    * Low CVE-2024-11117: Inappropriate implementation in FileSystem
* Sun Nov 10 2024 Than Ngo <than@redhat.com> - 130.0.6723.116-1
  - Update to 130.0.6723.116
    * High CVE-2024-10826: Use after free in Family Experience
    * High CVE-2024-10827: Use after free in Serial
* Wed Oct 30 2024 Than Ngo <than@redhat.com> - 130.0.6723.91-1
  - Update to 130.0.6723.91
    * Critical CVE-2024-10487: Out of bounds write in Dawn
    * High CVE-2024-10488: Use after free in WebRTC
* Sat Oct 26 2024 Than Ngo <than@redhat.com> - 130.0.6723.69-1
  - Update to 130.0.6723.69
    * High CVE-2024-10229: Inappropriate implementation in Extensions
    * High CVE-2024-10230: Type Confusion in V8
    * High CVE-2024-10231: Type Confusion in V8
* Mon Oct 21 2024 Than Ngo <than@redhat.com> - 130.0.6723.58-2
  - Add missing pthread stack size for ppc64 (openpower-patches)
* Wed Oct 16 2024 Than Ngo <than@redhat.com> - 130.0.6723.58-1
  - update to 130.0.6723.58
    * High CVE-2024-9954: Use after free in AI
    * Medium CVE-2024-9955: Use after free in Web Authentication
    * Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
    * Medium CVE-2024-9957: Use after free in UI
    * Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
    * Medium CVE-2024-9959: Use after free in DevTools
    * Medium CVE-2024-9960: Use after free in Dawn
    * Medium CVE-2024-9961: Use after free in Parcel Tracking
    * Medium CVE-2024-9962: Inappropriate implementation in Permissions
    * Medium CVE-2024-9963: Insufficient data validation in Downloads
    * Low CVE-2024-9964: Inappropriate implementation in Payments
    * Low CVE-2024-9965: Insufficient data validation in DevTools
    * Low CVE-2024-9966: Inappropriate implementation in Navigations
* Wed Oct 09 2024 Than Ngo <than@redhat.com> - 129.0.6668.100-1
  - update to 129.0.6668.100
    * CVE-2024-9602: Type Confusion in V8
    * CVE-2024-9603: Type Confusion in V8
* Wed Oct 02 2024 Than Ngo <than@redhat.com> - 129.0.6668.89-1
  - update to 129.0.6668.89
    * High CVE -2024-7025: Integer overflow in Layout
    * High CVE-2024-9369: Insufficient data validation in Mojo
    * High CVE-2024-9370: Inappropriate implementation in V8
* Mon Sep 30 2024 Than Ngo <than@redhat.com> - 129.0.6668.70-3
  - add clang-19 support
* Fri Sep 27 2024 Dominik Mierzejewski <dominik@greysector.net> - 129.0.6668.70-2
  - Rebuilt for FFmpeg 7
* Wed Sep 25 2024 Than Ngo <than@redhat.com> - 129.0.6668.70-1
  - update to 129.0.6668.70
    * High CVE-2024-9120: Use after free in Dawn
    * High CVE-2024-9121: Inappropriate implementation in V8
    * High CVE-2024-9122: Type Confusion in V8
    * High CVE-2024-9123: Integer overflow in Skia
* Thu Sep 19 2024 Than Ngo <than@redhat.com> - 129.0.6668.58-2
  - clean up
* Tue Sep 17 2024 Than Ngo <than@redhat.com> - 129.0.6668.58-1
  - update to 129.0.6668.58
    * High CVE-2024-8904: Type Confusion in V8
    * Medium CVE-2024-8905: Inappropriate implementation in V8
    * Medium CVE-2024-8906: Incorrect security UI in Downloads
    * Medium CVE-2024-8907: Insufficient data validation in Omnibox
    * Low CVE-2024-8908: Inappropriate implementation in Autofill
    * Low CVE-2024-8909: Inappropriate implementation in UI
* Wed Sep 11 2024 Than Ngo <than@redhat.com> - 128.0.6613.137-1
  - update to 128.0.6613.137
    * High CVE-2024-8636: Heap buffer overflow in Skia
    * High CVE-2024-8637: Use after free in Media Router
    * High CVE-2024-8638: Type Confusion in V8
