head	1.11;
access;
symbols
	pkgsrc-2026Q1:1.8.0.2
	pkgsrc-2026Q1-base:1.8
	pkgsrc-2025Q4:1.4.0.2
	pkgsrc-2025Q4-base:1.4;
locks; strict;
comment	@# @;


1.11
date	2026.05.10.15.29.48;	author kikadf;	state Exp;
branches;
next	1.10;
commitid	SyX3h0lYaSxpwhFG;

1.10
date	2026.04.21.15.21.08;	author kikadf;	state Exp;
branches;
next	1.9;
commitid	WF34zDf4vSqU3QCG;

1.9
date	2026.04.10.17.31.47;	author kikadf;	state Exp;
branches;
next	1.8;
commitid	WY5RZg3wS2F5arBG;

1.8
date	2026.03.14.12.40.24;	author kikadf;	state Exp;
branches;
next	1.7;
commitid	q4jiyADaBQJ3qWxG;

1.7
date	2026.02.15.09.03.56;	author kikadf;	state Exp;
branches;
next	1.6;
commitid	wC0CmxiLIcAz5suG;

1.6
date	2026.01.19.16.14.07;	author kikadf;	state Exp;
branches;
next	1.5;
commitid	T1nlh0FgifRrj1rG;

1.5
date	2025.12.23.13.22.11;	author kikadf;	state Exp;
branches;
next	1.4;
commitid	pcOpX5XnueCTfxnG;

1.4
date	2025.12.13.14.53.47;	author kikadf;	state Exp;
branches;
next	1.3;
commitid	J35BnWTDpQrB5gmG;

1.3
date	2025.12.11.09.13.28;	author kikadf;	state Exp;
branches;
next	1.2;
commitid	q6Ed7pzhZW5rgYlG;

1.2
date	2025.11.20.08.36.05;	author kikadf;	state Exp;
branches;
next	1.1;
commitid	GTwx5lrzjbE5JgjG;

1.1
date	2025.11.04.14.55.30;	author kikadf;	state Exp;
branches;
next	;
commitid	qfucP2L8NrpolfhG;


desc
@@


1.11
log
@
www/chromium: update to 148.0.7778.96

* 148.0.7778.96
This update includes 127 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the Chrome Security Page for more information.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer,
UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

[$43000][493747582] Critical CVE-2026-7896: Integer overflow in Blink. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18

[N/A][504069514] Critical CVE-2026-7897: Use after free in Mobile. Reported by Google on 2026-04-18

[N/A][504587882] Critical CVE-2026-7898: Use after free in Chromoting. Reported by Google on 2026-04-20

[$55000][505481948] High CVE-2026-7899: Out of bounds read and write in V8. Reported by Project WhatForLunch (@@pjwhatforlunch) on 2026-04-23

[$16000][496503799] High CVE-2026-7900: Heap buffer overflow in ANGLE. Reported by Anonymous on 2026-03-26

[$16000][497724490] High CVE-2026-7901: Use after free in ANGLE. Reported by Syn4pse (@@ret2happy) on 2026-03-30

[$8000][502030575] High CVE-2026-7902: Out of bounds memory access in V8. Reported by JunYoung Park(@@candymate) of KAIST Hacking Lab on 2026-04-13

[TBD][491760376] High CVE-2026-7903: Integer overflow in ANGLE. Reported by heesun on 2026-03-11

[TBD][492350406] High CVE-2026-7904: Out of bounds read in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13

[N/A][495259842] High CVE-2026-7905: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-23

[N/A][496284584] High CVE-2026-7906: Use after free in SVG. Reported by Google on 2026-03-25

[N/A][496292089] High CVE-2026-7907: Use after free in DOM. Reported by Google on 2026-03-25

[N/A][497436531] High CVE-2026-7908: Use after free in Fullscreen. Reported by Google on 2026-03-29

[N/A][497437113] High CVE-2026-7909: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-29

[N/A][497543810] High CVE-2026-7910: Use after free in Views. Reported by Google on 2026-03-29

