Bug 34394 - chromium-browser-stable new security issues CVE-2025-655[4-7],CVE-2025-765[6-8],CVE-2025-986[4-7],CVE-2025-1020[01],CVE-2025-11458,CVE-2025-11460,CVE-2025-11211,CVE-2025-11756,CVE-2025-1242[89],CVE-2025-12036,CVE-2025-1243[0-9],CVE-2025-1244[0134567],...
Summary: chromium-browser-stable new security issues CVE-2025-655[4-7],CVE-2025-765[6-...
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker critical
Target Milestone: Mageia 10
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords: IN_ERRATA9
Depends on:
Blocks: 32127
  Show dependency treegraph
 
Reported: 2025-06-25 15:15 CEST by Nicolas Salguero
Modified: 2026-03-23 10:31 CET (History)
3 users (show)

See Also:
Source RPM: chromium-browser-stable-134.0.6998.117-1.mga10, chromium-browser-stable-136.0.7103.113-3.mga9.tainted
CVE: CVE-2025-6554, CVE-2025-6555, CVE-2025-6556, CVE-2025-6557, CVE-2025-7656, CVE-2025-7657, CVE-2025-7658, CVE-2025-9864, CVE-2025-9865, CVE-2025-9866, CVE-2025-9867
Status comment: Fixed upstream in 146.0.7680.153
marja11: affects_mga9+
fri: in_release_notes10?
j.alberto.vc: in_errata10+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-06-25 15:15:48 CEST 
Upstream has issued an advisory on June 24:
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html
Nicolas Salguero 2025-06-25 15:17:10 CEST

Status comment: (none) => Fixed upstream in 138.0.7204.49
CVE: (none) => CVE-2025-6555, CVE-2025-6556, CVE-2025-6557
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => chromium-browser-stable-134.0.6998.117-1.mga10, chromium-browser-stable-136.0.7103.113-3.mga9.tainted

Comment 1 Lewis Smith 2025-06-25 20:37:44 CEST 
Another one for you because you currently look after this SRPM.

Assignee: bugsquad => nicolas.salguero

Nicolas Salguero 2025-06-25 21:01:32 CEST

Assignee: nicolas.salguero => cjw

Comment 2 katnatek 2025-06-26 03:27:43 CEST 
Remember that now qtwayland6 need be added as recommended package https://bugs.mageia.org/show_bug.cgi?id=34386#c4
Comment 3 Nicolas Salguero 2025-07-01 16:24:48 CEST 
Upstream has issued an advisory on June 30:
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

Google is aware that an exploit for CVE-2025-6554 exists in the wild.

Severity: normal => critical
Status comment: Fixed upstream in 138.0.7204.49 => Fixed upstream in 138.0.7204.96

Nicolas Salguero 2025-07-01 16:25:14 CEST

Summary: chromium-browser-stable new security issues CVE-2025-655[5-7] => chromium-browser-stable new security issues CVE-2025-655[4-7]
CVE: CVE-2025-6555, CVE-2025-6556, CVE-2025-6557 => CVE-2025-6554, CVE-2025-6555, CVE-2025-6556, CVE-2025-6557

Comment 4 Christiaan Welvaart 2025-07-12 15:11:12 CEST 
I'm stuck with M138 at a rust compilation problem:

error[E0658]: use of unstable library feature 'split_at_checked': new API
   --> ../../third_party/rust/chromium_crates_io/vendor/litemap-v0_8/src/store/vec_impl.rs:235:51
    |
235 |     while let Some((before_read, [read, ..])) = v.split_at_mut_checked(read_idx) {
    |                                                   ^^^^^^^^^^^^^^^^^^^^
    |
    = note: see issue #119128 <https://github.com/rust-lang/rust/issues/119128> for more information
    = help: add `#![feature(split_at_checked)]` to the crate attributes to enable
    = note: this compiler was built on 2024-04-29; consider upgrading it if it is out of date

error: aborting due to 1 previous error

For more information about this error, try `rustc --explain E0658`.