    * High CVE-2024-8639: Use after free in Autofill
* Thu Sep 05 2024 Than Ngo <than@redhat.com> - 128.0.6613.119-1
  - update to 128.0.6613.119
    * High CVE-2024-8362: Use after free in WebAudio
    * High CVE-2024-7970: Out of bounds write in V8
* Wed Aug 07 2024 Than Ngo <than@redhat.com> - 127.0.6533.99-1
  - update to 127.0.6533.99
    * Critical CVE-2024-7532: Out of bounds memory access in ANGLE
    * High CVE-2024-7533: Use after free in Sharing
    * High CVE-2024-7550: Type Confusion in V8
    * High CVE-2024-7534: Heap buffer overflow in Layout
    * High CVE-2024-7535: Inappropriate implementation in V8
    * High CVE-2024-7536: Use after free in WebAudio
* Tue Aug 06 2024 Than Ngo <than@redhat.com> - 127.0.6533.88-3
  - fix rhbz#2294773 - Allow enabling vulkan on ozone wayland for AMD vaapi
  - add ppc64le patch to fix runtime assertion trap on ppc64el systems
  - refresh ppc64le patch to work around broken 64k allocator code on arm64
* Thu Aug 01 2024 Than Ngo <than@redhat.com> - 127.0.6533.88-2
  - remove old patch that seems to be the cause of a crash
    when the user set user.max_user_namespaces to 0
* Wed Jul 31 2024 Than Ngo <than@redhat.com> - 127.0.6533.88-1
  - update to 127.0.6533.88
* Wed Jul 24 2024 Than Ngo <than@redhat.com> - 127.0.6533.72-1
  - update to 127.0.6533.72
  	* CVE-2024-6988: Use after free in Downloads
  	* CVE-2024-6989: Use after free in Loader
  	* CVE-2024-6991: Use after free in Dawn
  	* CVE-2024-6992: Out of bounds memory access in ANGLE
  	* CVE-2024-6993: Inappropriate implementation in Canvas
  	* CVE-2024-6994: Heap buffer overflow in Layout
  	* CVE-2024-6995: Inappropriate implementation in Fullscreen
  	* CVE-2024-6996: Race in Frames
  	* CVE-2024-6997: Use after free in Tabs
  	* CVE-2024-6998: Use after free in User Education
  	* CVE-2024-6999: Inappropriate implementation in FedCM
  	* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
  	* CVE-2024-7001: Inappropriate implementation in HTML
  	* CVE-2024-7003: Inappropriate implementation in FedCM
  	* CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing
  	* CVE-2024-7005: Insufficient validation of untrusted input in Safe
* Sat Jul 20 2024 Than Ngo <than@redhat.com> - 126.0.6478.182-2
  - fix condition for is_cfi/use_thin_lto on aarch64/ppc64le
  - update powerpc patches
* Tue Jul 16 2024 Than Ngo <than@redhat.com> - 126.0.6478.182-1
  - update to 126.0.6478.182
    * High CVE-2024-6772: Inappropriate implementation in V8
    * High CVE-2024-6773: Type Confusion in V8
    * High CVE-2024-6774: Use after free in Screen Capture
    * High CVE-2024-6775: Use after free in Media Stream
    * High CVE-2024-6776: Use after free in Audio
    * High CVE-2024-6777: Use after free in Navigation
    * High CVE-2024-6778: Race in DevTools
    * High CVE-2024-6779: Out of bounds memory access in V8
* Sun Jul 07 2024 Than Ngo <than@redhat.com> - 126.0.6478.126-2
  - fixed rhbz#2293202, chromium Wayland UI regression
* Tue Jun 25 2024 Than Ngo <than@redhat.com> - 126.0.6478.126-1
  - update to 126.0.6478.126
    * High CVE-2024-6290: Use after free in Dawn
    * High CVE-2024-6291: Use after free in Swiftshader
    * High CVE-2024-6292: Use after free in Dawn
    * High CVE-2024-6293: Use after free in Dawn
* Wed Jun 19 2024 Than Ngo <than@redhat.com> - 126.0.6478.114-1
  - update to 126.0.6478.114
    * High CVE-2024-6100: Type Confusion in V8
    * High CVE-2024-6101: Inappropriate implementation in WebAssembly