[N/A][497548912] High CVE-2026-7911: Use after free in Aura. Reported by Google on 2026-03-29

[N/A][497639714] High CVE-2026-7912: Integer overflow in GPU. Reported by Google on 2026-03-30

[N/A][497936728] High CVE-2026-7913: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-30

[N/A][498401609] High CVE-2026-7914: Type Confusion in Accessibility. Reported by Google on 2026-04-01

[N/A][498454478] High CVE-2026-7915: Insufficient data validation in DevTools. Reported by Google on 2026-04-01

[N/A][498720754] High CVE-2026-7916: Insufficient data validation in InterestGroups. Reported by Google on 2026-04-01

[N/A][498752242] High CVE-2026-7917: Use after free in Fullscreen. Reported by Google on 2026-04-02

[N/A][498780188] High CVE-2026-7918: Use after free in GPU. Reported by Google on 2026-04-02

[N/A][498832921] High CVE-2026-7919: Use after free in Aura. Reported by Google on 2026-04-02

[N/A][498989348] High CVE-2026-7920: Use after free in Skia. Reported by Google on 2026-04-02

[N/A][499062376] High CVE-2026-7921: Use after free in Passwords. Reported by Google on 2026-04-02

[N/A][499449324] High CVE-2026-7922: Use after free in ServiceWorker. Reported by Google on 2026-04-04

[N/A][500080194] High CVE-2026-7923: Out of bounds write in Skia. Reported by Google on 2026-04-06

[N/A][500087204] High CVE-2026-7924: Uninitialized Use in Dawn. Reported by Google on 2026-04-06

[N/A][501833981] High CVE-2026-7925: Use after free in Chromoting. Reported by Google on 2026-04-12

[TBD][502249087] High CVE-2026-7926: Use after free in PresentationAPI. Reported by anonymous on 2026-04-14

[N/A][502830119] High CVE-2026-7927: Type Confusion in Runtime. Reported by Google on 2026-04-15

[N/A][504612429] High CVE-2026-7928: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504660052] High CVE-2026-7929: Use after free in MediaRecording. Reported by Google on 2026-04-20

[TBD][434825208] Medium CVE-2026-7930: Insufficient validation of untrusted input in Cookies. Reported by Satoki on 2025-07-29

[TBD][474338157] Medium CVE-2026-7931: Insufficient validation of untrusted input in iOS. Reported by Qadhafy Muhammad Tera on 2026-01-08

[TBD][481634116] Medium CVE-2026-7932: Insufficient policy enforcement in Downloads. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-04

[TBD][488585490] Medium CVE-2026-7933: Out of bounds read in WebCodecs. Reported by heapracer (@@heapracer) on 2026-03-01

[N/A][489023922] Medium CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker. Reported by Google on 2026-03-02

[TBD][489624550] Medium CVE-2026-7935: Inappropriate implementation in Speech. Reported by Qadhafy Muhammad Tera on 2026-03-04

[TBD][490485402] Medium CVE-2026-7936: Object lifecycle issue in V8. Reported by Christian Holler on 2026-03-07

[TBD][491766258] Medium CVE-2026-7937: Insufficient policy enforcement in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-03-11

[TBD][492735384] Medium CVE-2026-7938: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-15

[TBD][492963096] Medium CVE-2026-7939: Inappropriate implementation in SanitizerAPI. Reported by s3zer0 on 2026-03-15

[TBD][493631402] Medium CVE-2026-7940: Use after free in V8. Reported by sakana on 2026-03-17

[TBD][493955234] Medium CVE-2026-7941: Insufficient validation of untrusted input in Mobile. Reported by Adithya Kotian on 2026-03-19

[N/A][495363705] Medium CVE-2026-7942: Integer overflow in ANGLE. Reported by Google on 2026-03-23

[TBD][495373657] Medium CVE-2026-7943: Insufficient validation of untrusted input in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-23

[N/A][495783187] Medium CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache. Reported by Google on 2026-03-24