When the suggestion is followed, I get (as expected):


error[E0554]: `#![feature]` may not be used on the stable release channel
  --> ../../third_party/rust/chromium_crates_io/vendor/litemap-v0_8/src/lib.rs:62:12
   |
62 | #![feature(split_at_checked)]
   |            ^^^^^^^^^^^^^^^^

error: aborting due to 1 previous error

For more information about this error, try `rustc --explain E0554`.


In the debian package, the '#![feature(split_at_checked)]' is added as a fix, so it seems their rust is built differently.
Comment 5 Nicolas Salguero 2025-07-18 15:34:45 CEST 
Upstream has issued an advisory on July 8:
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop.html

Upstream has issued an advisory on July 15:
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html

Summary: chromium-browser-stable new security issues CVE-2025-655[4-7] => chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8]
CVE: CVE-2025-6554, CVE-2025-6555, CVE-2025-6556, CVE-2025-6557 => CVE-2025-6554, CVE-2025-6555, CVE-2025-6556, CVE-2025-6557, CVE-2025-7656, CVE-2025-7657, CVE-2025-7658
Status comment: Fixed upstream in 138.0.7204.96 => Fixed upstream in 138.0.7204.157

Comment 6 katnatek 2025-07-22 04:46:57 CEST 
(In reply to Christiaan Welvaart from comment #4)
> I'm stuck with M138 at a rust compilation problem:
> 
> error[E0658]: use of unstable library feature 'split_at_checked': new API
>    -->
> ../../third_party/rust/chromium_crates_io/vendor/litemap-v0_8/src/store/
> vec_impl.rs:235:51
>     |
> 235 |     while let Some((before_read, [read, ..])) =
> v.split_at_mut_checked(read_idx) {
>     |                                                   ^^^^^^^^^^^^^^^^^^^^
>     |
>     = note: see issue #119128
> <https://github.com/rust-lang/rust/issues/119128> for more information
>     = help: add `#![feature(split_at_checked)]` to the crate attributes to
> enable
>     = note: this compiler was built on 2024-04-29; consider upgrading it if
> it is out of date
> 
> error: aborting due to 1 previous error
> 
> For more information about this error, try `rustc --explain E0658`.
> 
> 
> 
> When the suggestion is followed, I get (as expected):
> 
> 
> error[E0554]: `#![feature]` may not be used on the stable release channel
>   -->
> ../../third_party/rust/chromium_crates_io/vendor/litemap-v0_8/src/lib.rs:62:
> 12
>    |
> 62 | #![feature(split_at_checked)]
>    |            ^^^^^^^^^^^^^^^^
> 
> error: aborting due to 1 previous error
> 
> For more information about this error, try `rustc --explain E0554`.
> 
> 
> In the debian package, the '#![feature(split_at_checked)]' is added as a
> fix, so it seems their rust is built differently.

Could require a rust > 1.78 ?

CC: (none) => j.alberto.vc

Comment 7 katnatek 2025-07-22 04:59:56 CEST 
(In reply to katnatek from comment #6)
> (In reply to Christiaan Welvaart from comment #4)
> > I'm stuck with M138 at a rust compilation problem:
> > 
> > error[E0658]: use of unstable library feature 'split_at_checked': new API
> >    -->
> > ../../third_party/rust/chromium_crates_io/vendor/litemap-v0_8/src/store/
> > vec_impl.rs:235:51
> >     |
> > 235 |     while let Some((before_read, [read, ..])) =
> > v.split_at_mut_checked(read_idx) {
> >     |                                                   ^^^^^^^^^^^^^^^^^^^^
> >     |
> >     = note: see issue #119128
> > <https://github.com/rust-lang/rust/issues/119128> for more information
> >     = help: add `#![feature(split_at_checked)]` to the crate attributes to
> > enable
> >     = note: this compiler was built on 2024-04-29; consider upgrading it if
> > it is out of date
> > 
> > error: aborting due to 1 previous error
> > 
> > For more information about this error, try `rustc --explain E0658`.
> > 
> > 
> > 
> > When the suggestion is followed, I get (as expected):
> > 
> > 
> > error[E0554]: `#![feature]` may not be used on the stable release channel
> >   -->
> > ../../third_party/rust/chromium_crates_io/vendor/litemap-v0_8/src/lib.rs:62:
> > 12
> >    |
> > 62 | #![feature(split_at_checked)]
> >    |            ^^^^^^^^^^^^^^^^
> > 
> > error: aborting due to 1 previous error
> > 
> > For more information about this error, try `rustc --explain E0554`.
> > 
> > 
> > In the debian package, the '#![feature(split_at_checked)]' is added as a
> > fix, so it seems their rust is built differently.
> 
> Could require a rust > 1.78 ?