    * High CVE-2024-6102: Out of bounds memory access in Dawn
    * High CVE-2024-6103: Use after free in Dawn
* Wed Jun 12 2024 Than Ngo <than@redhat.com> - 126.0.6478.55-1
  - update to 126.0.6478.55
    * High CVE-2024-5830: Type Confusion in V8
    * High CVE-2024-5831: Use after free in Dawn
    * High CVE-2024-5832: Use after free in Dawn
    * High CVE-2024-5833: Type Confusion in V8
    * High CVE-2024-5834: Inappropriate implementation in Dawn
    * High CVE-2024-5835: Heap buffer overflow in Tab Groups
    * High CVE-2024-5836: Inappropriate Implementation in DevTools
    * High CVE-2024-5837: Type Confusion in V8
    * High CVE-2024-5838: Type Confusion in V8
    * Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
    * Medium CVE-2024-5840: Policy Bypass in CORS
    * Medium CVE-2024-5841: Use after free in V8
    * Medium CVE-2024-5842: Use after free in Browser UI
    * Medium CVE-2024-5843: Inappropriate implementation in Downloads
    * Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
    * Medium CVE-2024-5845: Use after free in Audio
    * Medium CVE-2024-5846: Use after free in PDFium
    * Medium CVE-2024-5847: Use after free in PDFium
* Fri May 31 2024 Than Ngo <than@redhat.com> - 125.0.6422.141-1
  - update to 125.0.6422.141
    * High CVE-2024-5493: Heap buffer overflow in WebRTC
    * High CVE-2024-5494: Use after free in Dawn
    * High CVE-2024-5495: Use after free in Dawn
    * High CVE-2024-5496: Use after free in Media Session
    * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
    * High CVE-2024-5498: Use after free in Presentation API
    * High CVE-2024-5499: Out of bounds write in Streams API
  - fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams
  - cleanup chromium.conf
* Wed May 29 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-3
  - build against noopenh264
* Tue May 28 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-2
  - Workaround for build error on pp64le
* Sun May 26 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-1
  - update to 125.0.6422.112
    * High CVE-2024-5274: Type Confusion in V8
* Wed May 22 2024 Than Ngo <than@redhat.com> - 125.0.6422.76-1
  - fix bz#2282246, update to 125.0.6422.76
    * High CVE-2024-5157: Use after free in Scheduling
    * High CVE-2024-5158: Type Confusion in V8
    * High CVE-2024-5159: Heap buffer overflow in ANGLE
    * High CVE-2024-5160: Heap buffer overflow in Dawn
  - cleanup
* Mon May 20 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-3
  - remove unneeded BRs
  - workarounds for el7 build
* Sun May 19 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-2
  - fix build errors on el7
* Thu May 16 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-1
  - update to 125.0.6422.60
    * High CVE-2024-4947: Type Confusion in V8
    * High CVE-2024-4948: Use after free in Dawn
    * Medium CVE-2024-4949: Use after free in V8
    * Low CVE-2024-4950: Inappropriate implementation in Downloads
* Sun May 12 2024 Than Ngo <than@redhat.com> - 125.0.6422.41-1
  - update to 125.0.6422.41
* Sat May 11 2024 Than Ngo <than@redhat.com> - 124.0.6367.201-2
  - include headless_command_resources.pak for headless_shell
* Fri May 10 2024 Than Ngo <than@redhat.com> - 124.0.6367.201-1
  - update to 124.0.6367.201
    * High CVE-2024-4671: Use after free in Visuals
* Wed May 08 2024 Than Ngo <than@redhat.com> - 124.0.6367.155-1
  - update to 124.0.6367.155
    * High CVE-2024-4558: Use after free in ANGLE