[N/A][495802788] Medium CVE-2026-7945: Insufficient validation of untrusted input in COOP. Reported by Google on 2026-03-24

[N/A][496016840] Medium CVE-2026-7946: Insufficient policy enforcement in WebUI. Reported by Google on 2026-03-25

[N/A][496169594] Medium CVE-2026-7947: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-25

[N/A][496193452] Medium CVE-2026-7948: Race in Chromoting. Reported by Google on 2026-03-25

[N/A][496206134] Medium CVE-2026-7949: Out of bounds read in Skia. Reported by Google on 2026-03-25

[N/A][496259890] Medium CVE-2026-7950: Out of bounds read and write in GFX. Reported by Google on 2026-03-25

[TBD][496266456] Medium CVE-2026-7951: Out of bounds write in WebRTC. Reported by soft.connect.fr on 2026-03-26

[N/A][496279876] Medium CVE-2026-7952: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-25

[N/A][496379792] Medium CVE-2026-7953: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-03-26

[N/A][496380960] Medium CVE-2026-7954: Race in Shared Storage. Reported by Google on 2026-03-26

[N/A][496441232] Medium CVE-2026-7955: Uninitialized Use in GPU. Reported by Google on 2026-03-26

[N/A][496463315] Medium CVE-2026-7956: Use after free in Navigation. Reported by Google on 2026-03-26

[N/A][496607380] Medium CVE-2026-7957: Out of bounds write in Media. Reported by Google on 2026-03-26

[N/A][496632973] Medium CVE-2026-7958: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-26

[N/A][496645205] Medium CVE-2026-7959: Inappropriate implementation in Navigation. Reported by Google on 2026-03-26

[N/A][497007825] Medium CVE-2026-7960: Race in Speech. Reported by Google on 2026-03-27

[N/A][497008295] Medium CVE-2026-7961: Insufficient validation of untrusted input in Permissions. Reported by Google on 2026-03-27

[N/A][497081987] Medium CVE-2026-7962: Insufficient policy enforcement in DirectSockets. Reported by Google on 2026-03-28

[N/A][497250399] Medium CVE-2026-7963: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-28

[N/A][497254383] Medium CVE-2026-7964: Insufficient validation of untrusted input in FileSystem. Reported by Google on 2026-03-28

[N/A][497255035] Medium CVE-2026-7965: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-28

[N/A][497341787] Medium CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-29

[N/A][497365545] Medium CVE-2026-7967: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-03-29

[N/A][497432281] Medium CVE-2026-7968: Insufficient validation of untrusted input in CORS. Reported by Google on 2026-03-29

[N/A][497450574] Medium CVE-2026-7969: Integer overflow in Network. Reported by Google on 2026-03-29

[N/A][497487462] Medium CVE-2026-7970: Use after free in TopChrome. Reported by Google on 2026-03-29

[N/A][497529290] Medium CVE-2026-7971: Inappropriate implementation in ORB. Reported by Google on 2026-03-29

[N/A][497546281] Medium CVE-2026-7972: Uninitialized Use in GPU. Reported by Google on 2026-03-29

[N/A][497565944] Medium CVE-2026-7973: Integer overflow in Dawn. Reported by Google on 2026-03-29

[N/A][497649372] Medium CVE-2026-7974: Use after free in Blink. Reported by Google on 2026-03-30

[N/A][497735587] Medium CVE-2026-7975: Use after free in DevTools. Reported by Google on 2026-03-30

[N/A][497736679] Medium CVE-2026-7976: Use after free in Views. Reported by Google on 2026-03-30

[N/A][497821223] Medium CVE-2026-7977: Inappropriate implementation in Canvas. Reported by Google on 2026-03-30

[N/A][497828892] Medium CVE-2026-7978: Inappropriate implementation in Companion. Reported by Google on 2026-03-30

[N/A][497849876] Medium CVE-2026-7979: Inappropriate implementation in Media. Reported by Google on 2026-03-30

[N/A][497859275] Medium CVE-2026-7980: Use after free in WebAudio. Reported by Google on 2026-03-30

