head 1.57; access; symbols pkgsrc-2026Q1:1.49.0.2 pkgsrc-2026Q1-base:1.49 pkgsrc-2025Q4:1.31.0.2 pkgsrc-2025Q4-base:1.31 pkgsrc-2025Q3:1.19.0.2 pkgsrc-2025Q3-base:1.19 pkgsrc-2025Q2:1.10.0.2 pkgsrc-2025Q2-base:1.10 pkgsrc-2025Q1:1.4.0.2 pkgsrc-2025Q1-base:1.4; locks; strict; comment @# @; 1.57 date 2026.05.14.16.42.19; author ryoon; state Exp; branches; next 1.56; commitid tKipFjQKzke3NNFG; 1.56 date 2026.05.14.13.44.21; author kikadf; state Exp; branches; next 1.55; commitid cXmMvuaqQT32OMFG; 1.55 date 2026.05.10.15.29.46; author kikadf; state Exp; branches; next 1.54; commitid SyX3h0lYaSxpwhFG; 1.54 date 2026.05.01.16.37.25; author kikadf; state Exp; branches; next 1.53; commitid SyBKQQJx7yEec8EG; 1.53 date 2026.04.21.15.21.07; author kikadf; state Exp; branches; next 1.52; commitid WF34zDf4vSqU3QCG; 1.52 date 2026.04.10.17.31.46; author kikadf; state Exp; branches; next 1.51; commitid WY5RZg3wS2F5arBG; 1.51 date 2026.04.02.13.25.29; author kikadf; state Exp; branches; next 1.50; commitid FqusiFhmpWGb4oAG; 1.50 date 2026.03.29.16.43.50; author tnn; state Exp; branches; next 1.49; commitid xVD8zUlYhP5YhTzG; 1.49 date 2026.03.25.08.07.12; author kikadf; state Exp; branches; next 1.48; commitid NzHgSsQ1jpWWykzG; 1.48 date 2026.03.21.16.28.15; author kikadf; state Exp; branches; next 1.47; commitid LGHGaZxAiZ4OsRyG; 1.47 date 2026.03.14.19.24.49; author kikadf; state Exp; branches; next 1.46; commitid SnMHwDH180wjFYxG; 1.46 date 2026.03.14.12.40.22; author kikadf; state Exp; branches; next 1.45; commitid q4jiyADaBQJ3qWxG; 1.45 date 2026.03.09.19.05.36; author kikadf; state Exp; branches; next 1.44; commitid KTcfjIt2dVkHIkxG; 1.44 date 2026.02.26.11.45.39; author kikadf; state Exp; branches; next 1.43; commitid HxdpvJHOPMaHDSvG; 1.43 date 2026.02.22.08.46.28; author kikadf; state Exp; branches; next 1.42; commitid Z8kDneZ4MOscMlvG; 1.42 date 2026.02.15.09.03.54; author kikadf; state Exp; branches; next 1.41; commitid wC0CmxiLIcAz5suG; 1.41 date 2026.02.06.10.06.06; author wiz; state Exp; branches; next 1.40; commitid MwQEYCXeWSFvIitG; 1.40 date 2026.01.29.12.44.16; author kikadf; state Exp; branches; next 1.39; commitid BkC6OXqtTtDBRhsG; 1.39 date 2026.01.27.08.40.48; author wiz; state Exp; branches; next 1.38; commitid f4MYtJVcsY7dz0sG; 1.38 date 2026.01.22.19.08.09; author kikadf; state Exp; branches; next 1.37; commitid z8hb7xdjn8JfdqrG; 1.37 date 2026.01.19.16.14.05; author kikadf; state Exp; branches; next 1.36; commitid T1nlh0FgifRrj1rG; 1.36 date 2026.01.09.18.57.04; author kikadf; state Exp; branches; next 1.35; commitid uLDoRtiZOUjXyKpG; 1.35 date 2026.01.08.17.46.35; author kikadf; state Exp; branches; next 1.34; commitid ioRiUCkTNykHcCpG; 1.34 date 2026.01.07.08.49.16; author wiz; state Exp; branches; next 1.33; commitid 1wQ3ICD8eebefrpG; 1.33 date 2026.01.06.15.55.51; author ryoon; state Exp; branches; next 1.32; commitid 2m62e9sfYBd9FlpG; 1.32 date 2025.12.23.13.22.09; author kikadf; state Exp; branches; next 1.31; commitid pcOpX5XnueCTfxnG; 1.31 date 2025.12.13.14.53.45; author kikadf; state Exp; branches; next 1.30; commitid J35BnWTDpQrB5gmG; 1.30 date 2025.12.11.09.13.26; author kikadf; state Exp; branches; next 1.29; commitid q6Ed7pzhZW5rgYlG; 1.29 date 2025.11.20.09.19.26; author kikadf; state Exp; branches; next 1.28; commitid N3IQlMVoAnpJYgjG; 1.28 date 2025.11.20.08.36.03; author kikadf; state Exp; branches; next 1.27; commitid GTwx5lrzjbE5JgjG; 1.27 date 2025.11.12.19.12.00; author kikadf; state Exp; branches; next 1.26; commitid KKMLSKXYgxQ3wiiG; 1.26 date 2025.11.08.15.40.35; author kikadf; state Exp; branches; next 1.25; commitid EPUulw6BhgmwtLhG; 1.25 date 2025.11.04.14.55.28; author kikadf; state Exp; branches; next 1.24; commitid qfucP2L8NrpolfhG; 1.24 date 2025.10.27.11.27.36; author kikadf; state Exp; branches; next 1.23; commitid f8A4ntMj0KBQrcgG; 1.23 date 2025.10.23.20.39.45; author wiz; state Exp; branches; next 1.22; commitid 1V2hBZn9ypXaCJfG; 1.22 date 2025.10.16.19.43.17; author kikadf; state Exp; branches; next 1.21; commitid pJyaYsgZ3njIxPeG; 1.21 date 2025.09.30.16.07.40; author wiz; state Exp; branches; next 1.20; commitid B311XLQVo25qSKcG; 1.20 date 2025.09.23.11.39.46; author kikadf; state Exp; branches; next 1.19; commitid 2ik4Hv8NTELzCPbG; 1.19 date 2025.09.12.16.02.18; author kikadf; state Exp; branches; next 1.18; commitid 3rRZ00vWaq6gqraG; 1.18 date 2025.09.08.13.13.46; author kikadf; state Exp; branches; next 1.17; commitid GiSj8cMm5BrSBU9G; 1.17 date 2025.08.30.22.46.30; author wiz; state Exp; branches; next 1.16; commitid 2izPxU30rhec4O8G; 1.16 date 2025.08.29.11.55.26; author kikadf; state Exp; branches; next 1.15; commitid 4bE4Th3ZRUZLvC8G; 1.15 date 2025.08.15.10.47.29; author kikadf; state Exp; branches; next 1.14; commitid a3Pg8SaCqIMmAO6G; 1.14 date 2025.08.13.07.44.14; author kikadf; state Exp; branches; next 1.13; commitid e9vibk03ttN7Dx6G; 1.13 date 2025.08.03.14.20.14; author kikadf; state Exp; branches; next 1.12; commitid q89nQRP29oZe9i5G; 1.12 date 2025.07.25.16.17.08; author kikadf; state Exp; branches; next 1.11; commitid hYvYS1Q7wSs6594G; 1.11 date 2025.07.07.09.23.23; author kikadf; state Exp; branches; next 1.10; commitid rbhlGn8onQ00nN1G; 1.10 date 2025.05.16.16.08.13; author wiz; state Exp; branches; next 1.9; commitid Y2DygAA6jkhRe9VF; 1.9 date 2025.05.09.19.37.15; author wiz; state Exp; branches; next 1.8; commitid WCR78K3U9f0aFgUF; 1.8 date 2025.04.24.14.16.02; author wiz; state Exp; branches; next 1.7; commitid A3VBjL8Zdd4LljSF; 1.7 date 2025.04.19.07.58.31; author wiz; state Exp; branches; next 1.6; commitid 8J0gu7BGAw8XqDRF; 1.6 date 2025.04.17.21.52.45; author wiz; state Exp; branches; next 1.5; commitid xcIXAVA292fk6sRF; 1.5 date 2025.04.10.20.07.52; author wiz; state Exp; branches; next 1.4; commitid COK7ZtSHKpUCLxQF; 1.4 date 2025.02.18.10.33.22; author wiz; state Exp; branches; next 1.3; commitid 48FMK7dcB75ceWJF; 1.3 date 2025.02.12.06.45.38; author ryoon; state Exp; branches; next 1.2; commitid wrOiT0jBBwBs99JF; 1.2 date 2025.02.09.14.44.09; author wiz; state Exp; branches; next 1.1; commitid SkMxSaWBdCZ6UNIF; 1.1 date 2025.02.06.09.57.37; author wiz; state Exp; branches; next ; commitid ItsQhJhMSErRpoIF; desc @@ 1.57 log @*: Recursive revbump from security/nettle-4.0 @ text @# $NetBSD: Makefile,v 1.56 2026/05/14 13:44:21 kikadf Exp $ DISTNAME= chromium-${VERSION} VERSION= 148.0.7778.167 PKGREVISION= 1 CATEGORIES= www MASTER_SITES= https://commondatastorage.googleapis.com/chromium-browser-official/ EXTRACT_SUFX_C= .tar.xz #PROFILE_DISTFILES= chromium-${VERSION}-profdata${EXTRACT_SUFX_C} #SITES.${PROFILE_DISTFILES}= https://nerd.hu/distfiles/ DISTFILES+= ${DISTNAME}-lite${EXTRACT_SUFX_C} #DISTFILES+= ${PROFILE_DISTFILES} # Sources to build on NetBSD NB_VERSION= v148.0 GITHUB_SUBMODULES= kikadf chromium-nb ${NB_VERSION} ./ # rollup GITHUB_SUBMODULES+= rollup rollup v4.22.4 rollup CARGO_WRKSRC= ${WRKSRC}/rollup/rust .include "cargo-depends.mk" # esbuild EB_DISTNAME= ${MAKE} -C ../../www/esbuild -V DISTNAME GITHUB_SUBMODULES+= evanw esbuild v${EB_DISTNAME:sh:C/^.*-//} esbuild # LLVM_MAJOR_VERSION LLVM_MV= 21 # Used nodejs version NODE_VERSIONS_ACCEPTED= 24 MAINTAINER= kikadf@@NetBSD.org HOMEPAGE= https://www.chromium.org/Home COMMENT= Open source web browser LICENSE= modified-bsd AND gnu-lgpl-v3 AND mpl-2.0 USE_TOOLS+= bash bison flex:pkgsrc gmake pax perl pkg-config TOOLS_PLATFORM.flex= # override the platform definition to use pkgsrc's flex. USE_LANGUAGES= c c++ CHECK_PORTABILITY_SKIP+= docs/website/site/for-testers/bug-reporting-guidelines/hanging-tabs/crash-with-gdb CHECK_PORTABILITY_SKIP+= remoting/host/installer/mac/Scripts/remoting_preflight.sh CHECK_PORTABILITY_SKIP+= remoting/host/installer/mac/Scripts/remoting_postflight.sh CHECK_PORTABILITY_SKIP+= remoting/host/installer/mac/tools/ksregister.sh CHECK_PORTABILITY_SKIP+= remoting/host/installer/mac/tools/ksunregister.sh CHECK_PORTABILITY_SKIP+= remoting/tools/get_mac_crd_version.sh CHECK_PORTABILITY_SKIP+= remoting/tools/register_local_nm_hosts.sh CHECK_PORTABILITY_SKIP+= remoting/tools/set_android_flags.sh CHECK_PORTABILITY_SKIP+= third_party/dawn/third_party/dxc/utils/buildit/build_llvm CHECK_PORTABILITY_SKIP+= third_party/ffmpeg/configure CHECK_PORTABILITY_SKIP+= third_party/flatbuffers/src/tests/KotlinTest.sh CHECK_PORTABILITY_SKIP+= third_party/fontconfig/src/.gitlab-ci/fedora-cross.sh CHECK_PORTABILITY_SKIP+= third_party/litert/src/tflite/swift/docsgen/TensorFlowLiteSwift/scripts/download_frameworks.sh CHECK_PORTABILITY_SKIP+= third_party/llvm/flang/tools/f18/flang.sh.in CHECK_PORTABILITY_SKIP+= third_party/nearby/src/embedded/build.sh CHECK_PORTABILITY_SKIP+= third_party/openscreen/src/third_party/protobuf/src/google/protobuf/compiler/zip_output_unittest.sh CHECK_PORTABILITY_SKIP+= third_party/protobuf/post_process_dist.sh CHECK_PORTABILITY_SKIP+= third_party/protobuf/src/google/protobuf/compiler/zip_output_unittest.sh CHECK_PORTABILITY_SKIP+= third_party/rust-src/vendor/libdbus-sys-0.2.5/vendor/dbus/tools/cmake-format CHECK_PORTABILITY_SKIP+= third_party/rust-toolchain/lib/rustlib/src/rust/vendor/libdbus-sys-0.2.5/vendor/dbus/tools/cmake-format CHECK_PORTABILITY_SKIP+= third_party/sqlite/src/configure CHECK_PORTABILITY_SKIP+= third_party/tflite/src/tensorflow/lite/swift/docsgen/TensorFlowLiteSwift/scripts/download_frameworks.sh CHECK_PORTABILITY_SKIP+= third_party/xdg-utils/scripts/xdg-terminal CHECK_PORTABILITY_SKIP+= third_party/xdg-utils/scripts/xdg-terminal.in CHECK_PORTABILITY_SKIP+= tools/perf/cli_tools/android/record-hardware-events CHECK_PORTABILITY_SKIP+= v8/tools/cppgc/export_to_github.sh CHECK_PORTABILITY_SKIP+= v8/tools/cppgc/test_cmake.sh CHECK_PORTABILITY_SKIP+= v8/tools/profiling/run-llprof.sh CHECK_PORTABILITY_SKIP+= v8/tools/run-llprof.sh TOOL_DEPENDS+= gperf>=3.2:../../devel/gperf TOOL_DEPENDS+= esbuild-[0-9]*:../../www/esbuild TOOL_DEPENDS+= ninja-build-[0-9]*:../../devel/ninja-build TOOL_DEPENDS+= ${PYPKGPREFIX}-html5lib-[0-9]*:../../textproc/py-html5lib TOOL_DEPENDS+= ${PYPKGPREFIX}-beautifulsoup4-[0-9]*:../../www/py-beautifulsoup4 TOOL_DEPENDS+= ${PYPKGPREFIX}-ply-[0-9]*:../../devel/py-ply TOOL_DEPENDS+= rust-bindgen-[0-9]*:../../devel/rust-bindgen DEPENDS+= xdg-utils-[0-9]*:../../misc/xdg-utils .include "../../mk/bsd.prefs.mk" .include "../../mk/compiler.mk" # Supported platforms, synced with rust/platform.mk .for c_arch in x86_64 aarch64 ONLY_FOR_PLATFORM+= NetBSD-1[0-9].*-${c_arch} ONLY_FOR_PLATFORM+= Linux-*-${c_arch} ONLY_FOR_PLATFORM+= Darwin-*-${c_arch} ONLY_FOR_PLATFORM+= FreeBSD-*-${c_arch} .endfor # Workaround for brotli and other commands. #BUILDLINK_TRANSFORM.NetBSD+= rm:-ldl # Let to chromium use the -Wl,-z,relro flag BUILDLINK_TRANSFORM+= rm:-Wl,-zrelro # Do not use alloca(3) in libc. BUILDLINK_TRANSFORM+= opt:-std=c11:-std=gnu11 BUILDLINK_TRANSFORM+= opt:-std=c99:-std=gnu99 BUILDLINK_TRANSFORM+= opt:-std=c++14:-std=gnu++14 BUILDLINK_TRANSFORM+= opt:-std=c++17:-std=gnu++17 BUILDLINK_TRANSFORM+= opt:-std=c++20:-std=gnu++20 REPLACE_BASH= chrome/tools/build/linux/chrome-wrapper FILES_SUBST+= PYTHONBIN=${PYTHONBIN:Q} SUBST_CLASSES+= path SUBST_STAGE.path= pre-configure SUBST_MESSAGE.path= Fixing pathes SUBST_FILES.path+= base/base_paths_posix.cc SUBST_FILES.path+= base/process/process_handle_openbsd.cc SUBST_FILES.path+= build/config/rust.gni SUBST_FILES.path+= build/linux/strip_binary.gni SUBST_FILES.path+= build/rust/rust_bindgen.gni SUBST_FILES.path+= build/rust/rust_bindgen_generator.gni SUBST_FILES.path+= chrome/common/chrome_paths.cc SUBST_FILES.path+= chromium.sh SUBST_FILES.path+= components/policy/core/common/policy_paths.cc SUBST_FILES.path+= sandbox/policy/openbsd/sandbox_openbsd.cc SUBST_FILES.path+= services/device/hid/hid_service_freebsd.cc SUBST_FILES.path+= services/device/time_zone_monitor/time_zone_monitor_linux.cc SUBST_FILES.path+= third_party/pdfium/core/fxge/linux/fx_linux_impl.cpp SUBST_FILES.path+= third_party/perfetto/src/base/utils.cc SUBST_FILES.path+= third_party/test_fonts/fontconfig/BUILD.gn SUBST_FILES.path+= v8/tools/run-paxctl.py SUBST_VARS.path+= PREFIX PKG_SYSCONFBASE VARBASE QTDIR X11BASE PYTHONBIN SUBST_CLASSES+= man SUBST_STAGE.man= pre-configure SUBST_MESSAGE.man= Fixing manpage SUBST_FILES.man+= chrome/app/resources/manpage.1.in SUBST_SED.man+= -e 's,@@@@PACKAGE,chromium,g' SUBST_SED.man+= -e 's,@@@@MENUNAME,Chromium Web Browser,g' .include "options.mk" SUBST_CLASSES+= pulse SUBST_STAGE.pulse= pre-configure SUBST_MESSAGE.pulse= Set BUILT_WITH_PULSE to ${WITH_PA} in chromium wrapper SUBST_FILES.pulse+= chromium.sh SUBST_SED.pulse+= -e 's,@@PULSE@@,${WITH_PA},g' .include "tests.mk" BUILDTYPE= Release MAKE_ENV+= BUILDTYPE=${BUILDTYPE} MAKE_ENV+= GPERF=${PREFIX}/bin/gperf TARGET= chrome chromedriver # These libraries are used from the system and the build infrastructure # removes them from the bundled third_party directory and replaces them # with hooks to use them from the system. GN_SYSTEM_LIBS= dav1d GN_SYSTEM_LIBS+= fontconfig # As of 143.0.7499.169, icu-78.1 is incompatible. #GN_SYSTEM_LIBS+= icu