chromium_138.0.7204.157-1
rustc_1.85.0+dfsg3-1
Ugh a big jump
katnatek 2025-07-22 05:15:16 CEST

Depends on: (none) => 34500

Comment 8 katnatek 2025-07-25 18:45:09 CEST 
Just one question the stuck is only in mageia 9 build or cauldron too?
Comment 9 Christiaan Welvaart 2025-07-26 01:25:51 CEST 
Sorry, false alarm on the rust stuff. The "export RUSTC_BOOTSTRAP=1" in the spec file fixes the second error. After adding the #![feature...], I had only tried running ninja on the command line, without setting that env var.

Status: NEW => ASSIGNED

katnatek 2025-07-27 04:25:25 CEST

Depends on: 34500 => (none)

Comment 10 Nicolas Salguero 2025-08-27 15:38:36 CEST 
Upstream has issued an advisory on July 2:
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html

Upstream has issued an advisory on July 29:
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html

Upstream has issued an advisory on August 5:
https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html

Upstream has issued an advisory on August 12:
https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html

Upstream has issued an advisory on August 19:
https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html

Upstream has issued an advisory on August 26:
https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_26.html

Status comment: Fixed upstream in 138.0.7204.157 => Fixed upstream in 139.0.7258.154

Comment 11 Nicolas Salguero 2025-08-27 15:39:38 CEST 
(In reply to Nicolas Salguero from comment #10)
> Upstream has issued an advisory on July 2:
> https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-
> desktop_22.html

The date is July 22, not July 2.
Comment 12 Nicolas Salguero 2025-09-03 09:10:36 CEST 
Upstream has issued an advisory on September 2:
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html

Status comment: Fixed upstream in 139.0.7258.154 => Fixed upstream in 140.0.7339.80
CVE: CVE-2025-6554, CVE-2025-6555, CVE-2025-6556, CVE-2025-6557, CVE-2025-7656, CVE-2025-7657, CVE-2025-7658 => CVE-2025-6554, CVE-2025-6555, CVE-2025-6556, CVE-2025-6557, CVE-2025-7656, CVE-2025-7657, CVE-2025-7658, CVE-2025-9864, CVE-2025-9865, CVE-2025-9866, CVE-2025-9867
Summary: chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8] => chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8], CVE-2025-986[4-7]

Comment 13 Nicolas Salguero 2025-09-17 09:17:12 CEST 
Upstream has issued an advisory on September 9:
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html

Summary: chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8], CVE-2025-986[4-7] => chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8], CVE-2025-986[4-7], CVE-2025-1020[01]
Status comment: Fixed upstream in 140.0.7339.80 => Fixed upstream in 140.0.7339.127

Comment 14 Nicolas Salguero 2025-10-07 15:46:03 CEST 
Upstream has issued an advisory on September 17:
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

Upstream has issued an advisory on September 23:
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html

Upstream has issued an advisory on September 25:
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_25.html

Upstream has issued an advisory on September 30:
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html

Status comment: Fixed upstream in 140.0.7339.127 => Fixed upstream in 141.0.7390.54