    * High CVE-2024-4559: Heap buffer overflow in WebAudio
* Sun May 05 2024 Than Ngo <than@redhat.com> - 124.0.6367.118-2
  - fixed build errors on el8
  - refreshed clean_ffmpeg.sh
  - added missing files for bundle ffmpeg
* Wed May 01 2024 Than Ngo <than@redhat.com> - 124.0.6367.118-1
  - update to 124.0.6367.118
    * High CVE-2024-4331: Use after free in Picture In Picture
    * High CVE-2024-4368: Use after free in Dawn
  - use system highway
* Sat Apr 27 2024 Than Ngo <than@redhat.com> - 124.0.6367.91-1
  - update to 124.0.6367.91
  - fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error)
  - use system dav1d
* Wed Apr 24 2024 Than Ngo <than@redhat.com> - 124.0.6367.78-1
  - update to 124.0.6367.78
    * Critical CVE-2024-4058: Type Confusion in ANGLE
    * High CVE-2024-4059: Out of bounds read in V8 API
    * High CVE-2024-4060: Use after free in Dawn
* Sat Apr 20 2024 Than Ngo <than@redhat.com> - 124.0.6367.60-2
  - fix waylang regression
* Tue Apr 16 2024 Than Ngo <than@redhat.com> - 124.0.6367.60-1
  - update to 124.0.6367.60
* Thu Apr 11 2024 Than Ngo <than@redhat.com> - 123.0.6312.122-1
  - update to 123.0.6312.122
    * High CVE-2024-3157: Out of bounds write in Compositing
    * High CVE-2024-3516: Heap buffer overflow in ANGLE
    * High CVE-2024-3515: Use after free in Dawn
* Wed Apr 03 2024 Than Ngo <than@redhat.com> - 123.0.6312.105-1
  - update to 123.0.6312.105
    * High CVE-2024-3156: Inappropriate implementation in V8
    * High CVE-2024-3158: Use after free in Bookmarks
    * High CVE-2024-3159: Out of bounds memory access in V8
* Wed Mar 27 2024 Than Ngo <than@redhat.com> - 123.0.6312.86-2
  - update to 123.0.6312.86
    * Critical CVE-2024-2883: Use after free in ANGLE
    * High CVE-2024-2885: Use after free in Daw
    * High CVE-2024-2886: Use after free in WebCodecs
    * High CVE-2024-2887: Type Confusion in WebAssembly
* Sat Mar 23 2024 Than Ngo <than@redhat.com> - 123.0.6312.58-2
  - fixed bz#2269768 - enable build ppc64le package for F40
  - fixed bz#2270321 - VAAPI flags in chromium.conf are out of date
  - fixed bz#2271183 - disable screen ai service
* Wed Mar 20 2024 Than Ngo <than@redhat.com> - 123.0.6312.58-1
  - update to 123.0.6312.58
     * High CVE-2024-2625: Object lifecycle issue in V8
     * Medium CVE-2024-2626: Out of bounds read in Swiftshader
     * Medium CVE-2024-2627: Use after free in Canvas
     * Medium CVE-2024-2628: Inappropriate implementation in Downloads
     * Medium CVE-2024-2629: Incorrect security UI in iOS
     * Medium CVE-2024-2630: Inappropriate implementation in iOS
     * Low CVE-2024-2631: Inappropriate implementation in iOS
* Fri Mar 15 2024 Than Ngo <than@redhat.com> - 123.0.6312.46-1
  - update to 123.0.6312.46
* Wed Mar 13 2024 Than Ngo <than@redhat.com> - 122.0.6261.128-1
  - upstream security release 122.0.6261.128
     * High CVE-2024-2400: Use after free in Performance Manager
* Mon Mar 11 2024 Than Ngo <than@redhat.com> - 122.0.6261.111-2
  - enable ppc64le build
* Wed Mar 06 2024 Than Ngo <than@redhat.com> - 122.0.6261.111-1
  - upstream security release 122.0.6261.111
     * High CVE-2024-2173: Out of bounds memory access in V8
     * High CVE-2024-2174: Inappropriate implementation in V8
     * High CVE-2024-2176: Use after free in FedCM
* Sat Mar 02 2024 Jiri Vanek <jvanek@redhat.com> - 122.0.6261.94-2
  - Rebuilt for java-21-openjdk as system jdk
* Wed Feb 28 2024 Than Ngo <than@redhat.com> - 122.0.6261.94-1