GN_SYSTEM_LIBS+= libaom GN_SYSTEM_LIBS+= libjpeg # libjpeg-turbo GN_SYSTEM_LIBS+= libpng GN_SYSTEM_LIBS+= libvpx GN_SYSTEM_LIBS+= libxml GN_SYSTEM_LIBS+= libxslt GN_SYSTEM_LIBS+= openh264 GN_SYSTEM_LIBS+= opus # Need llvm-22 GN_ARGS+= chrome_pgo_phase=0 GN_ARGS+= clang_use_chrome_plugins=false GN_ARGS+= disable_fieldtrial_testing_config=true GN_ARGS+= enable_backup_ref_ptr_support=false GN_ARGS+= enable_hangout_services_extension=true GN_ARGS+= enable_remoting=false GN_ARGS+= enable_widevine=true GN_ARGS+= fatal_linker_warnings=false GN_ARGS+= icu_use_data_file=false GN_ARGS+= is_cfi=false GN_ARGS+= is_clang=true GN_ARGS+= is_component_build=false GN_ARGS+= is_debug=false GN_ARGS+= is_official_build=true GN_ARGS+= moc_qt6_path=\"${PREFIX}/qt6/libexec\" GN_ARGS+= optimize_webui=true GN_ARGS+= thin_lto_enable_optimizations=true GN_ARGS+= treat_warnings_as_errors=false GN_ARGS+= use_allocator_shim=false GN_ARGS+= use_cups=true GN_ARGS+= use_custom_libcxx=true GN_ARGS+= use_custom_libunwind=true GN_ARGS+= use_kerberos=false GN_ARGS+= use_lld=false GN_ARGS+= use_partition_alloc=true GN_ARGS+= use_partition_alloc_as_malloc=false GN_ARGS+= use_qt5=false GN_ARGS+= use_qt6=true GN_ARGS+= use_sndio=false GN_ARGS+= use_sysroot=false GN_ARGS+= use_system_freetype=true GN_ARGS+= use_system_harfbuzz=true GN_ARGS+= use_system_libdrm=true GN_ARGS+= use_system_libjpeg=true #libjpeg-turbo GN_ARGS+= use_thin_lto=false GN_ARGS+= use_udev=true GN_ARGS+= use_vaapi=false GN_ARGS+= v8_enable_cet_ibt=true # flags CFLAGS+= -fno-stack-protector CFLAGS+= -isystem${PREFIX}/lib/clang/${LLVM_MV}/include # third_party/zlib with clang CFLAGS+= -Wno-error=unused-command-line-argument CFLAGS+= -Wno-unknown-warning-option EXTRA_LDFLAGS= -L${PREFIX}/lib \ -L${X11BASE}/lib \ ${COMPILER_RPATH_FLAG}${PREFIX}/lib \ ${COMPILER_RPATH_FLAG}${PREFIX}/lib/nspr \ ${COMPILER_RPATH_FLAG}${PREFIX}/lib/nss \ ${COMPILER_RPATH_FLAG}${X11BASE}/lib EXTRA_CXXFLAGS= -Wno-unknown-warning-option \ -I${BUILDLINK_DIR}/include \ -I${BUILDLINK_DIR}/include/libepoll-shim \ -I${BUILDLINK_DIR}/include/glib \ -I${BUILDLINK_DIR}/include/nss # rust MAKE_ENV+= RUSTC_BOOTSTRAP=1 GN_ARGS+= enable_rust=true GN_ARGS+= rust_sysroot_absolute=\"${PREFIX}\" PLIST_VARS+= swiftshader FFMPEG_PARTS= config.h config_components.h libavcodec libavformat libavutil .if ${MACHINE_ARCH} == "aarch64" FFMPEG_TARGET= arm64 .elif ${MACHINE_ARCH} == "x86_64" TOOL_DEPENDS+= nasm-[0-9]*:../../devel/nasm PLIST.swiftshader= yes FFMPEG_PARTS+= config.asm config_components.asm FFMPEG_TARGET= x64 .endif GN_ARGS+= extra_cxxflags=\"${EXTRA_CXXFLAGS}\" \ extra_ldflags=\"${EXTRA_LDFLAGS}\" # Proprietary codecs are enabled. FFMPEG_BRAND= Chrome FFMPEG_BDIR= ${WRKSRC}/third_party/ffmpeg/build.${FFMPEG_TARGET}.${LOWER_OPSYS}/${FFMPEG_BRAND} FFMPEG_CDIR= ${WRKSRC}/third_party/ffmpeg/chromium/config/${FFMPEG_BRAND}/${LOWER_OPSYS}/${FFMPEG_TARGET} GN_ARGS+= proprietary_codecs=true \ ffmpeg_branding=\"${FFMPEG_BRAND}\" GN_BOOTSTRAP_FLAGS+= --no-clean --no-rebuild GN_BOOTSTRAP_FLAGS+= --skip-generate-buildfiles # API key and OAuth credential for Google. # This is pkgsrc use only. GN_ARGS+= google_api_key=\"AIzaSyAT_3ogzNMKbBMFk3xQ6T35fg52Y9GrFBg\" #GN_ARGS+= google_default_client_id=\"74061691103-faqqnan75j2s8ej3p7lh2k98dhkee816.apps.googleusercontent.com\" #GN_ARGS+= google_default_client_secret=\"3R9TyUv14OXgzJnZi6Ismela\" NOT_PAX_MPROTECT_SAFE+= lib/chromium/chrome #NOT_PAX_ASLR_SAFE+= lib/chromium/chrome PKG_CC= clang PKG_CXX= clang++ UNLIMIT_RESOURCES= datasize post-extract: ${CP} ${FILESDIR}/chromium.sh.in ${WRKSRC}/chromium.sh pre-configure: # Build intternal ffmpeg cd ${WRKSRC}/media/ffmpeg && \ ${PYTHONBIN} scripts/build_ffmpeg.py \ ${LOWER_OPSYS} ${FFMPEG_TARGET} --config-only --branding=${FFMPEG_BRAND} cd ${FFMPEG_BDIR} && ${GMAKE} ffversion.h ${INSTALL_DATA_DIR} ${FFMPEG_CDIR} .for ffmpeg_part in ${FFMPEG_PARTS} cp -pR ${FFMPEG_BDIR}/${ffmpeg_part} ${FFMPEG_CDIR} .endfor # Prepare profdata # cd ${WRKSRC}/chrome/build/pgo_profiles && \ # _p=$$(echo *.profdata) && \ # llvm-profdata merge $${_p}.txt --output=$${_p} # Prepare rust-toolchain ${MKDIR} ${WRKSRC}/third_party/rust-toolchain/bin ${LN} -sf ${PREFIX}/bin/rustc \ ${WRKSRC}/third_party/rust-toolchain/bin/rustc # Prepare gperf ${LN} -sf ${PREFIX}/bin/gperf \ ${WRKSRC}/third_party/gperf/cipd/bin/gperf # Prepare nodejs ${MKDIR} ${WRKSRC}/third_party/node/${LOWER_OPSYS}/node-${LOWER_OPSYS}/bin ${LN} -sf ${PREFIX}/bin/node \ ${WRKSRC}/third_party/node/${LOWER_OPSYS}/node-${LOWER_OPSYS}/bin/node # Prepare esbuild ${LN} -sf ${PREFIX}/bin/esbuild \ ${WRKSRC}/third_party/devtools-frontend/src/third_party/esbuild/esbuild # Prepare rollup ${MKDIR} ${WRKSRC}/third_party/devtools-frontend/src/node_modules/@@rollup/rollup-${LOWER_OPSYS} do-configure: ${RUN} cd ${WRKSRC}/esbuild && \ ${WRKSRC}/third_party/node/${LOWER_OPSYS}/node-${LOWER_OPSYS}/bin/node scripts/esbuild.js \ ${WRKSRC}/third_party/devtools-frontend/src/third_party/esbuild/esbuild --neutral ${RM} -rf ${WRKSRC}/third_party/devtools-frontend/src/node_modules/esbuild ${LN} -sf ${WRKSRC}/esbuild/npm/esbuild \ ${WRKSRC}/third_party/devtools-frontend/src/node_modules/esbuild cd ${WRKSRC} && \ ${SETENV} ${MAKE_ENV} ${PYTHONBIN} ./build/linux/unbundle/replace_gn_files.py \ --system-libraries ${GN_SYSTEM_LIBS} || ${FALSE} cd ${WRKSRC}/tools/gn && \ ${SETENV} ${MAKE_ENV} ${PYTHONBIN} bootstrap/bootstrap.py ${GN_BOOTSTRAP_FLAGS} cd ${WRKSRC} && \ ${SETENV} ${CONFIGURE_ENV} ./out/${BUILDTYPE}/gn \ gen --args="${GN_ARGS}" --script-executable="${PYTHONBIN}" ${GN_VERBOSE} out/${BUILDTYPE} do-build: do-cargo-build cd ${WRKSRC}/third_party/devtools-frontend/src/node_modules/@@rollup && \ ${CP} ${WRKSRC}/rollup/rust/target/release/libbindings_napi.so \ rollup-${LOWER_OPSYS}/rollup.${LOWER_OPSYS}.node && \ ${ECHO} '{ "main": "./rollup.${LOWER_OPSYS}.node" }' > rollup-${LOWER_OPSYS}/package.json ${RUN} ${_ULIMIT_CMD} cd ${WRKSRC} && \ ${SETENV} ${MAKE_ENV} ${PREFIX}/bin/ninja -j ${_MAKE_JOBS_N} -C out/${BUILDTYPE} ${TARGET} CHROMIUM= chromium BUILDDIR= ${WRKSRC}/out/${BUILDTYPE} INSTALLATION_DIRS+= lib/${CHROMIUM} INSTALLATION_DIRS+= bin INSTALLATION_DIRS+= ${PKGMANDIR}/man1 INSTALLATION_DIRS+= share/applications INSTALLATION_DIRS+= share/doc/${CHROMIUM} ICON_SIZES= 22_mono 24 48 64 128 256 .for i in ${ICON_SIZES} ICONS_DIR${i}+= share/icons/hicolor/${i}x${i}/apps INSTALLATION_DIRS+= ${ICONS_DIR${i}} .endfor CHROMIUM_LIBS+= libEGL.so CHROMIUM_LIBS+= libGLESv2.so CHROMIUM_LIBS+= libVkICD_mock_icd.so .if ${MACHINE_ARCH} != "aarch64" CHROMIUM_LIBS+= libvk_swiftshader.so CHROMIUM_LIBS+= vk_swiftshader_icd.json .endif do-install: ${INSTALL_SCRIPT} ${WRKSRC}/${CHROMIUM}.sh ${DESTDIR}${PREFIX}/bin/${CHROMIUM} ${INSTALL_DATA} ${FILESDIR}/chromium-browser.desktop ${DESTDIR}${PREFIX}/share/applications ${INSTALL_DATA} ${FILESDIR}/README ${DESTDIR}${PREFIX}/share/doc/${CHROMIUM} ${INSTALL_PROGRAM} ${BUILDDIR}/chrome ${DESTDIR}${PREFIX}/lib/${CHROMIUM} ${INSTALL_PROGRAM} ${BUILDDIR}/chromedriver.unstripped ${DESTDIR}${PREFIX}/bin/chromedriver .for i in ${CHROMIUM_LIBS} ${INSTALL_LIB} ${BUILDDIR}/${i} ${DESTDIR}${PREFIX}/lib/${CHROMIUM} .endfor ${INSTALL_LIB} ${BUILDDIR}/libvulkan.so.1 ${DESTDIR}${PREFIX}/lib/${CHROMIUM}/libvulkan.so ${INSTALL_DATA} ${WRKSRC}/chrome/app/resources/manpage.1.in \ ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/${CHROMIUM}.1 ${INSTALL_DATA} ${BUILDDIR}/*.pak ${DESTDIR}${PREFIX}/lib/${CHROMIUM} .for i in ${ICON_SIZES} ${INSTALL_DATA} ${WRKSRC}/chrome/app/theme/chromium/product_logo_${i}.png \ ${DESTDIR}${PREFIX}/${ICONS_DIR${i}}/${CHROMIUM}.png .endfor .for i in locales resources cd ${WRKSRC}/out/${BUILDTYPE} && \ ${FIND} ${i} -type f -print | pax -rw -pmp ${DESTDIR}${PREFIX}/lib/${CHROMIUM} .endfor .for f in snapshot_blob.bin v8_context_snapshot.bin ${INSTALL_DATA} ${BUILDDIR}/${f} ${DESTDIR}${PREFIX}/lib/${CHROMIUM} .endfor .include "../../archivers/bzip2/buildlink3.mk" .include "../../audio/libopus/buildlink3.mk" .include "../../audio/speech-dispatcher/buildlink3.mk" .include "../../audio/speex/buildlink3.mk" .include "../../devel/dconf/buildlink3.mk" .include "../../devel/libepoll-shim/buildlink3.mk" .include "../../devel/libudev-bsd/buildlink3.mk" .include "../../devel/libusb1/buildlink3.mk" .include "../../devel/nspr/buildlink3.mk" .include "../../devel/nss/buildlink3.mk" .include "../../fonts/fontconfig/buildlink3.mk" .include "../../fonts/harfbuzz/buildlink3.mk" .include "../../graphics/cairo/buildlink3.mk" .include "../../graphics/freetype2/buildlink3.mk" .include "../../graphics/hicolor-icon-theme/buildlink3.mk" .include "../../graphics/libexif/buildlink3.mk" .include "../../graphics/libwebp/buildlink3.mk" .include "../../graphics/png/buildlink3.mk" .include "../../lang/rust/cargo.mk" BUILDLINK_DEPMETHOD.clang= build .include "../../lang/clang/buildlink3.mk" .include "../../lang/compiler-rt/buildlink3.mk" BUILDLINK_DEPMETHOD.nodejs= build .include "../../lang/nodejs/nodeversion.mk" .include "../../lang/python/tool.mk" .include "../../lang/rust/rust.mk" .include "../../misc/usbids/buildlink3.mk" .include "../../mk/jpeg.buildlink3.mk" # libjpeg-turbo .include "../../multimedia/dav1d/buildlink3.mk" .include "../../multimedia/libaom/buildlink3.mk" .include "../../multimedia/libvpx/buildlink3.mk" .include "../../multimedia/openh264/buildlink3.mk" .include "../../print/libcups/buildlink3.mk" .include "../../security/libgnome-keyring/buildlink3.mk" .include "../../security/libsecret/buildlink3.mk" .include "../../security/libgcrypt/buildlink3.mk" .include "../../sysutils/dbus/buildlink3.mk" .include "../../sysutils/dbus-glib/buildlink3.mk" .include "../../sysutils/desktop-file-utils/desktopdb.mk" .include "../../sysutils/pciutils/buildlink3.mk" # Use -lpciutils instead of -lpci for pkgsrc. BUILDLINK_TRANSFORM+= l:pci:pciutils .include "../../textproc/expat/buildlink3.mk" # As of 143.0.7499.169, icu-78.1 is incompatible. #.include "../../textproc/icu/buildlink3.mk" .include "../../textproc/jsoncpp/buildlink3.mk" .include "../../textproc/libxml2/buildlink3.mk" .include "../../textproc/libxslt/buildlink3.mk" .include "../../x11/gtk3/buildlink3.mk" .include "../../x11/xorgproto/buildlink3.mk" .include "../../x11/libdrm/buildlink3.mk" .include "../../x11/libX11/buildlink3.mk" .include "../../x11/libxcb/buildlink3.mk" .include "../../x11/libXcomposite/buildlink3.mk" .include "../../x11/libXcursor/buildlink3.mk" .include "../../x11/libXdamage/buildlink3.mk" .include "../../x11/libXext/buildlink3.mk" .include "../../x11/libXfixes/buildlink3.mk" .include "../../x11/libXi/buildlink3.mk" .include "../../x11/libXrandr/buildlink3.mk" .include "../../x11/libXrender/buildlink3.mk" .include "../../x11/libXScrnSaver/buildlink3.mk" .include "../../x11/libXtst/buildlink3.mk" .include "../../x11/qt6-qtbase/buildlink3.mk" .include "../../mk/bsd.pkg.mk" @ 1.56 log @ chromium: update to 148.0.7778.167 * 14.0.7778.167 No changelog yet. https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html - Fix used nodejs version: 24 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.52 2026/04/10 17:31:46 kikadf Exp $ d5 1 @ 1.55 log @ www/chromium: update to 148.0.7778.96 * 148.0.7778.96 This update includes 127 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. [$43000][493747582] Critical CVE-2026-7896: Integer overflow in Blink. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18 [N/A][504069514] Critical CVE-2026-7897: Use after free in Mobile. Reported by Google on 2026-04-18 [N/A][504587882] Critical CVE-2026-7898: Use after free in Chromoting. Reported by Google on 2026-04-20 [$55000][505481948] High CVE-2026-7899: Out of bounds read and write in V8. Reported by Project WhatForLunch (@@pjwhatforlunch) on 2026-04-23 [$16000][496503799] High CVE-2026-7900: Heap buffer overflow in ANGLE. Reported by Anonymous on 2026-03-26 [$16000][497724490] High CVE-2026-7901: Use after free in ANGLE. Reported by Syn4pse (@@ret2happy) on 2026-03-30 [$8000][502030575] High CVE-2026-7902: Out of bounds memory access in V8. Reported by JunYoung Park(@@candymate) of KAIST Hacking Lab on 2026-04-13 [TBD][491760376] High CVE-2026-7903: Integer overflow in ANGLE. Reported by heesun on 2026-03-11 [TBD][492350406] High CVE-2026-7904: Out of bounds read in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13 [N/A][495259842] High CVE-2026-7905: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-23 [N/A][496284584] High CVE-2026-7906: Use after free in SVG. Reported by Google on 2026-03-25 [N/A][496292089] High CVE-2026-7907: Use after free in DOM. Reported by Google on 2026-03-25 [N/A][497436531] High CVE-2026-7908: Use after free in Fullscreen. Reported by Google on 2026-03-29 [N/A][497437113] High CVE-2026-7909: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-29 [N/A][497543810] High CVE-2026-7910: Use after free in Views. Reported by Google on 2026-03-29 [N/A][497548912] High CVE-2026-7911: Use after free in Aura. Reported by Google on 2026-03-29 [N/A][497639714] High CVE-2026-7912: Integer overflow in GPU. Reported by Google on 2026-03-30 [N/A][497936728] High CVE-2026-7913: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-30 [N/A][498401609] High CVE-2026-7914: Type Confusion in Accessibility. Reported by Google on 2026-04-01 [N/A][498454478] High CVE-2026-7915: Insufficient data validation in DevTools. Reported by Google on 2026-04-01 [N/A][498720754] High CVE-2026-7916: Insufficient data validation in InterestGroups. Reported by Google on 2026-04-01 [N/A][498752242] High CVE-2026-7917: Use after free in Fullscreen. Reported by Google on 2026-04-02 [N/A][498780188] High CVE-2026-7918: Use after free in GPU. Reported by Google on 2026-04-02 [N/A][498832921] High CVE-2026-7919: Use after free in Aura. Reported by Google on 2026-04-02 [N/A][498989348] High CVE-2026-7920: Use after free in Skia. Reported by Google on 2026-04-02 [N/A][499062376] High CVE-2026-7921: Use after free in Passwords. Reported by Google on 2026-04-02 [N/A][499449324] High CVE-2026-7922: Use after free in ServiceWorker. Reported by Google on 2026-04-04 [N/A][500080194] High CVE-2026-7923: Out of bounds write in Skia. Reported by Google on 2026-04-06 [N/A][500087204] High CVE-2026-7924: Uninitialized Use in Dawn. Reported by Google on 2026-04-06 [N/A][501833981] High CVE-2026-7925: Use after free in Chromoting. Reported by Google on 2026-04-12 [TBD][502249087] High CVE-2026-7926: Use after free in PresentationAPI. Reported by anonymous on 2026-04-14 [N/A][502830119] High CVE-2026-7927: Type Confusion in Runtime. Reported by Google on 2026-04-15 [N/A][504612429] High CVE-2026-7928: Use after free in WebRTC. Reported by Google on 2026-04-20 [N/A][504660052] High CVE-2026-7929: Use after free in MediaRecording. Reported by Google on 2026-04-20 [TBD][434825208] Medium CVE-2026-7930: Insufficient validation of untrusted input in Cookies. Reported by Satoki on 2025-07-29 [TBD][474338157] Medium CVE-2026-7931: Insufficient validation of untrusted input in iOS. Reported by Qadhafy Muhammad Tera on 2026-01-08 [TBD][481634116] Medium CVE-2026-7932: Insufficient policy enforcement in Downloads. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-04 [TBD][488585490] Medium CVE-2026-7933: Out of bounds read in WebCodecs. Reported by heapracer (@@heapracer) on 2026-03-01 [N/A][489023922] Medium CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker. Reported by Google on 2026-03-02 [TBD][489624550] Medium CVE-2026-7935: Inappropriate implementation in Speech. Reported by Qadhafy Muhammad Tera on 2026-03-04 [TBD][490485402] Medium CVE-2026-7936: Object lifecycle issue in V8. Reported by Christian Holler on 2026-03-07 [TBD][491766258] Medium CVE-2026-7937: Insufficient policy enforcement in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-03-11 [TBD][492735384] Medium CVE-2026-7938: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-15 [TBD][492963096] Medium CVE-2026-7939: Inappropriate implementation in SanitizerAPI. Reported by s3zer0 on 2026-03-15 [TBD][493631402] Medium CVE-2026-7940: Use after free in V8. Reported by sakana on 2026-03-17 [TBD][493955234] Medium CVE-2026-7941: Insufficient validation of untrusted input in Mobile. Reported by Adithya Kotian on 2026-03-19 [N/A][495363705] Medium CVE-2026-7942: Integer overflow in ANGLE. Reported by Google on 2026-03-23 [TBD][495373657] Medium CVE-2026-7943: Insufficient validation of untrusted input in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-23 [N/A][495783187] Medium CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache. Reported by Google on 2026-03-24 [N/A][495802788] Medium CVE-2026-7945: Insufficient validation of untrusted input in COOP. Reported by Google on 2026-03-24 [N/A][496016840] Medium CVE-2026-7946: Insufficient policy enforcement in WebUI. Reported by Google on 2026-03-25 [N/A][496169594] Medium CVE-2026-7947: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-25 [N/A][496193452] Medium CVE-2026-7948: Race in Chromoting. Reported by Google on 2026-03-25 [N/A][496206134] Medium CVE-2026-7949: Out of bounds read in Skia. Reported by Google on 2026-03-25 [N/A][496259890] Medium CVE-2026-7950: Out of bounds read and write in GFX. Reported by Google on 2026-03-25 [TBD][496266456] Medium CVE-2026-7951: Out of bounds write in WebRTC. Reported by soft.connect.fr on 2026-03-26 [N/A][496279876] Medium CVE-2026-7952: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-25 [N/A][496379792] Medium CVE-2026-7953: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-03-26 [N/A][496380960] Medium CVE-2026-7954: Race in Shared Storage. Reported by Google on 2026-03-26 [N/A][496441232] Medium CVE-2026-7955: Uninitialized Use in GPU. Reported by Google on 2026-03-26 [N/A][496463315] Medium CVE-2026-7956: Use after free in Navigation. Reported by Google on 2026-03-26 [N/A][496607380] Medium CVE-2026-7957: Out of bounds write in Media. Reported by Google on 2026-03-26 [N/A][496632973] Medium CVE-2026-7958: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-26 [N/A][496645205] Medium CVE-2026-7959: Inappropriate implementation in Navigation. Reported by Google on 2026-03-26 [N/A][497007825] Medium CVE-2026-7960: Race in Speech. Reported by Google on 2026-03-27 [N/A][497008295] Medium CVE-2026-7961: Insufficient validation of untrusted input in Permissions. Reported by Google on 2026-03-27 [N/A][497081987] Medium CVE-2026-7962: Insufficient policy enforcement in DirectSockets. Reported by Google on 2026-03-28 [N/A][497250399] Medium CVE-2026-7963: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-28 [N/A][497254383] Medium CVE-2026-7964: Insufficient validation of untrusted input in FileSystem. Reported by Google on 2026-03-28 [N/A][497255035] Medium CVE-2026-7965: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-28 [N/A][497341787] Medium CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-29 [N/A][497365545] Medium CVE-2026-7967: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-03-29 [N/A][497432281] Medium CVE-2026-7968: Insufficient validation of untrusted input in CORS. Reported by Google on 2026-03-29 [N/A][497450574] Medium CVE-2026-7969: Integer overflow in Network. Reported by Google on 2026-03-29 [N/A][497487462] Medium CVE-2026-7970: Use after free in TopChrome. Reported by Google on 2026-03-29 [N/A][497529290] Medium CVE-2026-7971: Inappropriate implementation in ORB. Reported by Google on 2026-03-29 [N/A][497546281] Medium CVE-2026-7972: Uninitialized Use in GPU. Reported by Google on 2026-03-29 [N/A][497565944] Medium CVE-2026-7973: Integer overflow in Dawn. Reported by Google on 2026-03-29 [N/A][497649372] Medium CVE-2026-7974: Use after free in Blink. Reported by Google on 2026-03-30 [N/A][497735587] Medium CVE-2026-7975: Use after free in DevTools. Reported by Google on 2026-03-30 [N/A][497736679] Medium CVE-2026-7976: Use after free in Views. Reported by Google on 2026-03-30 [N/A][497821223] Medium CVE-2026-7977: Inappropriate implementation in Canvas. Reported by Google on 2026-03-30 [N/A][497828892] Medium CVE-2026-7978: Inappropriate implementation in Companion. Reported by Google on 2026-03-30 [N/A][497849876] Medium CVE-2026-7979: Inappropriate implementation in Media. Reported by Google on 2026-03-30 [N/A][497859275] Medium CVE-2026-7980: Use after free in WebAudio. Reported by Google on 2026-03-30 [N/A][497926602] Medium CVE-2026-7981: Out of bounds read in Codecs. Reported by Google on 2026-03-30 [N/A][497952533] Medium CVE-2026-7982: Uninitialized Use in WebCodecs. Reported by Google on 2026-03-30 [N/A][497975608] Medium CVE-2026-7983: Out of bounds read in Dawn. Reported by Google on 2026-03-31 [N/A][498277368] Medium CVE-2026-7984: Use after free in ReadingMode. Reported by Google on 2026-03-31 [N/A][498352423] Medium CVE-2026-7985: Use after free in GPU. Reported by Google on 2026-03-31 [N/A][498396238] Medium CVE-2026-7986: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-01 [N/A][498696266] Medium CVE-2026-7987: Use after free in WebRTC. Reported by Google on 2026-04-01 [N/A][498753456] Medium CVE-2026-7988: Type Confusion in WebRTC. Reported by Google on 2026-04-02 [N/A][498765082] Medium CVE-2026-7989: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-02 [N/A][498892267] Medium CVE-2026-7990: Insufficient validation of untrusted input in Updater. Reported by Google on 2026-04-02 [N/A][499065126] Medium CVE-2026-7991: Use after free in UI. Reported by Google on 2026-04-02 [N/A][499067529] Medium CVE-2026-7992: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-02 [N/A][499099003] Medium CVE-2026-7993: Insufficient validation of untrusted input in Payments. Reported by Google on 2026-04-03 [N/A][499116954] Medium CVE-2026-7994: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-03 [N/A][501745798] Medium CVE-2026-7995: Out of bounds read in AdFilter. Reported by Google on 2026-04-11 [TBD][484547631] Low CVE-2026-7996: Insufficient validation of untrusted input in SSL. Reported by heesun on 2026-02-15 [TBD][487960705] Low CVE-2026-7997: Insufficient validation of untrusted input in Updater. Reported by ochkofficial on 2026-02-26 [TBD][491676472] Low CVE-2026-7998: Insufficient validation of untrusted input in Dialog. Reported by Tianyi Hu on 2026-03-11 [TBD][493099941] Low CVE-2026-7999: Inappropriate implementation in V8. Reported by Taisic Yun (@@taisic) of Theori on 2026-03-16 [TBD][494464734] Low CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver. Reported by Ryan Jupp - HAAO on 2026-03-20 [TBD][494764371] Low CVE-2026-8001: Use after free in Printing. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21 [N/A][495779613] Low CVE-2026-8002: Use after free in Audio. Reported by Google on 2026-03-24 [N/A][495985532] Low CVE-2026-8003: Insufficient validation of untrusted input in TabGroups. Reported by Google on 2026-03-25 [N/A][496189510] Low CVE-2026-8004: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-25 [N/A][496298665] Low CVE-2026-8005: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-25 [N/A][496373088] Low CVE-2026-8006: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-26 [N/A][496399759] Low CVE-2026-8007: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-26 [N/A][496426191] Low CVE-2026-8008: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26 [N/A][496555077] Low CVE-2026-8009: Inappropriate implementation in Cast. Reported by Google on 2026-03-26 [N/A][496624084] Low CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-26 [N/A][496626029] Low CVE-2026-8011: Insufficient policy enforcement in Search. Reported by Google on 2026-03-26 [N/A][496628298] Low CVE-2026-8012: Inappropriate implementation in MHTML. Reported by Google on 2026-03-26 [N/A][497427430] Low CVE-2026-8013: Insufficient validation of untrusted input in FedCM. Reported by Google on 2026-03-29 [N/A][497490364] Low CVE-2026-8014: Inappropriate implementation in Preload. Reported by Google on 2026-03-29 [N/A][497548558] Low CVE-2026-8015: Inappropriate implementation in Media. Reported by Google on 2026-03-29 [N/A][497695401] Low CVE-2026-8016: Use after free in WebRTC. Reported by Google on 2026-03-30 [N/A][497722578] Low CVE-2026-8017: Side-channel information leakage in Media. Reported by Google on 2026-03-30 [N/A][498292657] Low CVE-2026-8018: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-31 [N/A][498353173] Low CVE-2026-8019: Insufficient policy enforcement in WebApp. Reported by Google on 2026-03-31 [N/A][498382925] Low CVE-2026-8020: Uninitialized Use in GPU. Reported by Google on 2026-04-01 [N/A][498417031] Low CVE-2026-8021: Script injection in UI. Reported by Google on 2026-04-01 [N/A][499194407] Low CVE-2026-8022: Inappropriate implementation in MHTML. Reported by Google on 2026-04-03 @ text @d4 1 a4 1 VERSION= 148.0.7778.96 d30 3 @ 1.54 log @www/chromium: update to 147.0.7727.137 * 147.0.7727.116 This update includes 19 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][493652473] High CVE-2026-6919: Use after free in DevTools. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18 [TBD][499891888] High CVE-2026-6920: Out of bounds read in GPU. Reported by tatiwari of Microsoft on 2026-04-06 [TBD][493315759] Medium CVE-2026-6921: Race in GPU. Reported by soiax on 2026-03-17 * 147.0.7727.137 This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][494352590] Critical CVE-2026-7363: Use after free in Canvas. Reported by heapracer on 2026-03-19 [N/A][493221953] Critical CVE-2026-7361: Use after free in iOS. Reported by Google on 2026-03-16 [N/A][503419515] Critical CVE-2026-7344: Use after free in Accessibility. Reported by Google on 2026-04-16 [N/A][503645680] Critical CVE-2026-7343: Use after free in Views. Reported by Google on 2026-04-17 [$16000][493955227] High CVE-2026-7333: Use after free in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19 [N/A][495852034] High CVE-2026-7360: Insufficient validation of untrusted input in Compositing. Reported by Google on 2026-03-24 [N/A][496284494] High CVE-2026-7359: Use after free in ANGLE. Reported by Google on 2026-03-25 [N/A][496285281] High CVE-2026-7358: Use after free in Animation. Reported by Google on 2026-03-25 [TBD][496456528] High CVE-2026-7334: Use after free in Views. Reported by Batuhan Eşref KOÇ on 2026-03-26 [N/A][497047552] High CVE-2026-7357: Use after free in GPU. Reported by Google on 2026-03-27 [N/A][497769116] High CVE-2026-7356: Use after free in Navigation. Reported by Google on 2026-03-30 [N/A][498746519] High CVE-2026-7354: Out of bounds read and write in Angle. Reported by Google on 2026-04-01 [N/A][498809718] High CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google on 2026-04-01 [N/A][499023054] High CVE-2026-7352: Use after free in Media. Reported by Google on 2026-04-02 [N/A][499119490] High CVE-2026-7351: Race in MHTML. Reported by Google on 2026-04-02 [N/A][500018484] High CVE-2026-7350: Use after free in WebMIDI. Reported by Google on 2026-04-06 [N/A][500034684] High CVE-2026-7349: Use after free in Cast. Reported by Google on 2026-04-06 [N/A][500104917] High CVE-2026-7348: Use after free in Codecs. Reported by Google on 2026-04-06 [TBD][500387779] High CVE-2026-7335: Use after free in media. Reported by Jungwoo Lee (@@physicube) and Wongi Lee (@@_qwerty_po) on 2026-04-07 [TBD][500767595] High CVE-2026-7336: Use after free in WebRTC. Reported by Mozilla on 2026-04-09 [TBD][500880819] High CVE-2026-7337: Type Confusion in V8. Reported by q@@calif.io on 2026-04-09 [N/A][501722605] High CVE-2026-7347: Use after free in Chromoting. Reported by Google on 2026-04-11 [N/A][502206907] High CVE-2026-7346: Inappropriate implementation in Tint. Reported by Google on 2026-04-13 [N/A][502248774] High CVE-2026-7345: Insufficient validation of untrusted input in Feedback. Reported by Google on 2026-04-13 [TBD][502449857] High CVE-2026-7338: Use after free in Cast. Reported by Krace on 2026-04-14 [N/A][503889643] High CVE-2026-7342: Use after free in WebView. Reported by Google on 2026-04-17 [N/A][504586599] High CVE-2026-7341: Use after free in WebRTC. Reported by Google on 2026-04-20 [$4000][493957495] Medium CVE-2026-7339: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19 [$3000][497896137] Medium CVE-2026-7340: Integer overflow in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-30 [N/A][498285711] Medium CVE-2026-7355: Use after free in Media. Reported by Google on 2026-03-31 @ text @d4 1 a4 1 VERSION= 147.0.7727.137 d9 2 a10 2 PROFILE_DISTFILES= chromium-${VERSION}-profdata${EXTRACT_SUFX_C} SITES.${PROFILE_DISTFILES}= https://nerd.hu/distfiles/ d12 1 a12 1 DISTFILES+= ${PROFILE_DISTFILES} d15 1 a15 1 NB_VERSION= v145.1 d165 2 a166 2 # llvm-21 compatible #GN_ARGS+= chrome_pgo_phase=0 d283 12 a294 3 cd ${WRKSRC}/chrome/build/pgo_profiles && \ _p=$$(echo *.profdata) && \ llvm-profdata merge $${_p}.txt --output=$${_p} d296 1 a296 1 # Create symlink to NetBSD nodejs command. @ 1.53 log @ www/chromium: update to 147.0.7727.101 * 147.0.7727.101 This update includes 31 security fixes. Please see the Chrome Security Page for more information. [$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05 [$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy. Reported by heapracer on 2026-03-17 [TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24 [N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender. Reported by Google on 2026-03-28 [TBD][497724498] Critical CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-30 [TBD][490251701] High CVE-2026-6359: Use after free in Video. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06 [TBD][491994185] High CVE-2026-6300: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12 [TBD][495273999] High CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c on 2026-03-23 [TBD][495477995] High CVE-2026-6302: Use after free in Video. Reported by Syn4pse on 2026-03-24 [N/A][496282147] High CVE-2026-6303: Use after free in Codecs. Reported by Google on 2026-03-25 [N/A][496393742] High CVE-2026-6304: Use after free in Graphite. Reported by Google on 2026-03-26 [TBD][496618639] High CVE-2026-6305: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-26 [TBD][496907110] High CVE-2026-6306: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27 [TBD][497404188] High CVE-2026-6307: Type Confusion in Turbofan. Reported by Project WhatForLunch (@@pjwhatforlunch) on 2026-03-29 [N/A][497412658] High CVE-2026-6308: Out of bounds read in Media. Reported by Google on 2026-03-29 [N/A][497846428] High CVE-2026-6309: Use after free in Viz. Reported by Google on 2026-03-30 [TBD][497880137] High CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam on 2026-03-31 [N/A][497969820] High CVE-2026-6310: Use after free in Dawn. Reported by Google on 2026-03-31 [N/A][498201025] High CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google on 2026-03-31 [N/A][498269651] High CVE-2026-6312: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-31 [N/A][498765210] High CVE-2026-6313: Insufficient policy enforcement in CORS. Reported by Google on 2026-04-02 [N/A][498782145] High CVE-2026-6314: Out of bounds write in GPU. Reported by Google on 2026-04-02 [N/A][499247910] High CVE-2026-6315: Use after free in Permissions. Reported by Google on 2026-04-03 [N/A][499384399] High CVE-2026-6316: Use after free in Forms. Reported by Google on 2026-04-03 [N/A][500036290] High CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google on 2026-04-06 [TBD][500066234] High CVE-2026-6362: Use after free in Codecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07 [N/A][500091052] High CVE-2026-6317: Use after free in Cast. Reported by Google on 2026-04-06 [N/A][495751197] Medium CVE-2026-6363: Type Confusion in V8. Reported by Google on 2026-03-24 [TBD][495996858] Medium CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse on 2026-03-25 [TBD][499018889] Medium CVE-2026-6319: Use after free in Payments. Reported by pwn2addr on 2026-04-02 [N/A][502103414] Medium CVE-2026-6364: Out of bounds read in Skia. Reported by Google Threat Intelligence on 2026-04-13 * pkgsrc: - remove llvm19 patches - enable chrome_pgo_phase @ text @d4 1 a4 1 VERSION= 147.0.7727.101 @ 1.52 log @ www/chromium: update to 147.0.7727.55 * 147.0.7727.55 This update includes multiple security fixes. Please see the Chrome Security Page for more information. [$43000][493319454] Critical CVE-2026-5858: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17 [$43000][494158331] Critical CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous on 2026-03-19 [$11000][486495143] High CVE-2026-5860: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [$3000][486927780] High CVE-2026-5861: Use after free in V8. Reported by 5shain on 2026-02-23 [TBD][470566252] High CVE-2026-5862: Inappropriate implementation in V8. Reported by Google on 2025-12-21 [TBD][484527367] High CVE-2026-5863: Inappropriate implementation in V8. Reported by Google on 2026-02-14 [TBD][490642831] High CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse on 2026-03-08 [TBD][491884710] High CVE-2026-5865: Type Confusion in V8. Reported by Project WhatForLunch (@@pjwhatforlunch) on 2026-03-12 [TBD][492218537] High CVE-2026-5866: Use after free in Media. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13 [TBD][492668885] High CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse on 2026-03-14 [TBD][493256564] High CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-16 [TBD][493708165] High CVE-2026-5869: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18 [TBD][495534710] High CVE-2026-5870: Integer overflow in Skia. Reported by Google on 2026-03-23 [TBD][495679730] High CVE-2026-5871: Type Confusion in V8. Reported by Google on 2026-03-24 [TBD][496281816] High CVE-2026-5872: Use after free in Blink. Reported by Google on 2026-03-25 [TBD][496301615] High CVE-2026-5873: Out of bounds read and write in V8. Reported by Google on 2026-03-25 [$11000][485397279] Medium CVE-2026-5874: Use after free in PrivateAI. Reported by Krace on 2026-02-18 [$4000][430198264] Medium CVE-2026-5875: Policy bypass in Blink. Reported by Lyra Rebane (rebane2001) on 2025-07-08 [$2000][41485206] Medium CVE-2026-5876: Side-channel information leakage in Navigation. Reported by Lyra Rebane (rebane2001) on 2023-12-18 [TBD][333024273] Medium CVE-2026-5877: Use after free in Navigation. Reported by Cassidy Kim(@@cassidy6564) on 2024-04-05 [TBD][365089001] Medium CVE-2026-5878: Incorrect security UI in Blink. Reported by Shaheen Fazim on 2024-09-06 [TBD][40073848] Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE. Reported by parkminchan, working for SSD Labs Korea on 2023-10-01 [TBD][424995036] Medium CVE-2026-5880: Incorrect security UI in browser UI. Reported by Anonymous on 2025-06-14 [TBD][454162508] Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine on 2025-10-22 [TBD][480993682] Medium CVE-2026-5882: Incorrect security UI in Fullscreen. Reported by Anonymous on 2026-02-02 [TBD][482958590] Medium CVE-2026-5883: Use after free in Media. Reported by sherkito on 2026-02-09 [TBD][484547633] Medium CVE-2026-5884: Insufficient validation of untrusted input in Media. Reported by xmzyshypnc on 2026-02-15 [TBD][485203823] Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML. Reported by Bryan Bernhart on 2026-02-17 [TBD][485397283] Medium CVE-2026-5886: Out of bounds read in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 [TBD][486079015] Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads. Reported by daffainfo on 2026-02-20 [TBD][486506202] Medium CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by the Octane Security Team: Giovanni Vignone, Paolo Gentry, Robert van Eijk on 2026-02-22 [TBD][486906037] Medium CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon on 2026-02-23 [TBD][487259772] Medium CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg on 2026-02-24 [TBD][487471101] Medium CVE-2026-5891: Insufficient policy enforcement in browser UI. Reported by Tianyi Hu on 2026-02-25 [TBD][487568011] Medium CVE-2026-5892: Insufficient policy enforcement in PWAs. Reported by Tianyi Hu on 2026-02-25 [TBD][487768771] Medium CVE-2026-5893: Race in V8. Reported by QYmag1c on 2026-02-26 [$1000][481882038] Low CVE-2026-5894: Inappropriate implementation in PDF. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-05 [TBD][374285495] Low CVE-2026-5895: Incorrect security UI in Omnibox. Reported by Renwa Hiwa @@RenwaX23 on 2024-10-18 [TBD][40064543] Low CVE-2026-5896: Policy bypass in Audio. Reported by Luan Herrera (@@lbherrera_) on 2023-05-13 [TBD][419921726] Low CVE-2026-5897: Incorrect security UI in Downloads. Reported by Farras Givari on 2025-05-24 [TBD][470295118] Low CVE-2026-5898: Incorrect security UI in Omnibox. Reported by saidinahikam032 on 2025-12-19 [TBD][474817168] Low CVE-2026-5899: Incorrect security UI in History Navigation. Reported by Islam Rzayev on 2026-01-11 [TBD][475265304] Low CVE-2026-5900: Policy bypass in Downloads. Reported by Luan Herrera (@@lbherrera_) on 2026-01-13 [TBD][479673903] Low CVE-2026-5901: Policy bypass in DevTools. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-29 [TBD][483109205] Low CVE-2026-5902: Race in Media. Reported by Luke Francis on 2026-02-10 [TBD][483771899] Low CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @@Ciarands on 2026-02-11 [TBD][483851888] Low CVE-2026-5904: Use after free in V8. Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-02-12 [TBD][483899628] Low CVE-2026-5905: Incorrect security UI in Permissions. Reported by daffainfo on 2026-02-12 [TBD][484082189] Low CVE-2026-5906: Incorrect security UI in Omnibox. Reported by mohamedhesham9173 on 2026-02-13 [TBD][484665123] Low CVE-2026-5907: Insufficient data validation in Media. Reported by Luke Francis on 2026-02-15 [TBD][485115554] Low CVE-2026-5908: Integer overflow in Media. Reported by Ameen Basha M K & Mohammed Yasar B on 2026-02-17 [TBD][485203821] Low CVE-2026-5909: Integer overflow in Media. Reported by Mohammed Yasar B & Ameen Basha M K on 2026-02-17 [TBD][485212874] Low CVE-2026-5910: Integer overflow in Media. Reported by Ameen Basha M K & Mohammed Yasar B on 2026-02-17 [TBD][485785246] Low CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-02-19 [TBD][486498791] Low CVE-2026-5912: Integer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][487195286] Low CVE-2026-5913: Out of bounds read in Blink. Reported by Vitaly Simonovich on 2026-02-24 [TBD][490023239] Low CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse on 2026-03-05 [TBD][494341335] Low CVE-2026-5915: Insufficient validation of untrusted input in WebML. Reported by ningxin.hu@@intel.com on 2026-03-20 [TBD][490139441] Low CVE-2026-5918: Inappropriate implementation in Navigation. Reported by Google on 2026-03-05 [TBD][483423893] Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets. Reported by Richard Belisle on 2026-02-10 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2026/01/19 16:14:05 kikadf Exp $ d4 1 a4 1 VERSION= 147.0.7727.55 d9 2 d12 1 d28 1 a28 1 LLVM_MV= 20 a38 1 d165 2 a166 2 # while not llvm-21 GN_ARGS+= chrome_pgo_phase=0 d272 1 d282 5 @ 1.51 log @www/chromium: update to 146.0.7680.177 * 146.0.7680.177 This update includes 21 security fixes. Please see the Chrome Security Page for more information. [TBD][493952652] High CVE-2026-5273: Use after free in CSS. Reported by Anonymous on 2026-03-18 [TBD][491732188] High CVE-2026-5272: Heap buffer overflow in GPU. Reported by inspector-ambitious on 2026-03-11 [TBD][488596746] High CVE-2026-5274: Integer overflow in Codecs. Reported by heapracer (@@heapracer) on 2026-03-01 [TBD][489494022] High CVE-2026-5275: Heap buffer overflow in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04 [TBD][489711638] High CVE-2026-5276: Insufficient policy enforcement in WebUSB. Reported by Ariel Simon on 2026-03-04 [TBD][489791424] High CVE-2026-5277: Integer overflow in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-05 [TBD][490254128] High CVE-2026-5278: Use after free in Web MIDI. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-06 [TBD][490642836] High CVE-2026-5279: Object corruption in V8. Reported by Hyeonjun Ahn (@@_deayzl) on 2026-03-08 [TBD][491515787] High CVE-2026-5280: Use after free in WebCodecs. Reported by heapracer (@@heapracer) on 2026-03-11 [TBD][491518608] High CVE-2026-5281: Use after free in Dawn. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-10 [TBD][491655161] High CVE-2026-5282: Out of bounds read in WebCodecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-11 [TBD][492131521] High CVE-2026-5283: Inappropriate implementation in ANGLE. Reported by sweetchip on 2026-03-12 [TBD][492139412] High CVE-2026-5284: Use after free in Dawn. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-12 [TBD][492228019] High CVE-2026-5285: Use after free in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13 [TBD][493900619] High CVE-2026-5286: Use after free in Dawn. Reported by sweetchip on 2026-03-18 [TBD][494644471] High CVE-2026-5287: Use after free in PDF. Reported by Syn4pse on 2026-03-21 [NA][495507390] High CVE-2026-5288: Use after free in WebView. Reported by Google on 2026-03-23 [NA][495931147] High CVE-2026-5289: Use after free in Navigation. Reported by Google on 2026-03-25 [NA][496205576] High CVE-2026-5290: Use after free in Compositing. Reported by Google on 2026-03-25 [TBD][490118036] Medium CVE-2026-5291: Inappropriate implementation in WebGL. Reported by heapracer (@@heapracer) on 2026-03-06 [NA][492213293] Medium CVE-2026-5292: Out of bounds read in WebCodecs. Reported by Google on 2026-03-12 Google is aware that an exploit for CVE-2026-5281 exists in the wild. @ text @d4 1 a4 1 VERSION= 146.0.7680.177 @ 1.50 log @add CHECK_PORTABILITY_SKIPs to appease pkgtools/check-portability @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.49 2026/03/25 08:07:12 kikadf Exp $ d4 1 a4 1 VERSION= 146.0.7680.164 d25 1 a25 1 LLVM_MV= 19 d36 1 @ 1.49 log @www/chromium: update to 146.0.7680.164 * 146.0.7680.164 This update includes 8 security fixes. Please see the Chrome Security Page for more information. [$7000][485397284] High CVE-2026-4673: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 [TBD][488188166] High CVE-2026-4674: Out of bounds read in CSS. Reported by Syn4pse on 2026-02-27 [TBD][488270257] High CVE-2026-4675: Heap buffer overflow in WebGL. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-02-27 [TBD][488613135] High CVE-2026-4676: Use after free in Dawn. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-01 [TBD][490533968] High CVE-2026-4677: Out of bounds read in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-07 [TBD][491164019] High CVE-2026-4678: Use after free in WebGPU. Reported by Google on 2026-03-10 [TBD][491516670] High CVE-2026-4679: Integer overflow in Fonts. Reported by GF, Un3xploitable Of DeadSec on 2026-03-11 [TBD][491869946] High CVE-2026-4680: Use after free in FedCM. Reported by Shaheen Fazim on 2026-03-12 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2026/01/19 16:14:05 kikadf Exp $ d36 8 d46 1 d48 1 d51 1 d53 1 d57 1 d60 3 @ 1.48 log @www/chromium: update to 146.0.7680.153 * 146.0.7680.153 This update includes 26 security fixes. Please see the Chrome Security Page for more information. [TBD][475877320] Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 [TBD][485935305] Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20 [TBD][489381399] Critical CVE-2026-4441: Use after free in Base. Reported by Google on 2026-03-03 [TBD][484751092] High CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse on 2026-02-16 [TBD][485292589] High CVE-2026-4443: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 [TBD][486349161] High CVE-2026-4444: Stack buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-21 [TBD][486421953] High CVE-2026-4445: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][486421954] High CVE-2026-4446: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][486657483] High CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge on 2026-02-23 [TBD][486972661] High CVE-2026-4448: Heap buffer overflow in ANGLE. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-02-23 [TBD][487117772] High CVE-2026-4449: Use after free in Blink. Reported by Syn4pse on 2026-02-24 [TBD][487746373] High CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c on 2026-02-26 [TBD][487768779] High CVE-2026-4451: Insufficient validation of untrusted input in Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-26 [TBD][487977696] High CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-26 [TBD][488400770] High CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip on 2026-02-27 [TBD][488585488] High CVE-2026-4454: Use after free in Network. Reported by heapracer (@@heapracer) on 2026-03-01 [TBD][488585504] High CVE-2026-4455: Heap buffer overflow in PDFium. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-01 [TBD][488617440] High CVE-2026-4456: Use after free in Digital Credentials API. Reported by sean wong on 2026-02-28 [TBD][488803413] High CVE-2026-4457: Type Confusion in V8. Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-03-01 [TBD][489619753] High CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim on 2026-03-04 [TBD][490246422] High CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-06 [TBD][490254124] High CVE-2026-4460: Out of bounds read in Skia. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-06 [TBD][490558172] High CVE-2026-4461: Inappropriate implementation in V8. Reported by Google on 2026-03-07 [TBD][491080830] High CVE-2026-4462: Out of bounds read in Blink. Reported by heapracer (@@heapracer) on 2026-03-09 [TBD][491358681] High CVE-2026-4463: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-10 [TBD][487208468] Medium CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun on 2026-02-24 @ text @d4 1 a4 1 VERSION= 146.0.7680.153 @ 1.47 log @www/chromium: update to 146.0.7680.80 * 146.0.7680.80 This update includes 1 security fixes. Please see the Chrome Security Page for more information. [N/A][491421267] High CVE-2026-3909: Out of bounds write in Skia. Reported by Google Threat Analysis Group on 2026-03-10 Google is aware that an exploit for CVE-2026-3909 exists in the wild. @ text @d4 1 a4 1 VERSION= 146.0.7680.80 @ 1.46 log @ www/chromium: update to 146.0.7680.75 * 146.0.7680.75 This update includes 2 security fixes. Please see the Chrome Security Page for more information. [N/A][491421267] High CVE-2026-3909: Out of bounds write in Skia. Reported by Google on 2026-03-10 [N/A][491410818] High CVE-2026-3910: Inappropriate implementation in V8. Reported by Google on 2026-03-10 Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild. * 146.0.7680.71 This update includes 29 security fixes. Please see the Chrome Security Page for more information. [$33000][483445078] Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 [$43000][481776048] High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 [$43000][483971526] High CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-12 [$36000][482828615] High CVE-2026-3916: Out of bounds read in Web Speech. Reported by Grischa Hauser on 2026-02-09 [$11000][483569512] High CVE-2026-3917: Use after free in Agents. Reported by Syn4pse on 2026-02-11 [$10000][483853103] High CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse on 2026-02-12 [$2000][444176961] High CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang (@@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2025-09-10 [TBD][482875307] High CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google on 2026-02-09 [TBD][484946544] High CVE-2026-3921: Use after free in TextEncoding. Reported by Pranamya Keshkamat & Cantina.xyz on 2026-02-17 [TBD][485397139] High CVE-2026-3922: Use after free in MediaStream. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 [TBD][485935314] High CVE-2026-3923: Use after free in WebMIDI. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20 [TBD][487338366] High CVE-2026-3924: Use after free in WindowDialog. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25 [$10000][418214610] Medium CVE-2026-3925: Incorrect security UI in LookalikeChecks. Reported by NDevTK and Alesandro Ortiz on 2025-05-17 [$7000][478659010] Medium CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c on 2026-01-26 [$3000][474948986] Medium CVE-2026-3927: Incorrect security UI in PictureInPicture. Reported by Barath Stalin K on 2026-01-11 [$2000][435980394] Medium CVE-2026-3928: Insufficient policy enforcement in Extensions. Reported by portsniffer443 on 2025-08-03 [$2000][477180001] Medium CVE-2026-3929: Side-channel information leakage in ResourceTiming. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-20 [$1000][476898368] Medium CVE-2026-3930: Unsafe navigation in Navigation. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-19 [TBD][417599694] Medium CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang (@@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2025-05-14 [TBD][478296121] Medium CVE-2026-3932: Insufficient policy enforcement in PDF. Reported by Ayato Shitomi on 2026-01-23 [TBD][478783560] Medium CVE-2026-3934: Insufficient policy enforcement in ChromeDriver. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-26 [TBD][479326680] Medium CVE-2026-3935: Incorrect security UI in WebAppInstalls. Reported by Barath Stalin K on 2026-01-28 [TBD][481920229] Medium CVE-2026-3936: Use after free in WebView. Reported by Am4deu$ on 2026-02-05 [$3000][473118648] Low CVE-2026-3937: Incorrect security UI in Downloads. Reported by Abhishek Kumar on 2026-01-03 [$2000][474763968] Low CVE-2026-3938: Insufficient policy enforcement in Clipboard. Reported by vicevirus on 2026-01-10 [$1000][40058077] Low CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK on 2021-11-30 [$1000][470574526] Low CVE-2026-3940: Insufficient policy enforcement in DevTools. Reported by Jorian Woltjer, Mian, bug_blitzer on 2025-12-21 [$1000][474670215] Low CVE-2026-3941: Insufficient policy enforcement in DevTools. Reported by Lyra Rebane (rebane2001) on 2026-01-10 [N/A][475238879] Low CVE-2026-3942: Incorrect security UI in PictureInPicture. Reported by Barath Stalin K on 2026-01-12 @ text @d4 1 a4 1 VERSION= 146.0.7680.75 @ 1.45 log @www/chromium: update to 145.0.7632.159 * 145.0.7632.159 This update includes 10 security fixes. Please see the Chrome Security Page for more information. [$33,000][485622239] Critical CVE-2026-3536: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-18 [$32,000][474266014] Critical CVE-2026-3537: Object lifecycle issue in PowerVR. Reported by Zhihua Yao of KunLun Lab on 2026-01-08 [TBD][484983991] Critical CVE-2026-3538: Integer overflow in Skia. Reported by Symeon Paraschoudis on 2026-02-17 [TBD][483853098] High CVE-2026-3539: Object lifecycle issue in DevTools. Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-02-12 [TBD][484088917] High CVE-2026-3540: Inappropriate implementation in WebAudio. Reported by Davi Antônio Cruz on 2026-02-14 [TBD][484811719] High CVE-2026-3541: Inappropriate implementation in CSS. Reported by Syn4pse on 2026-02-16 [TBD][485152421] High CVE-2026-3542: Inappropriate implementation in WebAssembly. Reported by qymag1c on 2026-02-17 [TBD][485267831] High CVE-2026-3543: Inappropriate implementation in V8. Reported by qymag1c on 2026-02-18 [TBD][485683110] High CVE-2026-3544: Heap buffer overflow in WebCodecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-19 [TBD][487383169] High CVE-2026-3545: Insufficient data validation in Navigation. Reported by Google on 2026-02-24 @ text @d4 1 a4 1 VERSION= 145.0.7632.159 d104 1 a104 1 #SUBST_FILES.path+= ui/gtk/ime_compat_check.cc @ 1.44 log @www/chromium: update to 145.0.7632.116 * 145.0.7632.116 This update includes 3 security fixes. Please see the Chrome Security Page for more information. [TBD][482862710] High CVE-2026-3061: Out of bounds read in Media. Reported by Luke Francis on 2026-02-09 [TBD][483751167] High CVE-2026-3062: Out of bounds read and write in Tint. Reported by cinzinga on 2026-02-11 [TBD][485287859] High CVE-2026-3063: Inappropriate implementation in DevTools. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-02-17 @ text @d4 1 a4 1 VERSION= 145.0.7632.116 d33 1 a33 1 #TOOLS_PLATFORM.flex= # override the platform definition to use pkgsrc's flex. a55 1 TOOL_DEPENDS+= nodejs-[0-9]*:../../lang/nodejs d247 2 d371 2 @ 1.43 log @www/chromium: update to 145.0.7632.109 * 145.0.7632.109 This update includes 3 security fixes. Please see the Chrome Security Page for more information. [TBD][477033835] High CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax on 2026-01-19 [TBD][481074858] High CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park(@@candymate) of KAIST Hacking Lab on 2026-02-03 [N/A][476461867] Medium CVE-2026-2650: Heap buffer overflow in Media. Reported by Google on 2026-01-18 @ text @d4 1 a4 1 VERSION= 145.0.7632.109 d274 2 a275 2 cd ${WRKSRC}/esbuild && \ ${RUN} ${WRKSRC}/third_party/node/${LOWER_OPSYS}/node-${LOWER_OPSYS}/bin/node scripts/esbuild.js \ @ 1.42 log @ www/chromium: update to 145.0.7632.75 * 144.0.7559.132 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [N/A][478942410] High CVE-2026-1861: Heap buffer overflow in libvpx. Reported by Google on 2026-01-26 [TBD][479726070] High CVE-2026-1862: Type Confusion in V8. Reported by Chaoyuan Peng (@@ret2happy) on 2026-01-29 * 145.0.7632.45 This update includes 11 security fixes. Please see the Chrome Security Page for more information. [$8000][467297219] High CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive), Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive) on 2025-12-09 [N/A][478560268] High CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google on 2026-01-26 [N/A][479242793] High CVE-2026-2315: Inappropriate implementation in WebGPU. Reported by Google on 2026-01-27 [$5000][422531206] Medium CVE-2026-2316: Insufficient policy enforcement in Frames. Reported by Luan Herrera (@@lbherrera_) on 2025-06-05 [$2000][464173573] Medium CVE-2026-2317: Inappropriate implementation in Animation. Reported by Brendan Draper on 2025-11-28 [$1000][363930141] Medium CVE-2026-2318: Inappropriate implementation in PictureInPicture. Reported by Shaheen Fazim on 2024-09-02 [$1000][40071155] Medium CVE-2026-2319: Race in DevTools. Reported by Anonymous on 2023-09-01 [TBD][435684924] Medium CVE-2026-2320: Inappropriate implementation in File input. Reported by Alesandro Ortiz on 2025-08-02 [N/A][461877477] Medium CVE-2026-2321: Use after free in Ozone. Reported by Google on 2025-11-18 [$1000][470928605] Low CVE-2026-2322: Inappropriate implementation in File input. Reported by Robbe Van Roey | PinkDraconian on 2025-12-22 [$500][467442136] Low CVE-2026-2323: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-12-10 * 144.0.7559.75 This update includes 1 security fix. Please see the Chrome Security Page for more information. [TBD][483569511] High CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim on 2026-02-11 * Pkgsrc: use external rollup and esbuild to fix build @ text @d4 1 a4 1 VERSION= 145.0.7632.75 @ 1.41 log @*: recursive bump for nettle 4.0 shlib major bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.40 2026/01/29 12:44:16 kikadf Exp $ d4 1 a4 2 VERSION= 144.0.7559.109 PKGREVISION= 1 d12 11 a22 2 NB_VERSION= 144.0 GITHUB_SUBMODULES= kikadf chromium-nb v${NB_VERSION} ./ d33 1 a33 1 TOOLS_PLATFORM.flex= # override the platform definition to use pkgsrc's flex. d51 1 d113 2 a114 2 SUBST_SED.man+= -e 's,@@@@PACKAGE@@@@,chromium,g' SUBST_SED.man+= -e 's,@@@@MENUNAME@@@@,Chromium Web Browser,g' d266 7 d274 7 d292 5 a296 1 do-build: d366 1 @ 1.40 log @www/chromium: update to 144.0.7559.109 * 144.0.7559.109 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$3000][474435504] High CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera (@@lbherrera_) on 2026-01-09 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2026/01/19 16:14:05 kikadf Exp $ d5 1 @ 1.39 log @*: recursive bump for removal of cairo's xcb option @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2026/01/22 19:08:09 kikadf Exp $ d4 1 a4 2 VERSION= 144.0.7559.96 PKGREVISION= 1 d18 1 a18 1 MAINTAINER= kikadf.01@@gmail.com @ 1.38 log @www/chromium: update to 144.0.7559.96 * 144.0.7559.96 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][473851441] High CVE-2026-1220: Race in V8. Reported by @@p1nky4745 on 2026-01-07 * Pkgsrc: enable widevine @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2026/01/19 16:14:05 kikadf Exp $ d5 1 @ 1.37 log @ www/chromium: update to 144.0.7559.59 * 144.0.7559.59 This update includes 10 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$8000][458914193] High CVE-2026-0899: Out of bounds memory access in V8. Reported by @@p1nky4745 on 2025-11-08 [TBD][465730465] High CVE-2026-0900: Inappropriate implementation in V8. Reported by Google on 2025-12-03 [TBD][40057499] High CVE-2026-0901: Inappropriate implementation in Blink. Reported by Irvan Kurniawan (sourc7) on 2021-10-04 [$4000][469143679] Medium CVE-2026-0902: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-12-16 [$3000][444803530] Medium CVE-2026-0903: Insufficient validation of untrusted input in Downloads. Reported by Azur on 2025-09-13 [$1000][452209495] Medium CVE-2026-0904: Incorrect security UI in Digital Credentials. Reported by Hafiizh on 2025-10-15 [TBD][465466773] Medium CVE-2026-0905: Insufficient policy enforcement in Network. Reported by Google on 2025-12-02 [$2000][467448811] Low CVE-2026-0906: Incorrect security UI. Reported by Khalil Zhani on 2025-12-10 [$500][444653104] Low CVE-2026-0907: Incorrect security UI in Split View. Reported by Hafiizh on 2025-09-12 [TBD][452209503] Low CVE-2026-0908: Use after free in ANGLE. Reported by Glitchers BoB 14th. on 2025-10-15 * pkgsrc: fix render glitches / flickering rectangle corruption @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2025/10/27 11:27:36 kikadf Exp $ d4 1 a4 1 VERSION= 144.0.7559.59 d139 1 d145 1 @ 1.36 log @ www/chromium: fix patchset to build with HID support on NetBSD @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2026/01/08 17:46:35 kikadf Exp $ d4 1 a4 2 VERSION= 143.0.7499.192 PKGREVISION= 1 d11 3 a13 6 # audioio source A_VERSION= 140.0 GITHUB_SUBMODULES= kikadf chromium-audioio v${A_VERSION} media/audio/audioio # HID support H_VERSION= 143.0 GITHUB_SUBMODULES+= kikadf chromium-hid-netbsd v${H_VERSION} services/device/hid d137 2 d206 1 a206 1 FFMPEG_PARTS+= config.asm @ 1.35 log @ www/chromium: update to 143.0.7499.192 * 143.0.7499.192 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][463155954] High CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman on 2025-11-23 * HID support on NetBSD @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2025/10/27 11:27:36 kikadf Exp $ d5 1 @ 1.34 log @*: recursive bump for icu 78.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2026/01/06 15:55:51 ryoon Exp $ d4 1 a4 2 VERSION= 143.0.7499.169 PKGREVISION= 2 d14 3 d173 1 a173 1 GN_ARGS+= use_udev=false a240 8 # Prepare dawn_commit_hash.h # ${RUN}( \ # ${ECHO} "#ifndef GPU_WEBGPU_DAWN_COMMIT_HASH_H_" ;\ # ${ECHO} "#define GPU_WEBGPU_DAWN_COMMIT_HASH_H_" ;\ # ${ECHO} "#define DAWN_COMMIT_HASH \""$$(cat ${WRKSRC}/gpu/webgpu/DAWN_VERSION)\""" ;\ # ${ECHO} "#endif // GPU_WEBGPU_DAWN_COMMIT_HASH_H_" \ # ) > ${WRKSRC}/gpu/webgpu/dawn_commit_hash.h # Prepare internal ffmpeg d325 1 @ 1.33 log @www/chromium: Use internal icu-77.1 and bump PKGREVISION * Upcomming textproc/icu-78.1 is not compatible with current www/chromium. Use internal icu-77.1 instead of textproc/icu. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2025/12/23 13:22:09 kikadf Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.32 log @ www/chromium: update to 143.0.7499.169 * 143.0.7499.169 This update doesn't include security fixes. * 143.0.7499.146 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$10000][448294721] High CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous on 2025-09-30 [TBD][466786677] High CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim on 2025-12-08 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2025/10/27 11:27:36 kikadf Exp $ d5 1 d127 2 a128 1 GN_SYSTEM_LIBS+= icu d364 2 a365 1 .include "../../textproc/icu/buildlink3.mk" @ 1.31 log @www/chromium: update to 143.0.7499.109 * 143.0.7499.109 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [N/A][466192044] High CVE-2025-14174: Out of bounds memory access in ANGLE. Reported by Apple Security Engineering and Architecture (SEAR) and Google Threat Analysis Group on 2025-12-05 [$2000][460599518] Medium CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@@Krace) of VRI on 2025-11-14 [$2000][461532432] Medium CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-11-18 Google is aware that an exploit for CVE-2025-14174 exists in the wild.1~ @ text @d4 1 a4 1 VERSION= 143.0.7499.109 @ 1.30 log @ www/chromium: update to 143.0.7499.40 * 143.0.7499.40 This update includes 13 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$11000][456547591] High CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@@streypaws) on 2025-10-31 [$3000][448113221] High CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos on 2025-09-29 [TBD][439058242] High CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles on 2025-08-16 [N/A][458082926] High CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome on 2025-11-05 [TBD][429140219] Medium CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft on 2025-07-02 [N/A][457818670] Medium CVE-2025-13720: Bad cast in Loader. Reported by Chrome on 2025-11-04 [N/A][355120682] Medium CVE-2025-13721: Race in v8. Reported by Chrome on 2024-07-23 [$3000][405727341] Low CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-03-24 [$1000][446181124] Low CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani on 2025-09-20 [TBD][392375329] Low CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-01-27 [TBD][448046109] Low CVE-2025-13638: Use after free in Media Stream. Reported by sherkito on 2025-09-29 [TBD][448408148] Low CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke on 2025-10-01 [TBD][452071826] Low CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous on 2025-10-14 @ text @d4 1 a4 1 VERSION= 143.0.7499.40 @ 1.29 log @ www/chromium: fix pkglint warnings @ text @d4 1 a4 1 VERSION= 142.0.7444.175 d238 6 a243 6 ${RUN}( \ ${ECHO} "#ifndef GPU_WEBGPU_DAWN_COMMIT_HASH_H_" ;\ ${ECHO} "#define GPU_WEBGPU_DAWN_COMMIT_HASH_H_" ;\ ${ECHO} "#define DAWN_COMMIT_HASH \""$$(cat ${WRKSRC}/gpu/webgpu/DAWN_VERSION)\""" ;\ ${ECHO} "#endif // GPU_WEBGPU_DAWN_COMMIT_HASH_H_" \ ) > ${WRKSRC}/gpu/webgpu/dawn_commit_hash.h @ 1.28 log @ www/chromium: update to 142.0.7444.175 * 142.0.7444.175 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [N/A][460017370] High CVE-2025-13223: Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-11-12 [N/A][450328966] High CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep on 2025-10-09 Google is aware that an exploit for CVE-2025-13223 exists in the wild. @ text @d238 5 a242 5 @@( \ echo "#ifndef GPU_WEBGPU_DAWN_COMMIT_HASH_H_" ;\ echo "#define GPU_WEBGPU_DAWN_COMMIT_HASH_H_" ;\ echo "#define DAWN_COMMIT_HASH \"$$(cat ${WRKSRC}/gpu/webgpu/DAWN_VERSION)\"" ;\ echo "#endif // GPU_WEBGPU_DAWN_COMMIT_HASH_H_" \ @ 1.27 log @www/chromium: update to 142.0.7444.162 * 142.0.7444.162 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][457351015] High CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-11-03 @ text @d4 1 a4 1 VERSION= 142.0.7444.162 d9 1 a9 1 DISTFILES+= ${DISTNAME}${EXTRACT_SUFX_C} d83 2 a191 1 RUSTC_VERSION= rustc -V d193 2 a194 3 GN_ARGS+= enable_rust=true \ rust_sysroot_absolute=\"${PREFIX}\" \ rustc_version=\"${RUSTC_VERSION:sh}\" d237 7 @ 1.26 log @www/chromium: update to 142.0.7444.134 * 142.0.7444.134 This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][443906252] High CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous on 2025-09-09 [TBD][447172715] High CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz on 2025-09-25 [TBD][454485895] High CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-10-23 [TBD][452392032] Medium CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-10-16 [TBD][454354281] Medium CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani on 2025-10-23 @ text @d4 1 a4 1 VERSION= 142.0.7444.134 @ 1.25 log @ www/chromium: update to 142.0.7444.59 * 142.0.7444.59 This update includes 20 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$50000][447613211] High CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26 [$50000][450618029] High CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang on 2025-10-10 [$10000][442860743] High CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about on 2025-09-04 [$4000][436887350] High CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2025-08-06 [N/A][439522866] High CVE-2025-12432: Race in V8. Reported by Google Big Sleep on 2025-08-18 [N/A][449760249] High CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep on 2025-10-07 [N/A][452296415] High CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep on 