Morgan Leijström 2025-10-07 17:08:32 CEST

CC: (none) => fri

Comment 15 Nicolas Salguero 2025-10-15 15:12:32 CEST 
Upstream has issued an advisory on October 7:
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html

Upstream has issued an advisory on October 9:
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_9.html

Upstream has issued an advisory on October 14:
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html

Summary: chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8], CVE-2025-986[4-7], CVE-2025-1020[01] => chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8], CVE-2025-986[4-7], CVE-2025-1020[01], CVE-2025-11458, CVE-2025-11460, CVE-2025-11211, CVE-2025-11756
Status comment: Fixed upstream in 141.0.7390.54 => Fixed upstream in 141.0.7390.107

katnatek 2025-10-16 22:14:14 CEST

CC: j.alberto.vc => (none)

Comment 16 Nicolas Salguero 2025-10-28 10:41:54 CET 
Upstream has issued an advisory on October 21:
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_21.html

Status comment: Fixed upstream in 141.0.7390.107 => Fixed upstream in 141.0.7390.122

Comment 17 Nicolas Salguero 2025-10-30 16:13:23 CET 
Upstream has issued an advisory on October 28:
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

Summary: chromium-browser-stable new security issues CVE-2025-655[4-7], CVE-2025-765[6-8], CVE-2025-986[4-7], CVE-2025-1020[01], CVE-2025-11458, CVE-2025-11460, CVE-2025-11211, CVE-2025-11756 => chromium-browser-stable new security issues CVE-2025-655[4-7],CVE-2025-765[6-8],CVE-2025-986[4-7],CVE-2025-1020[01],CVE-2025-11458,CVE-2025-11460,CVE-2025-11211,CVE-2025-11756,CVE-2025-1242[89],CVE-2025-12036,CVE-2025-1243[0-9],CVE-2025-1244[0134567]
Status comment: Fixed upstream in 141.0.7390.122 => Fixed upstream in 142.0.7444.59

Comment 18 Nicolas Salguero 2025-11-07 08:19:59 CET 
Upstream has issued an advisory on November 5:
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html

new CVEs : CVE-2025-1272[5-9]

Summary: chromium-browser-stable new security issues CVE-2025-655[4-7],CVE-2025-765[6-8],CVE-2025-986[4-7],CVE-2025-1020[01],CVE-2025-11458,CVE-2025-11460,CVE-2025-11211,CVE-2025-11756,CVE-2025-1242[89],CVE-2025-12036,CVE-2025-1243[0-9],CVE-2025-1244[0134567] => chromium-browser-stable new security issues CVE-2025-655[4-7],CVE-2025-765[6-8],CVE-2025-986[4-7],CVE-2025-1020[01],CVE-2025-11458,CVE-2025-11460,CVE-2025-11211,CVE-2025-11756,CVE-2025-1242[89],CVE-2025-12036,CVE-2025-1243[0-9],CVE-2025-1244[0134567],...
Status comment: Fixed upstream in 142.0.7444.59 => Fixed upstream in 142.0.7444.134

Comment 19 Nicolas Salguero 2025-11-12 15:27:48 CET 
Upstream has issued an advisory on November 11:
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_11.html

new CVE: CVE-2025-13042

Status comment: Fixed upstream in 142.0.7444.134 => Fixed upstream in 142.0.7444.162

Comment 20 Nicolas Salguero 2025-11-18 10:15:41 CET 
Upstream has issued an advisory on November 17:
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

new CVEs: CVE-2025-1322[34]

Status comment: Fixed upstream in 142.0.7444.162 => Fixed upstream in 142.0.7444.175

Comment 21 Nicolas Salguero 2025-12-03 11:46:53 CET 
Upstream has issued an advisory on December 2:
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html

new CVEs: CVE-2025-1363[0-4], CVE-2025-1372[01], CVE-2025-1363[5-9], CVE-2025-13640

Status comment: Fixed upstream in 142.0.7444.175 => Fixed upstream in 143.0.7499.40

Comment 22 katnatek 2025-12-08 21:57:30 CET 
Time to add a errata suggesting the use of flatpak or google rpm?

