[ol10_u1_developer_EPEL] chromium-headless-147.0.7727.137-1.el10_1.aarch64

Name:	chromium-headless
Version:	147.0.7727.137
Release:	1.el10_1
Architecture:	aarch64
Group:	Unspecified
Size:	191923586
License:	BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
RPM:	chromium-headless-147.0.7727.137-1.el10_1.aarch64.rpm
Source RPM:	chromium-147.0.7727.137-1.el10_1.src.rpm
Build Date:	Wed May 06 2026
Build Host:	build-ol10-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.chromium.org/Home
Summary:	A minimal headless shell built from Chromium
Description:	A minimal headless client built from Chromium. headless_shell is built without support for alsa, cups, dbus, gconf, gio, kerberos, pulseaudio, or udev.

Changelog (Show File list) (Show related packages)

Wed Apr 29 2026 Than Ngo <than@redhat.com> - 147.0.7727.137-1

- Update to 147.0.7727.137
   * Critical CVE-2026-7363: Use after free in Canvas
   * Critical CVE-2026-7361: Use after free in iOS
   * Critical CVE-2026-7344: Use after free in Accessibility
   * Critical CVE-2026-7343: Use after free in Views
   * High CVE-2026-7333: Use after free in GPU
   * High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
   * High CVE-2026-7359: Use after free in ANGLE
   * High CVE-2026-7358: Use after free in Animation
   * High CVE-2026-7334: Use after free in Views
   * High CVE-2026-7357: Use after free in GPU
   * High CVE-2026-7356: Use after free in Navigation
   * High CVE-2026-7354: Out of bounds read and write in Angle
   * High CVE-2026-7353: Heap buffer overflow in Skia
   * High CVE-2026-7352: Use after free in Media
   * High CVE-2026-7351: Race in MHTML
   * High CVE-2026-7350: Use after free in WebMIDI
   * High CVE-2026-7349: Use after free in Cast
   * High CVE-2026-7348: Use after free in Codecs
   * High CVE-2026-7335: Use after free in media
   * High CVE-2026-7336: Use after free in WebRTC
   * High CVE-2026-7337: Type Confusion in V8
   * High CVE-2026-7347: Use after free in Chromoting
   * High CVE-2026-7346: Inappropriate implementation in Tint
   * High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
   * High CVE-2026-7338: Use after free in Cast
   * High CVE-2026-7342: Use after free in WebView
   * High CVE-2026-7341: Use after free in WebRTC
   * Medium CVE-2026-7339: Heap buffer overflow in WebRTC
   * Medium CVE-2026-7340: Integer overflow in ANGLE
   * Medium CVE-2026-7355: Use after free in Media

Sun Apr 26 2026 Than Ngo <than@redhat.com> - 147.0.7727.116-2

- Fix FTBFS with rust 1.95
- Backport the upstream fix GL native pixmap import support reset in GpuInit

Thu Apr 23 2026 Than Ngo <than@redhat.com> - 147.0.7727.116-1

- Update to 147.0.7727.116
  * High CVE-2026-6919: Use after free in DevTools
  * High CVE-2026-6920: Out of bounds read in GPU
  * Medium CVE-2026-6921: Race in GPU
- Fix rhbz#2458171, unexpanded macros in manpage

Wed Apr 15 2026 Than Ngo <than@redhat.com> - 147.0.7727.101-1

- Update to 147.0.7727.101
  * Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  * Critical CVE-2026-6297: Use after free in Proxy
  * Critical CVE-2026-6298: Heap buffer overflow in Skia
  * Critical CVE-2026-6299: Use after free in Prerender
  * Critical CVE-2026-6358: Use after free in XR
  * High CVE-2026-6359: Use after free in Video
  * High CVE-2026-6300: Use after free in CSS
  * High CVE-2026-6301: Type Confusion in Turbofan
  * High CVE-2026-6302: Use after free in Video
  * High CVE-2026-6303: Use after free in Codecs
  * High CVE-2026-6304: Use after free in Graphite
  * High CVE-2026-6305: Heap buffer overflow in PDFium
  * High CVE-2026-6306: Heap buffer overflow in PDFium
  * High CVE-2026-6307: Type Confusion in Turbofan
  * High CVE-2026-6308: Out of bounds read in Media
  * High CVE-2026-6309: Use after free in Viz
  * High CVE-2026-6360: Use after free in FileSystem
  * High CVE-2026-6310: Use after free in Dawn
  * High CVE-2026-6311: Uninitialized Use in Accessibility
  * High CVE-2026-6312: Insufficient policy enforcement in Passwords
  * High CVE-2026-6313: Insufficient policy enforcement in CORS
  * High CVE-2026-6314: Out of bounds write in GPU
  * High CVE-2026-6315: Use after free in Permissions
  * High CVE-2026-6316: Use after free in Forms
  * High CVE-2026-6361: Heap buffer overflow in PDFium
  * High CVE-2026-6362: Use after free in Codecs
  * High CVE-2026-6317: Use after free in Cast
  * Medium CVE-2026-6363: Type Confusion in V8
  * Medium CVE-2026-6318: Use after free in Codecs
  * Medium CVE-2026-6319: Use after free in Payments
  * Medium CVE-2026-6364: Out of bounds read in Skia