  - upstream security release 122.0.6261.94
    * High : Type Confusion in V8
  - fixed bz#2265957, added correct platform in chromium use agent
* Tue Feb 27 2024 Łukasz Wojniłowicz <lukasz.wojnilowicz@gmail.com> - 122.0.6261.69-3
  - Make building of chromedriver optional
* Tue Feb 27 2024 Jiri Vanek <jvanek@redhat.com> - 122.0.6261.69-2
  - Rebuilt for java-21-openjdk as system jdk
* Fri Feb 23 2024 Than Ngo <than@redhat.com> - 122.0.6261.69-1
  - update to 122.0.6261.69
  - fix build error on el8
  - bz#2265039, built with -fwrapv for improved memory safety
  - bz#2265043, built with -ftrivial-auto-var-init=zero for improved security and preditability
* Wed Feb 21 2024 Than Ngo <than@redhat.com> - 122.0.6261.57-1
  - update to 122.0.6261.57
     * High CVE-2024-1669: Out of bounds memory access in Blink
     * High CVE-2024-1670: Use after free in Mojo
     * Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
     * Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
     * Medium CVE-2024-1673: Use after free in Accessibility
     * Medium CVE-2024-1674: Inappropriate implementation in Navigation
     * Medium CVE-2024-1675: Insufficient policy enforcement in Download
     * Low CVE-2024-1676: Inappropriate implementation in Navigation.
* Sun Feb 18 2024 Than Ngo <than@redhat.com> - 122.0.6261.39-1
  - update to 122.0.6261.39
* Wed Feb 14 2024 Than Ngo <than@redhat.com> - 121.0.6167.184-1
  - update to 121.0.6167.184
* Wed Feb 07 2024 Than Ngo <than@redhat.com> - 121.0.6167.160-1
  - update to 121.0.6167.160
    * High CVE-2024-1284: Use after free in Mojo
    * High CVE-2024-1283: Heap buffer overflow in Skia
* Thu Feb 01 2024 Than Ngo <than@redhat.com> - 121.0.6167.139-2
  - Support for 64K pages on Linux/AArch64
* Wed Jan 31 2024 Than Ngo <than@redhat.com> - 121.0.6167.139-1
  - update to 121.0.6167.139
    * High CVE-2024-1060: Use after free in Canvas
    * High CVE-2024-1059: Use after free in WebRTC
    * High CVE-2024-1077: Use after free in Network
* Wed Jan 24 2024 Than Ngo <than@redhat.com> - 121.0.6167.85-1
  - update to 121.0.6167.85
    * High CVE-2024-0807: Use after free in WebAudio
    * High CVE-2024-0812: Inappropriate implementation in Accessibility
    * High CVE-2024-0808: Integer underflow in WebUI
    * Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
    * Medium CVE-2024-0814: Incorrect security UI in Payments
    * Medium CVE-2024-0813: Use after free in Reading Mode
    * Medium CVE-2024-0806: Use after free in Passwords
    * Medium CVE-2024-0805: Inappropriate implementation in Downloads
    * Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
    * Low CVE-2024-0811: Inappropriate implementation in Extensions API
    * Low CVE-2024-0809: Inappropriate implementation in Autofill
* Tue Jan 23 2024 Than Ngo <than@redhat.com> - 121.0.6167.71-1
  - update to 121.0.6167.71
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 120.0.6099.224-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jan 16 2024 Than Ngo <than@redhat.com> - 120.0.6099.224-1
  - update to 120.0.6099.224
    * High CVE-2024-0517: Out of bounds write in V8
    * High CVE-2024-0518: Type Confusion in V8
    * High CVE-2024-0519: Out of bounds memory access in V8
* Wed Jan 10 2024 Than Ngo <than@redhat.com> - 120.0.6099.216-1
  - update to 120.0.6099.216
    * High CVE-2024-0333: Insufficient data validation in Extensions
* Thu Jan 04 2024 Than Ngo <than@redhat.com> - 120.0.6099.199-1