Keywords: (none) => FOR_ERRATA9

Comment 23 Morgan Leijström 2025-12-08 22:01:02 CET 
Yes. Is already in place since previous struggles :-)
https://wiki.mageia.org/en/Mageia_9_Errata#Chromium_browser

Keywords: FOR_ERRATA9 => IN_ERRATA9

Comment 24 Morgan Leijström 2025-12-08 22:01:48 CET 
And for mga10 too.

Keywords: (none) => IN_ERRATA10

Comment 25 Nicolas Salguero 2025-12-11 16:36:09 CET 
Upstream has issued an advisory on December 10:
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html

new CVEs: CVE-2025-1437[23]
Comment 26 Nicolas Salguero 2025-12-17 09:11:10 CET 
(In reply to Nicolas Salguero from comment #25)
> Upstream has issued an advisory on December 10:
> https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-
> desktop_10.html
> 
> new CVEs: CVE-2025-1437[23]

and CVE-2025-14174
Comment 27 Nicolas Salguero 2025-12-17 09:11:53 CET 
Upstream has issued an advisory on December 16:
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html

new CVEs: CVE-2025-1476[56]
Nicolas Salguero 2025-12-17 09:12:11 CET

Status comment: Fixed upstream in 143.0.7499.40 => Fixed upstream in 143.0.7499.146

Comment 28 Marja Van Waes 2025-12-31 14:04:04 CET 
Adding the flag: affects_mga9 +
to all bugs with MGA9TOO on the whiteboard, without removing MGA9TOO (for now).

Flags: (none) => affects_mga9+

Comment 29 katnatek 2026-01-02 19:43:51 CET 
Change keyword for flag status

Keywords: IN_ERRATA10 => (none)
Flags: (none) => in_errata10+

Comment 30 Nicolas Salguero 2026-01-05 09:41:58 CET 
Upstream has issued an advisory on December 18:
https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_18.html
Nicolas Salguero 2026-01-05 09:42:12 CET

Status comment: Fixed upstream in 143.0.7499.146 => Fixed upstream in 143.0.7499.169

Comment 31 Nicolas Salguero 2026-01-07 10:26:05 CET 
Upstream has issued an advisory on January 6:
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html

new CVE: CVE-2026-0628

Status comment: Fixed upstream in 143.0.7499.169 => Fixed upstream in 143.0.7499.192

Comment 32 Morgan Leijström 2026-01-07 14:13:15 CET 
We should really drop chromium.
And when so note it in 10 Release notes, not in Errata.
Mention users can use flatpak, or upstream packages, to get it.

Flags: (none) => in_release_notes10?

Morgan Leijström 2026-01-07 14:18:34 CET

Blocks: (none) => 32127

Comment 33 Nicolas Salguero 2026-01-14 09:19:23 CET 
Upstream has issued an advisory on January 13:
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html

new CVEs: CVE-2026-0899, CVE-2026-090[0-8]

Status comment: Fixed upstream in 143.0.7499.192 => Fixed upstream in 144.0.7559.59

Comment 34 Nicolas Salguero 2026-01-21 16:08:25 CET 
Upstream has issued an advisory on January 20:
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_20.html

new CVE: CVE-2026-1220

Status comment: Fixed upstream in 144.0.7559.59 => Fixed upstream in 144.0.7559.96

Comment 35 Nicolas Salguero 2026-01-28 17:29:50 CET 
Upstream has issued an advisory on January 27:
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html

new CVE: CVE-2026-1504

Status comment: Fixed upstream in 144.0.7559.96 => Fixed upstream in 144.0.7559.109

Comment 36 Morgan Leijström 2026-01-28 19:22:00 CET 
We are already in internal 10beta1 ISO, with a too old chromium, no maintainer -neither registered or stand-in.