Thu Apr 09 2026 Than Ngo <than@redhat.com> - 147.0.7727.55-1

- Update to 147.0.7727.55
  * Critical CVE-2026-5858: Heap buffer overflow in WebML
  * Critical CVE-2026-5859: Integer overflow in WebML
  * High CVE-2026-5860: Use after free in WebRTC
  * High CVE-2026-5861: Use after free in V8
  * High CVE-2026-5862: Inappropriate implementation in V8
  * High CVE-2026-5863: Inappropriate implementation in V8
  * High CVE-2026-5864: Heap buffer overflow in WebAudio
  * High CVE-2026-5865: Type Confusion in V8
  * High CVE-2026-5866: Use after free in Media
  * High CVE-2026-5867: Heap buffer overflow in WebML
  * High CVE-2026-5868: Heap buffer overflow in ANGLE
  * High CVE-2026-5869: Heap buffer overflow in WebML
  * High CVE-2026-5870: Integer overflow in Skia
  * High CVE-2026-5871: Type Confusion in V8
  * High CVE-2026-5872: Use after free in Blink
  * High CVE-2026-5873: Out of bounds read and write in V8
  * Medium CVE-2026-5874: Use after free in PrivateAI
  * Medium CVE-2026-5875: Policy bypass in Blink
  * Medium CVE-2026-5876: Side-channel information leakage in Navigation
  * Medium CVE-2026-5877: Use after free in Navigation
  * Medium CVE-2026-5878: Incorrect security UI in Blink
  * Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
  * Medium CVE-2026-5880: Incorrect security UI in browser UI
  * Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
  * Medium CVE-2026-5882: Incorrect security UI in Fullscreen
  * Medium CVE-2026-5883: Use after free in Media
  * Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
  * Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
  * Medium CVE-2026-5886: Out of bounds read in WebAudio
  * Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
  * Medium CVE-2026-5888: Uninitialized Use in WebCodecs
  * Medium CVE-2026-5889: Cryptographic Flaw in PDFium
  * Medium CVE-2026-5890: Race in WebCodecs
  * Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
  * Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
  * Medium CVE-2026-5893: Race in V8
  * Low CVE-2026-5894: Inappropriate implementation in PDF
  * Low CVE-2026-5895: Incorrect security UI in Omnibox
  * Low CVE-2026-5896: Policy bypass in Audio
  * Low CVE-2026-5897: Incorrect security UI in Downloads
  * Low CVE-2026-5898: Incorrect security UI in Omnibox
  * Low CVE-2026-5899: Incorrect security UI in History Navigation
  * Low CVE-2026-5900: Policy bypass in Downloads
  * Low CVE-2026-5901: Policy bypass in DevTools
  * Low CVE-2026-5902: Race in Media
  * Low CVE-2026-5903: Policy bypass in IFrameSandbox
  * Low CVE-2026-5904: Use after free in V8
  * Low CVE-2026-5905: Incorrect security UI in Permissions
  * Low CVE-2026-5906: Incorrect security UI in Omnibox
  * Low CVE-2026-5907: Insufficient data validation in Media
  * Low CVE-2026-5908: Integer overflow in Media
  * Low CVE-2026-5909: Integer overflow in Media
  * Low CVE-2026-5910: Integer overflow in Media
  * Low CVE-2026-5911: Policy bypass in ServiceWorkers
  * Low CVE-2026-5912: Integer overflow in WebRTC
  * Low CVE-2026-5913: Out of bounds read in Blink
  * Low CVE-2026-5914: Type Confusion in CSS
  * Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
  * Low CVE-2026-5918: Inappropriate implementation in Navigation
  * Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