[N/A][497926602] Medium CVE-2026-7981: Out of bounds read in Codecs. Reported by Google on 2026-03-30

[N/A][497952533] Medium CVE-2026-7982: Uninitialized Use in WebCodecs. Reported by Google on 2026-03-30

[N/A][497975608] Medium CVE-2026-7983: Out of bounds read in Dawn. Reported by Google on 2026-03-31

[N/A][498277368] Medium CVE-2026-7984: Use after free in ReadingMode. Reported by Google on 2026-03-31

[N/A][498352423] Medium CVE-2026-7985: Use after free in GPU. Reported by Google on 2026-03-31

[N/A][498396238] Medium CVE-2026-7986: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-01

[N/A][498696266] Medium CVE-2026-7987: Use after free in WebRTC. Reported by Google on 2026-04-01

[N/A][498753456] Medium CVE-2026-7988: Type Confusion in WebRTC. Reported by Google on 2026-04-02

[N/A][498765082] Medium CVE-2026-7989: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-02

[N/A][498892267] Medium CVE-2026-7990: Insufficient validation of untrusted input in Updater. Reported by Google on 2026-04-02

[N/A][499065126] Medium CVE-2026-7991: Use after free in UI. Reported by Google on 2026-04-02

[N/A][499067529] Medium CVE-2026-7992: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-02

[N/A][499099003] Medium CVE-2026-7993: Insufficient validation of untrusted input in Payments. Reported by Google on 2026-04-03

[N/A][499116954] Medium CVE-2026-7994: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-03

[N/A][501745798] Medium CVE-2026-7995: Out of bounds read in AdFilter. Reported by Google on 2026-04-11

[TBD][484547631] Low CVE-2026-7996: Insufficient validation of untrusted input in SSL. Reported by heesun on 2026-02-15

[TBD][487960705] Low CVE-2026-7997: Insufficient validation of untrusted input in Updater. Reported by ochkofficial on 2026-02-26

[TBD][491676472] Low CVE-2026-7998: Insufficient validation of untrusted input in Dialog. Reported by Tianyi Hu on 2026-03-11

[TBD][493099941] Low CVE-2026-7999: Inappropriate implementation in V8. Reported by Taisic Yun (@@taisic) of Theori on 2026-03-16

[TBD][494464734] Low CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver. Reported by Ryan Jupp - HAAO on 2026-03-20

[TBD][494764371] Low CVE-2026-8001: Use after free in Printing. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21

[N/A][495779613] Low CVE-2026-8002: Use after free in Audio. Reported by Google on 2026-03-24

[N/A][495985532] Low CVE-2026-8003: Insufficient validation of untrusted input in TabGroups. Reported by Google on 2026-03-25

[N/A][496189510] Low CVE-2026-8004: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-25

[N/A][496298665] Low CVE-2026-8005: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-25

[N/A][496373088] Low CVE-2026-8006: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-26

[N/A][496399759] Low CVE-2026-8007: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-26

[N/A][496426191] Low CVE-2026-8008: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26

[N/A][496555077] Low CVE-2026-8009: Inappropriate implementation in Cast. Reported by Google on 2026-03-26

[N/A][496624084] Low CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-26

[N/A][496626029] Low CVE-2026-8011: Insufficient policy enforcement in Search. Reported by Google on 2026-03-26

[N/A][496628298] Low CVE-2026-8012: Inappropriate implementation in MHTML. Reported by Google on 2026-03-26

[N/A][497427430] Low CVE-2026-8013: Insufficient validation of untrusted input in FedCM. Reported by Google on 2026-03-29

[N/A][497490364] Low CVE-2026-8014: Inappropriate implementation in Preload. Reported by Google on 2026-03-29

[N/A][497548558] Low CVE-2026-8015: Inappropriate implementation in Media. Reported by Google on 2026-03-29

[N/A][497695401] Low CVE-2026-8016: Use after free in WebRTC. Reported by Google on 2026-03-30

[N/A][497722578] Low CVE-2026-8017: Side-channel information leakage in Media. Reported by Google on 2026-03-30