  - new gn update, drop workaround for broken gn on epel 8/9
  - update to 120.0.6099.199
     * CVE-2024-0222: Use after free in ANGLE
     * CVE-2024-0223: Heap buffer overflow in ANGLE
     * CVE-2024-0224: Use after free in WebAudio
     * CVE-2024-0225: Use after free in WebGPU
* Thu Dec 21 2023 Than Ngo <than@redhat.com> - 120.0.6099.129-1
  - update to 120.0.6099.129
    * High CVE-2023-7024: Heap buffer overflow in WebRTC
* Wed Dec 13 2023 Than Ngo <than@redhat.com> - 120.0.6099.109-1
  - update to 120.0.6099.109
     * High CVE-2023-6702: Type Confusion in V8
     * High CVE-2023-6703: Use after free in Blink
     * High CVE-2023-6704: Use after free in libavif
     * High CVE-2023-6705: Use after free in WebRTC
     * High CVE-2023-6706: Use after free in FedCM
     * Medium CVE-2023-6707: Use after free in CSS
* Fri Dec 08 2023 Than Ngo <than@redhat.com> - 120.0.6099.71-1
  - update to 120.0.6099.71
* Wed Dec 06 2023 Than Ngo <than@redhat.com> - 120.0.6099.62-2
  - drop unsupported ldflag which caused build failure
* Tue Dec 05 2023 Than Ngo <than@redhat.com> - 120.0.6099.62-1
  - update to 120.0.6099.62
  - fixed bz#2252874, built with control flow integrity (CFI) support
* Sat Dec 02 2023 Than Ngo <than@redhat.com> - 120.0.6099.56-1
  - update to 120.0.6099.56 
  - enable qt6 UI backend
* Sat Dec 02 2023 Than Ngo <than@redhat.com> - 119.0.6045.199-2
  - fixed bz#2242271, built with bundleminizip in fedora > 39
  - fixed bz#2251884, built with fstack-protector-strong for improved security
* Wed Nov 29 2023 Than Ngo <than@redhat.com> - 119.0.6045.199-1
  - update to 119.0.6045.199
* Sun Nov 19 2023 Than Ngo <than@redhat.com> - 119.0.6045.159-2
  - fix ffmpeg conflicts
* Wed Nov 15 2023 Than Ngo <than@redhat.com> - 119.0.6045.159-1
  - update to 119.0.6045.159, upstream security release
     High CVE-2023-5997, use after free in Garbage Collection
     High CVE-2023-6112, use after free in Navigation
  - add Requires/Conflicts for ABI break in fmpeg-free 6.0.1
  - drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1
  - fixed python3 syntaxWarning: invalid escape sequenc
  - skip clang's patches for epel8 that now gets clang-16 update
* Mon Nov 13 2023 Than Ngo <than@redhat.com> - 119.0.6045.123-2
  - fixed bz#2240127, Some h.264 mp4s do not play
* Wed Nov 08 2023 Than Ngo <than@redhat.com> - 119.0.6045.123-1
  - update to 119.0.6045.123, include following security fixes:
    high CVE-2023-5996: Use after free in WebAudio
* Tue Nov 07 2023 Than Ngo <than@redhat.com> - 119.0.6045.105-2
  - enable debuginfo
* Wed Nov 01 2023 Than Ngo <than@redhat.com> - 119.0.6045.105-1
  - update to 119.0.6045.105
* Fri Oct 27 2023 Than Ngo <than@redhat.com> - 119.0.6045.59-1
  - update 119.0.6045.59
* Wed Oct 25 2023 Than Ngo <than@redhat.com> - 118.0.5993.117-1
  - update to 118.0.5993.117
* Wed Oct 18 2023 Than Ngo <than@redhat.com> - 118.0.5993.88-1
  - update to 118.0.5993.88
  - cleanup the package dependencies
* Mon Oct 16 2023 Than Ngo <than@redhat.com> - 118.0.5993.70-2
  - fix tab crash with SIGTRAP when using system ffmpeg

Files

/usr/lib/.build-id
/usr/lib/.build-id/6a
/usr/lib/.build-id/6a/49639295b0ede8d9c832b0c5257003f289820f
/usr/lib64/chromium-browser/headless_command_resources.pak
/usr/lib64/chromium-browser/headless_lib_data.pak
/usr/lib64/chromium-browser/headless_lib_strings.pak
/usr/lib64/chromium-browser/headless_shell


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Oct 26 00:04:29 2025