Wed Apr 01 2026 Than Ngo <than@redhat.com> - 146.0.7680.177-1

- Update to 146.0.7680.177
  * High CVE-2026-5273: Use after free in CSS
  * High CVE-2026-5272: Heap buffer overflow in GPU
  * High CVE-2026-5274: Integer overflow in Codecs
  * High CVE-2026-5275: Heap buffer overflow in ANGLE
  * High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  * High CVE-2026-5277: Integer overflow in ANGLE
  * High CVE-2026-5278: Use after free in Web MIDI
  * High CVE-2026-5279: Object corruption in V8
  * High CVE-2026-5280: Use after free in WebCodecs
  * High CVE-2026-5281: Use after free in Dawn
  * High CVE-2026-5282: Out of bounds read in WebCodecs
  * High CVE-2026-5283: Inappropriate implementation in ANGLE
  * High CVE-2026-5284: Use after free in Dawn
  * High CVE-2026-5285: Use after free in WebGL
  * High CVE-2026-5286: Use after free in Dawn
  * High CVE-2026-5287: Use after free in PDF
  * High CVE-2026-5288: Use after free in WebView
  * High CVE-2026-5289: Use after free in Navigation
  * High CVE-2026-5290: Use after free in Compositing
  * Medium CVE-2026-5291: Inappropriate implementation in WebGL
  * Medium CVE-2026-5292: Out of bounds read in WebCodecs

Tue Mar 24 2026 Than Ngo <than@redhat.com> - 146.0.7680.164-1

- Update to 146.0.7680.164
  * High CVE-2026-4673: Heap buffer overflow in WebAudio
  * High CVE-2026-4674: Out of bounds read in CSS
  * High CVE-2026-4675: Heap buffer overflow in WebGL
  * High CVE-2026-4676: Use after free in Dawn
  * High CVE-2026-4677: Out of bounds read in WebAudio
  * High CVE-2026-4678: Use after free in WebGPU
  * High CVE-2026-4679: Integer overflow in Fonts
  * High CVE-2026-4680: Use after free in FedCM

Fri Mar 20 2026 Than Ngo <than@redhat.com> - 146.0.7680.153-1

- Update to 146.0.7680.153
  * CVE-2026-4439: Out of bounds memory access in WebGL
  * CVE-2026-4440: Out of bounds read and write in WebGL
  * CVE-2026-4441: Use after free in Base
  * CVE-2026-4442: Heap buffer overflow in CSS
  * CVE-2026-4443: Heap buffer overflow in WebAudio
  * CVE-2026-4444: Stack buffer overflow in WebRTC
  * CVE-2026-4445: Use after free in WebRTC
  * CVE-2026-4446: Use after free in WebRTC
  * CVE-2026-4447: Inappropriate implementation in V8
  * CVE-2026-4448: Heap buffer overflow in ANGLE
  * CVE-2026-4449: Use after free in Blink
  * CVE-2026-4450: Out of bounds write in V8
  * CVE-2026-4451: Insufficient validation of untrusted input in Navigation
  * CVE-2026-4452: Integer overflow in ANGLE
  * CVE-2026-4453: Integer overflow in Dawn
  * CVE-2026-4454: Use after free in Network
  * CVE-2026-4455: Heap buffer overflow in PDFium
  * CVE-2026-4456: Use after free in Digital Credentials API
  * CVE-2026-4457: Type Confusion in V8
  * CVE-2026-4458: Use after free in Extensions
  * CVE-2026-4459: Out of bounds read and write in WebAudio
  * CVE-2026-4460: Out of bounds read in Skia
  * CVE-2026-4461: Inappropriate implementation in V8
  * CVE-2026-4462: Out of bounds read in Blink
  * CVE-2026-4463: Heap buffer overflow in WebRTC
  * CVE-2026-4464: Integer overflow in ANGLE

Sat Mar 14 2026 Than Ngo <than@redhat.com> - 146.0.7680.80-1

- Update to 146.0.7680.80
  * CVE-2026-3909: Out of bounds write in Skia

Fri Mar 13 2026 Than Ngo <than@redhat.com> - 146.0.7680.75-1

- Update to 146.0.7680.75
  * CVE-2026-3910: Inappropriate implementation in V8