[N/A][498292657] Low CVE-2026-8018: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-31

[N/A][498353173] Low CVE-2026-8019: Insufficient policy enforcement in WebApp. Reported by Google on 2026-03-31

[N/A][498382925] Low CVE-2026-8020: Uninitialized Use in GPU. Reported by Google on 2026-04-01

[N/A][498417031] Low CVE-2026-8021: Script injection in UI. Reported by Google on 2026-04-01

[N/A][499194407] Low CVE-2026-8022: Inappropriate implementation in MHTML. Reported by Google on 2026-04-03
@
text
@$NetBSD$

* Part of patchset to build chromium on NetBSD
* Based on OpenBSD's chromium patches, and
  pkgsrc's qt5-qtwebengine patches

--- build/config/c++/modules.gni.orig	2026-04-28 23:05:57.000000000 +0200
+++ build/config/c++/modules.gni
@@@@ -16,7 +16,7 @@@@ declare_args() {
   # Eg. linux arm64 and windows were never supported with manual clang modules,
   # so they should use_autogenerated_modules = true despite not having
   # autogenerated modules because they're guarded by use_clang_modules.
-  use_autogenerated_modules = !(is_apple && use_system_xcode)
+  use_autogenerated_modules = !(is_apple && use_system_xcode) && !is_bsd
 }
 
 module_platform = "${current_os}-${current_cpu}"
@


1.10
log
@
www/chromium: update to 147.0.7727.101

* 147.0.7727.101
This update includes 31 security fixes. Please see the
Chrome Security Page for more information.
[$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE.
Reported by cinzinga on 2026-03-05
[$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy.
Reported by heapracer on 2026-03-17
[TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24
[N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender.
Reported by Google on 2026-03-28
[TBD][497724498] Critical CVE-2026-6358: Use after free in XR.
Reported by Jihyeon Jeong (Compsec Lab, Seoul National University /
Research Intern) on 2026-03-30
[TBD][490251701] High CVE-2026-6359: Use after free in Video.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06
[TBD][491994185] High CVE-2026-6300: Use after free in CSS.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12
[TBD][495273999] High CVE-2026-6301: Type Confusion in Turbofan.
Reported by qymag1c on 2026-03-23
[TBD][495477995] High CVE-2026-6302: Use after free in Video.
Reported by Syn4pse on 2026-03-24
[N/A][496282147] High CVE-2026-6303: Use after free in Codecs.
Reported by Google on 2026-03-25
[N/A][496393742] High CVE-2026-6304: Use after free in Graphite.
Reported by Google on 2026-03-26
[TBD][496618639] High CVE-2026-6305: Heap buffer overflow in PDFium.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-26
[TBD][496907110] High CVE-2026-6306: Heap buffer overflow in PDFium.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27
[TBD][497404188] High CVE-2026-6307: Type Confusion in Turbofan.
Reported by Project WhatForLunch (@@pjwhatforlunch) on 2026-03-29
[N/A][497412658] High CVE-2026-6308: Out of bounds read in Media.
Reported by Google on 2026-03-29
[N/A][497846428] High CVE-2026-6309: Use after free in Viz.
Reported by Google on 2026-03-30
[TBD][497880137] High CVE-2026-6360: Use after free in FileSystem.
Reported by asjidkalam on 2026-03-31
[N/A][497969820] High CVE-2026-6310: Use after free in Dawn.
Reported by Google on 2026-03-31
[N/A][498201025] High CVE-2026-6311: Uninitialized Use in Accessibility.
Reported by Google on 2026-03-31
[N/A][498269651] High CVE-2026-6312: Insufficient policy enforcement in Passwords.
Reported by Google on 2026-03-31
[N/A][498765210] High CVE-2026-6313: Insufficient policy enforcement in CORS.
Reported by Google on 2026-04-02
[N/A][498782145] High CVE-2026-6314: Out of bounds write in GPU.
Reported by Google on 2026-04-02
[N/A][499247910] High CVE-2026-6315: Use after free in Permissions.
Reported by Google on 2026-04-03
[N/A][499384399] High CVE-2026-6316: Use after free in Forms.
Reported by Google on 2026-04-03
[N/A][500036290] High CVE-2026-6361: Heap buffer overflow in PDFium.
Reported by Google on 2026-04-06
[TBD][500066234] High CVE-2026-6362: Use after free in Codecs.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07
[N/A][500091052] High CVE-2026-6317: Use after free in Cast.
Reported by Google on 2026-04-06
[N/A][495751197] Medium CVE-2026-6363: Type Confusion in V8.
Reported by Google on 2026-03-24
[TBD][495996858] Medium CVE-2026-6318: Use after free in Codecs.
Reported by Syn4pse on 2026-03-25
[TBD][499018889] Medium CVE-2026-6319: Use after free in Payments.
Reported by pwn2addr on 2026-04-02
[N/A][502103414] Medium CVE-2026-6364: Out of bounds read in Skia.
Reported by Google Threat Intelligence on 2026-04-13