2025-10-15 [$3000][337356054] Medium CVE-2025-12434: Race in Storage. Reported by Lijo A.T on 2024-04-27 [$3000][446463993] Medium CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh on 2025-09-21 [$2000][40054742] Medium CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@@lbherrera_) on 2021-02-08 [$2000][446294487] Medium CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq on 2025-09-20 [$1000][433027577] Medium CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab on 2025-07-20 [TBD][382234536] Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick on 2024-12-04 [N/A][430555440] Low CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani on 2025-07-09 [N/A][444049512] Medium CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep on 2025-09-10 [TBD][452071845] Medium CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research on 2025-10-15 [$3000][390571618] Low CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf on 2025-01-18 [$1000][428397712] Low CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner on 2025-06-29 [$1000][444932667] Low CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh on 2025-09-14 [TBD][442636157] Low CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2025-09-03 @ text @d4 1 a4 1 VERSION= 142.0.7444.59 @ 1.24 log @ www/chromium: update to 141.0.7390.122 * 141.0.7390.122 This update does not include any security fixes. * Fix configure phase on aarch64 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2025/09/30 16:07:40 wiz Exp $ d4 1 a4 1 VERSION= 141.0.7390.122 @ 1.23 log @*: recursive bump for pcre2 Running an old binary against the new pcre doesn't work: /usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by /usr/pkg/lib/libglib-2.0.so.0 not defined @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2025/10/16 19:43:17 kikadf Exp $ d4 1 a4 2 VERSION= 141.0.7390.107 PKGREVISION= 1 a41 1 TOOL_DEPENDS+= nasm-[0-9]*:../../devel/nasm d197 1 d201 1 d203 1 d243 1 a243 1 .for ffmpeg_part in config.h config.asm config_components.h libavcodec libavformat libavutil @ 1.22 log @ www/chromium: update to 141.0.7390.107 * 140.0.7339.207 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][430336833] High CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged) on 2025-07-09 [N/A][443765373] High CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep on 2025-09-09 [N/A][444048019] High CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep on 2025-09-10 * 141.0.7390.54 This update includes 21 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$25000][442444724] High CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02 [$4000][444755026] High CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl on 2025-09-12 [$5000][428189824] Medium CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz on 2025-06-27 [$3000][397878997] Medium CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen on 2025-02-20 [$3000][438226517] Medium CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-08-13 [$3000][440523110] Medium CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq on 2025-08-22 [$3000][441917796] Medium CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob on 2025-08-29 [$2000][420734141] Medium CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K on 2025-05-28 [$1000][443408317] Medium CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-09-06 [N/A][439758498] Medium CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep on 2025-08-19 [$1000][419721056] Low CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari on 2025-05-23 [N/A][439772737] Low CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep on 2025-08-19 * 141.0.7390.65 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$5000][443196747] High CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab on 2025-09-05 [TBD][446722008] High CVE-2025-11460: Use after free in Storage. Reported by Sombra on 2025-09-23 [$3000][441917796] Medium CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir on 2025-08-29 * 141.0.7390.107 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][447192722] High CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine on 2025-09-25 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2025/09/30 16:07:40 wiz Exp $ d5 1 @ 1.21 log @*: use ${DESTDIR}${PREFIX} instead of ${DESTDIR}/${PREFIX} @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2025/09/23 11:39:46 kikadf Exp $ d4 1 a4 1 VERSION= 140.0.7339.185 @ 1.20 log @www/chromium: update to 140.0.7339.185 * 140.0.7339.185 This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [NA][445380761] High CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16 [$15000][435875050] High CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin) on 2025-08-03 [$10000][440737137] High CVE-2025-10501: Use after free in WebRTC. Reported by sherkito on 2025-08-23 [TBD][438038775] High CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep on 2025-08-12 Google is aware that an exploit for CVE-2025-10585 exists in the wild. @ text @d1 1 a1 1 # $NetBSD$ d300 1 a300 1 ${DESTDIR}/${PREFIX}/${PKGMANDIR}/man1/${CHROMIUM}.1 @ 1.19 log @ www/chromium: update to 140.0.7339.127 * 140.0.7339.127 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$43000][440454442] Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22 [$30000][439305148] High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18 @ text @d4 1 a4 1 VERSION= 140.0.7339.127 @ 1.18 log @ www/chromium: update to 140.0.7339.80 * 140.0.7339.80 This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [NA][434513380] High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28 [$5000][437147699] Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07 [$4000][379337758] Medium CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK on 2024-11-16 [$1000][415496161] Medium CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-05-04 @ text @d4 1 a4 1 VERSION= 140.0.7339.80 @ 1.17 log @*: recursive bump for tiff growing lerc dependency @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2025/08/29 11:55:26 kikadf Exp $ d4 1 a4 2 VERSION= 139.0.7258.154 PKGREVISION= 1 d12 1 a12 1 A_VERSION= 138.0 @ 1.16 log @www/chromium: update to 139.0.7258.154 * 139.0.7258.138 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [N/A][436181695] High CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep on 2025-08-04 * 139.0.7258.154 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [N/A][437825940] Critical CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep on 2025-08-11 @ text @d1 1 a1 1 # $NetBSD$ d5 1 @ 1.15 log @www/chromium: update to 139.0.7258.127 * 139.0.7258.127 This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. As usual, our ongoing internal security work was responsible for a wide range of fixes: [TBD][432035817] High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15 [TBD][433533359] High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@@0x10n) on 2025-07-23 [N/A][435139154] High CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep on 2025-07-30 [TBD][433800617] Medium CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz on 2025-07-23 [TBD][435623339] Medium CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq on 2025-08-01 @ text @d4 1 a4 1 VERSION= 139.0.7258.127 @ 1.14 log @ www/chromium: update to 139.0.7258.66 * 139.0.7258.66 This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$2000][414760982] Medium CVE-2025-8576: Use after free in Extensions. Reported by asnine on 2025-04-30 [$1000][384050903] Medium CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq on 2024-12-14 [TBD][423387026] Medium CVE-2025-8578: Use after free in Cast. Reported by Fayez on 2025-06-09 [$10000][407791462] Low CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz on 2025-04-02 [$2000][411544197] Low CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu on 2025-04-18 [$2000][416942878] Low CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea on 2025-05-11 [$1000][40089450] Low CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous on 2017-10-31 [$500][373794472] Low CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-10-16 @ text @d4 1 a4 1 VERSION= 139.0.7258.66 @ 1.13 log @www/chromium: update to 138.0.7204.168 * 138.0.7204.183 This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$8000][426054987] High CVE-2025-8292: Use after free in Media Stream. Reported by Anonymous on 2025-06-19 @ text @d4 1 a4 1 VERSION= 138.0.7204.183 a138 1 GN_ARGS+= enable_nacl=false @ 1.12 log @www/chromium: update to 138.0.7204.168 * 138.0.7204.157 This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][425583995] High CVE-2025-7656: Integer overflow in V8. Reported by Shaheen Fazim on 2025-06-17 [NA][427162086] High CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2025-06-23 [TBD][427681143] High CVE-2025-7657: Use after free in WebRTC. Reported by jakebiles on 2025-06-25 Google is aware that an exploit for CVE-2025-6558 exists in the wild. * 138.0.7204.168 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$8000][430344952] High CVE-2025-8010: Type Confusion in V8. Reported by Shaheen Fazim on 2025-07-09 [TBD][430572435] High CVE-2025-8011: Type Confusion in V8. Reported by Shaheen Fazim on 2025-07-09 @ text @d4 1 a4 1 VERSION= 138.0.7204.168 @ 1.11 log @www/chromium: update to 138.0.7204.96 * Patchset changes: base/system/sys_info_netbsd.cc: fix SysInfo::AmountOfAvailablePhysicalMemoryImpl() v8/src/base/platform/platform-posix.cc: use pid instead of lid in OS::GetCurrentThreadIdInternal() * AudioIO: update to 138.0, apply changes from qt6-qtwebengine by Mark Davies * 137.0.7151.55 This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][411573532] High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18 [TBD][417169470] High CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car] on 2025-05-12 [$4000][40058068] Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-29 [$2000][40059071] Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. Reported by NDevTK on 2022-03-11 [$1000][356658477] Medium CVE-2025-5066: Inappropriate implementation in Messages. Reported by Mohit Raj (shadow2639) on 2024-07-31 [TBD][417215501] Medium CVE-2025-5281: Inappropriate implementation in BFCache. Reported by Jesper van den Ende (Pelican Party Studios) on 2025-05-12 [TBD][419467315] Medium CVE-2025-5283: Use after free in libvpx. Reported by Mozilla on 2025-05-22 [$500][40075024] Low CVE-2025-5067: Inappropriate implementation in Tab Strip. Reported by Khalil Zhani on 2023-10-17 As usual, our ongoing internal security work was responsible for a wide range of fixes: [419294325] Various fixes from internal audits, fuzzing and other initiatives * 137.0.7151.68 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [N/A][420636529] High CVE-2025-5419: Out of bounds read and write in V8. Reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28 by a configuration change pushed out to Stable across all Chrome platforms. [$1000][409059706] Medium CVE-2025-5068: Use after free in Blink. Reported by Walkman on 2025-04-07 Google is aware that an exploit for CVE-2025-5419 exists in the wild. * 137.0.7151.103 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$8000][420150619] High CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25 [NA][422313191] High CVE-2025-5959: Type Confusion in V8. Reported by Seunghyun Lee as part of TyphoonPWN 2025 on 2025-06-04 * 137.0.7151.119 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][420697404] High CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27 [$4000][421471016] High CVE-2025-6192: Use after free in Profiler. Reported by Chaoyuan Peng (@@ret2happy) on 2025-05-31 * 138.0.7204.49 This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$4000][407328533] Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane (rebane2001) on 2025-03-30 [$1000][40062462] Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02 [$1000][406631048] Low CVE-2025-6557: Insufficient data validation in DevTools. Reported by Ameen Basha M K on 2025-03-27 * 138.0.7204.96 This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [NA][427663123] High CVE-2025-6554: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-06-25. This issue was mitigated on 2025-06-26 by a configuration change pushed out to Stable channel across all platforms. Google is aware that an exploit for CVE-2025-6554 exists in the wild. @ text @d4 1 a4 1 VERSION= 138.0.7204.96 d94 1 a94 1 SUBST_FILES.path+= ui/gtk/ime_compat_check.cc @ 1.10 log @www/chromium: update to 136.0.7103.113 Provided by Robert Bagdan in wip. * 131.0.6778.264 This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$55000][383356864] High CVE-2025-0291: Type Confusion in V8. Reported by Popax21 on 2024-12-11 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [388088544] Various fixes from internal audits, fuzzing and other initiatives * 132.0.6834.83 This update includes 16 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][374627491] High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21 [$7000][379652406] High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18 [$3000][382786791] High CVE-2025-0436: Integer overflow in Skia. Reported by Han Zheng (HexHive) on 2024-12-08 [$2000][378623799] High CVE-2025-0437: Out of bounds read in Metrics. Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-11-12 [TBD][384186539] High CVE-2025-0438: Stack buffer overflow in Tracing. Reported by Han Zheng (HexHive) on 2024-12-15 [$5000][371247941] Medium CVE-2025-0439: Race in Frames. Reported by Hafiizh on 2024-10-03 [$5000][40067914] Medium CVE-2025-0440: Inappropriate implementation in Fullscreen. Reported by Umar Farooq on 2023-07-22 [$2000][368628042] Medium CVE-2025-0441: Inappropriate implementation in Fenced Frames. Reported by someoneverycurious on 2024-09-21 [$2000][40940854] Medium CVE-2025-0442: Inappropriate implementation in Payments. Reported by Ahmed ElMasry on 2023-11-08 [$1000][376625003] Medium CVE-2025-0443: Insufficient data validation in Extensions. Reported by Anonymous on 2024-10-31 [$1000][359949844] Low CVE-2025-0446: Inappropriate implementation in Extensions. Reported by Hafiizh on 2024-08-15 [$1000][375550814] Low CVE-2025-0447: Inappropriate implementation in Navigation. Reported by Khiem Tran (@@duckhiem) on 2024-10-25 [$1000][377948403] Low CVE-2025-0448: Inappropriate implementation in Compositing. Reported by Dahyeon Park on 2024-11-08 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [389761478] Various fixes from internal audits, fuzzing and other initiatives * 132.0.6834.110 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$11000][386143468] High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26 [$8000][385155406] High CVE-2025-0612: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-20 As usual, our ongoing internal security work was responsible for a wide range of fixes: [391144311] Various fixes from internal audits, fuzzing and other initiatives * 132.0.6834.159 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$2000][384844003] Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18 As usual, our ongoing internal security work was responsible for a wide range of fixes: [392630675] Various fixes from internal audits, fuzzing and other initiatives * 133.0.6943.53 This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][390889644] High CVE-2025-0444: Use after free in Skia. Reported by Francisco Alonso (@@revskills) on 2025-01-19 [TBD][392521083] High CVE-2025-0445: Use after free in V8. Reported by 303f06e3 on 2025-01-27 [$2000][40061026] Medium CVE-2025-0451: Inappropriate implementation in Extensions API. Reported by Vitor Torres and Alesandro Ortiz on 2022-09-18 As usual, our ongoing internal security work was responsible for a wide range of fixes: [394135363] Various fixes from internal audits, fuzzing and other initiatives * 133.0.6943.98 This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$55000][391907159] High CVE-2025-0995: Use after free in V8. Reported by Popax21 on 2025-01-24 [TBD][391788835] High CVE-2025-0996: Inappropriate implementation in Browser UI. Reported by yuki yamaoto on 2025-01-23 [TBD][391666328] High CVE-2025-0997: Use after free in Navigation. Reported by asnine on 2025-01-23 [TBD][386857213] High CVE-2025-0998: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-31 * 133.0.6943.126 This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$11000][394350433] High CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee (@@0x10n) on 2025-02-04 [TBD][383465163] High CVE-2025-1426: Heap buffer overflow in GPU. Reported by un3xploitable && GF on 2024-12-11 [$4000][390590778] Medium CVE-2025-1006: Use after free in Network. Reported by Tal Keren, Sam Agranat, Eran Rom, Edouard Bochin, Adam Hatsir of Palo Alto Networks on 2025-01-18 * 133.0.6943.141 This update includes 1 security fix. Please see the Chrome Security Page for more information. As usual, our ongoing internal security work was responsible for a wide range of fixes: [399107077]Various fixes from internal audits, fuzzing and other initiatives * 134.0.6998.35 This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][397731718] High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao (@@Kipreyyy) and Nan Wang (@@eternalsakura13) on 2025-02-20 [$4000][391114799] Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Reported by Topi Lassila on 2025-01-20 [$3000][376493203] Medium CVE-2025-1916: Use after free in Profiles. Reported by parkminchan, SSD Labs Korea on 2024-10-31 [$2000][329476341] Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Reported by Khalil Zhani on 2024-03-14 [$2000][388557904] Medium CVE-2025-1918: Out of bounds read in PDFium. AReported by asnine on 2025-01-09 [$2000][392375312] Medium CVE-2025-1919: Out of bounds read in Media. Reported by @@Bl1nnnk and @@Pisanbao on 2025-01-26 [$1000][387583503] Medium CVE-2025-1921: Inappropriate Implementation in Media Stream. Reported by Kaiido on 2025-01-04 [$5000][384033062] Low CVE-2025-1922: Inappropriate Implementation in Selection. Reported by Alesandro Ortiz on 2024-12-14 [$1000][382540635] Low CVE-2025-1923: Inappropriate Implementation in Permission Prompts. Reported by Khalil Zhani on 2024-12-06 As usual, our ongoing internal security work was responsible for a wide range of fixes: [400559715] Various fixes from internal audits, fuzzing and other initiatives * 134.0.6998.88 This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][398065918] High CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o. on 2025-02-21 [TBD][400052777] High CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao (@@Kipreyyy) and Nan Wang (@@eternalsakura13) on 2025-03-02 [NA][401059730] High CVE-2025-24201: Out of bounds write in GPU on Mac. Reported by Apple Security Engineering and Architecture (SEAR) on 2025-03-05 [$3000][395032416] Medium CVE-2025-2136: Use after free in Inspector. Reported by Sakana.S on 2025-02-10 [$2000][398999390] Medium CVE-2025-2137: Out of bounds read in V8. Reported by zeroxiaobai@@ on 2025-02-25 Google is aware of reports that an exploit for CVE-2025-24201 exists in the wild. * 134.0.6998.117 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][401029609] Critical CVE-2025-2476: Use after free in Lens. Reported by SungKwon Lee of Enki Whitehat on 2025-03-05 As usual, our ongoing internal security work was responsible for a wide range of fixes: [404324707] Various fixes from internal audits, fuzzing and other initiatives * 134.0.6998.165 This update doesn't include security fix. * 135.0.7049.52 This update includes 13 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$10000][376491759] Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31 [$2000][401823929] Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09 [$1000][40060076] Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26 [$1000][40086360] Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01 [$2000][40051596] Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23 [$1000][362545037] Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27 [$500][388680893] Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09 [$500][392818696] Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28 As usual, our ongoing internal security work was responsible for a wide range of fixes: [407621901]Various fixes from internal audits, fuzzing and other initiatives * 135.0.7049.84 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$4000][405140652] High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe (@@svn-dys) on 2025-03-21 As usual, our ongoing internal security work was responsible for a wide range of fixes: [409114118] Various fixes from internal audits, fuzzing and other initiatives * 135.0.7049.95 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [TBD][409619251] Critical CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09 [TBD][405292639] High CVE-2025-3620: Use after free in USB. Reported by @@retsew0x01 on 2025-03-21 * 135.0.7049.114 This update includes 1 security fix. Please see the Chrome Security Page for more information. Our ongoing internal security work was responsible for a wide range of fixes: [412443038] Various fixes from internal audits, fuzzing and other initiatives * 136.0.7103.59 This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$5000][409911705] High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 [$2000][409342999] Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 [$2000][404000989] Medium CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-16 [$1000][401927528] Low CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 As usual, our ongoing internal security work was responsible for a wide range of fixes: [414433561]Various fixes from internal audits, fuzzing and other initiatives * 136.0.7103.92 This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][412057896] Medium CVE-2025-4372: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-04-20 As usual, our ongoing internal security work was responsible for a wide range of fixes: [415837391] Various fixes from internal audits, fuzzing and other initiatives * 136.0.7103.113 This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [N/A][415810136] High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @@slonser_ on 2025-05-05 [TBD][412578726] High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on 2025-04-22 Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild. As usual, our ongoing internal security work was responsible for a wide range of fixes: [417268830] Various fixes from internal audits, fuzzing and other initiatives @ text @d4 1 a4 1 VERSION= 136.0.7103.113 a8 2 #PROFILE_DISTFILES= chromium-linux-${VERSION}-llvm17.profdata${EXTRACT_SUFX_C} #SITES.${PROFILE_DISTFILES}= https://nerd.hu/distfiles/ a9 1 #DISTFILES+= ${PROFILE_DISTFILES} d12 1 a12 1 A_VERSION= 130.0 a27 2 CHECK_PORTABILITY_SKIP+= third_party/sqlite/src/configure CHECK_PORTABILITY_SKIP+= third_party/protobuf/post_process_dist.sh d29 2 d32 4 d38 1 a38 3 CHECK_PORTABILITY_SKIP+= third_party/llvm/flang/tools/f18/flang.sh.in CHECK_PORTABILITY_SKIP+= third_party/rust-src/vendor/libdbus-sys-0.2.5/vendor/dbus/tools/cmake-format CHECK_PORTABILITY_SKIP+= third_party/rust-toolchain/lib/rustlib/src/rust/vendor/libdbus-sys-0.2.5/vendor/dbus/tools/cmake-format a39 1 CHECK_PORTABILITY_SKIP+= v8/tools/profiling/run-llprof.sh d94 1 d115 1 a134 1 #GN_ARGS+= chrome_pgo_phase=0 d145 3 @ 1.9 log @*: bump for llvm 19 (shlib major changed) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2025/04/24 14:16:02 wiz Exp $ d4 1 a4 2 VERSION= 131.0.6778.204 PKGREVISION= 9 d9 2 a10 2 PROFILE_DISTFILES= chromium-linux-${VERSION}-llvm17.profdata${EXTRACT_SUFX_C} SITES.${PROFILE_DISTFILES}= https://nerd.hu/distfiles/ d12 1 a12 1 DISTFILES+= ${PROFILE_DISTFILES} d19 1 a19 1 LLVM_MV= 18 a21 1 #MAINTAINER= ryoon@@NetBSD.org d87 1 d94 1 a95 1 SUBST_FILES.path+= ui/qt/qt.gni d127 1 a127 2 GN_SYSTEM_LIBS+= libevent #GN_SYSTEM_LIBS+= libjpeg # libjpeg-turbo d135 1 a139 1 GN_ARGS+= enable_log_error_not_reached=true d146 1 d158 2 d165 1 a165 1 #GN_ARGS+= use_system_libjpeg=true #libjpeg-turbo d271 2 a272 1 INSTALLATION_DIRS+= ${PREFIX}/share/applications a282 1 CHROMIUM_LIBS+= libvulkan.so.1 d291 1 d297 1 a313 1 .include "../../audio/flac/buildlink3.mk" a318 1 .include "../../devel/libevent/buildlink3.mk" a321 3 .include "../../devel/re2/buildlink3.mk" .include "../../devel/snappy/buildlink3.mk" .include "../../devel/zlib/buildlink3.mk" d336 1 a336 1 #.include "../../mk/jpeg.buildlink3.mk" # libjpeg-turbo d371 1 a371 1 .include "../../x11/qt5-qtbase/buildlink3.mk" @ 1.8 log @*: recursive bump for jpeg -> libjpeg-turbo switch @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2025/04/19 07:58:31 wiz Exp $ d5 1 a5 1 PKGREVISION= 8 @ 1.7 log @*: recursive bump for default Kerberos implementation switch @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2025/04/17 21:52:45 wiz Exp $ d5 1 a5 1 PKGREVISION= 7 @ 1.6 log @*: recursive bump for icu 77 and libxml2 2.14 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2025/04/10 20:07:52 wiz Exp $ d5 1 a5 1 PKGREVISION= 6 @ 1.5 log @chromium: fix build with gperf 3.2 and depend on it Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2025/02/18 10:33:22 wiz Exp $ d5 1 a5 1 PKGREVISION= 5 @ 1.4 log @*: recursive bump for openh264 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2025/02/12 06:45:38 ryoon Exp $ d5 1 a5 1 PKGREVISION= 4 d45 1 a45 1 TOOL_DEPENDS+= gperf>=3.0.1:../../devel/gperf @ 1.3 log @*: Recursive revbump from audio/flac-1.5.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2025/02/09 14:44:09 wiz Exp $ d5 1 a5 1 PKGREVISION= 3 @ 1.2 log @*: recursive bump for abseil 20250127.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2025/02/06 09:57:37 wiz Exp $ d5 1 a5 1 PKGREVISION= 2 @ 1.1 log @www/chromium: import chromium-131.0.6778.204nb1 Packaged by Robert Bagdan in wip. Thank you! Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web. @ text @d1 1 a1 1 # $NetBSD$ d5 1 a5 1 PKGREVISION= 1 @