Cauldron only have Chromium-browser 134 from 2025-03-25
 in 10/x86_64/media/tainted/release/ 

If not solved very soon, we should drop now before release, and in release notes suggest other ways to get it.

Target Milestone: --- => Mageia 10
Priority: Normal => release_blocker

Comment 37 Nicolas Salguero 2026-02-04 11:09:27 CET 
Upstream has issued an advisory on February 3:
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html

new CVEs: CVE-2026-186[12]
Nicolas Salguero 2026-02-04 11:09:43 CET

Status comment: Fixed upstream in 144.0.7559.109 => Fixed upstream in 144.0.7559.132

Comment 38 Nicolas Salguero 2026-02-13 09:04:21 CET 
Upstream has issued an advisory on February 10:
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html
Upstream has issued an advisory on February 12:
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_12.html

new CVEs: CVE-2026-231[3-9], CVE-2026-232[0-3]

Status comment: Fixed upstream in 144.0.7559.132 => Fixed upstream in 145.0.7632.67

Comment 39 Nicolas Salguero 2026-02-16 13:56:24 CET 
Upstream has issued an advisory on February 13:
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

new CVE: CVE-2026-2441

Status comment: Fixed upstream in 145.0.7632.67 => Fixed upstream in 145.0.7632.75

Comment 40 Nicolas Salguero 2026-02-20 08:10:24 CET 
Upstream has issued an advisory on February 18:
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html

new CVEs: CVE-2026-264[89], CVE-2026-2650
Nicolas Salguero 2026-02-20 08:10:42 CET

Status comment: Fixed upstream in 145.0.7632.75 => Fixed upstream in 145.0.7632.109

Comment 41 Nicolas Salguero 2026-03-02 11:32:02 CET 
Upstream has issued an advisory on February 23:
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html

new CVEs: CVE-2026-306[1-3]
Comment 42 Nicolas Salguero 2026-03-06 08:44:33 CET 
Upstream has issued an advisory on March 3:
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html

new CVEs: CVE-2026-353[6-9], CVE-2026-354[0-5]

Status comment: Fixed upstream in 145.0.7632.109 => Fixed upstream in 145.0.7632.159

Comment 43 Nicolas Salguero 2026-03-13 07:56:01 CET 
Upstream has issued an advisory on March 10:
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html

Upstream has issued an advisory on March 12:
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html

new CVEs: CVE-2026-3909, CVE-2026-391[03456789], CVE-2026-392[0-9], CVE-2026-393[012456789], CVE-2026-394[0-2]
Nicolas Salguero 2026-03-13 07:56:45 CET

Status comment: Fixed upstream in 145.0.7632.159 => Fixed upstream in 146.0.7680.75

papoteur 2026-03-17 16:36:35 CET

CC: (none) => yves.brungard
Assignee: cjw => pkg-bugs

Comment 44 Nicolas Salguero 2026-03-17 16:44:45 CET 
Upstream has issued an advisory on March 13:
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html

Status comment: Fixed upstream in 146.0.7680.75 => Fixed upstream in 146.0.7680.80

Comment 45 David GEIGER 2026-03-19 23:16:58 CET 
As anyone worked on chromium-browser-stable, please could a sysadmin drop chromium-browser-stable-134.0.6998.117-1.mga10.tainted.src.rpm from Cauldron, please?

It can be easily reimported if someone would work on it! thanks for your comprehension and let's stop wasting time.

CC: (none) => geiger.david68210

Comment 46 Nicolas Salguero 2026-03-23 10:31:20 CET 
Upstream has issued an advisory on March 18:
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html

new CVEs: CVE-2026-4439, CVE-2026-444[0-9], CVE-2026-445[0-9], CVE-2026-446[0-4]

Status comment: Fixed upstream in 146.0.7680.80 => Fixed upstream in 146.0.7680.153
Note You need to log in before you can comment on or make changes to this bug.