* pkgsrc:
- remove llvm19 patches
- enable chrome_pgo_phase
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2026-04-14 23:31:37.000000000 +0200
@


1.9
log
@

www/chromium: update to 147.0.7727.55

* 147.0.7727.55
This update includes multiple security fixes. Please see the
Chrome Security Page for more information.
[$43000][493319454] Critical CVE-2026-5858: Heap buffer overflow in WebML.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17
[$43000][494158331] Critical CVE-2026-5859: Integer overflow in WebML.
Reported by Anonymous on 2026-03-19
[$11000][486495143] High CVE-2026-5860: Use after free in WebRTC.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[$3000][486927780] High CVE-2026-5861: Use after free in V8.
Reported by 5shain on 2026-02-23
[TBD][470566252] High CVE-2026-5862: Inappropriate implementation in V8.
Reported by Google on 2025-12-21
[TBD][484527367] High CVE-2026-5863: Inappropriate implementation in V8.
Reported by Google on 2026-02-14
[TBD][490642831] High CVE-2026-5864: Heap buffer overflow in WebAudio.
Reported by Syn4pse on 2026-03-08
[TBD][491884710] High CVE-2026-5865: Type Confusion in V8.
Reported by Project WhatForLunch (@@pjwhatforlunch) on 2026-03-12
[TBD][492218537] High CVE-2026-5866: Use after free in Media.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13
[TBD][492668885] High CVE-2026-5867: Heap buffer overflow in WebML.
Reported by Syn4pse on 2026-03-14
[TBD][493256564] High CVE-2026-5868: Heap buffer overflow in ANGLE.
Reported by cinzinga on 2026-03-16
[TBD][493708165] High CVE-2026-5869: Heap buffer overflow in WebML.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18
[TBD][495534710] High CVE-2026-5870: Integer overflow in Skia.
Reported by Google on 2026-03-23
[TBD][495679730] High CVE-2026-5871: Type Confusion in V8.
Reported by Google on 2026-03-24
[TBD][496281816] High CVE-2026-5872: Use after free in Blink.
Reported by Google on 2026-03-25
[TBD][496301615] High CVE-2026-5873: Out of bounds read and write in V8.
Reported by Google on 2026-03-25
[$11000][485397279] Medium CVE-2026-5874: Use after free in PrivateAI.
Reported by Krace on 2026-02-18
[$4000][430198264] Medium CVE-2026-5875: Policy bypass in Blink.
Reported by Lyra Rebane (rebane2001) on 2025-07-08
[$2000][41485206] Medium CVE-2026-5876: Side-channel information leakage
in Navigation. Reported by Lyra Rebane (rebane2001) on 2023-12-18
[TBD][333024273] Medium CVE-2026-5877: Use after free in Navigation.
Reported by Cassidy Kim(@@cassidy6564) on 2024-04-05
[TBD][365089001] Medium CVE-2026-5878: Incorrect security UI in Blink.
Reported by Shaheen Fazim on 2024-09-06
[TBD][40073848] Medium CVE-2026-5879: Insufficient validation of untrusted
input in ANGLE.
Reported by parkminchan, working for SSD Labs Korea on 2023-10-01
[TBD][424995036] Medium CVE-2026-5880: Incorrect security UI in browser UI.
Reported by Anonymous on 2025-06-14
[TBD][454162508] Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess.
Reported by asnine on 2025-10-22
[TBD][480993682] Medium CVE-2026-5882: Incorrect security UI in Fullscreen.
Reported by Anonymous on 2026-02-02
[TBD][482958590] Medium CVE-2026-5883: Use after free in Media.
Reported by sherkito on 2026-02-09
[TBD][484547633] Medium CVE-2026-5884: Insufficient validation of untrusted
input in Media. Reported by xmzyshypnc on 2026-02-15
[TBD][485203823] Medium CVE-2026-5885: Insufficient validation of untrusted
input in WebML. Reported by Bryan Bernhart on 2026-02-17
[TBD][485397283] Medium CVE-2026-5886: Out of bounds read in WebAudio.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18
[TBD][486079015] Medium CVE-2026-5887: Insufficient validation of untrusted
input in Downloads. Reported by daffainfo on 2026-02-20
[TBD][486506202] Medium CVE-2026-5888: Uninitialized Use in WebCodecs.
Reported by Identified by the Octane Security Team:
Giovanni Vignone, Paolo Gentry, Robert van Eijk on 2026-02-22
[TBD][486906037] Medium CVE-2026-5889: Cryptographic Flaw in PDFium.
Reported by mlafon on 2026-02-23
[TBD][487259772] Medium CVE-2026-5890: Race in WebCodecs.
Reported by Casper Woudenberg on 2026-02-24
[TBD][487471101] Medium CVE-2026-5891: Insufficient policy enforcement in
browser UI. Reported by Tianyi Hu on 2026-02-25
[TBD][487568011] Medium CVE-2026-5892: Insufficient policy enforcement in PWAs.
Reported by Tianyi Hu on 2026-02-25
[TBD][487768771] Medium CVE-2026-5893: Race in V8.
Reported by QYmag1c on 2026-02-26
[$1000][481882038] Low CVE-2026-5894: Inappropriate implementation in PDF.
Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-05
[TBD][374285495] Low CVE-2026-5895: Incorrect security UI in Omnibox.
Reported by Renwa Hiwa @@RenwaX23 on 2024-10-18
[TBD][40064543] Low CVE-2026-5896: Policy bypass in Audio.
Reported by Luan Herrera (@@lbherrera_) on 2023-05-13
[TBD][419921726] Low CVE-2026-5897: Incorrect security UI in Downloads.
Reported by Farras Givari on 2025-05-24
[TBD][470295118] Low CVE-2026-5898: Incorrect security UI in Omnibox.
Reported by saidinahikam032 on 2025-12-19
[TBD][474817168] Low CVE-2026-5899: Incorrect security UI in History Navigation.
Reported by Islam Rzayev on 2026-01-11
[TBD][475265304] Low CVE-2026-5900: Policy bypass in Downloads.
Reported by Luan Herrera (@@lbherrera_) on 2026-01-13
[TBD][479673903] Low CVE-2026-5901: Policy bypass in DevTools.
Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-29
[TBD][483109205] Low CVE-2026-5902: Race in Media.
Reported by Luke Francis on 2026-02-10
[TBD][483771899] Low CVE-2026-5903: Policy bypass in IFrameSandbox.
Reported by @@Ciarands on 2026-02-11
[TBD][483851888] Low CVE-2026-5904: Use after free in V8.
Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-02-12
[TBD][483899628] Low CVE-2026-5905: Incorrect security UI in Permissions.
Reported by daffainfo on 2026-02-12
[TBD][484082189] Low CVE-2026-5906: Incorrect security UI in Omnibox.
Reported by mohamedhesham9173 on 2026-02-13
[TBD][484665123] Low CVE-2026-5907: Insufficient data validation in Media.
Reported by Luke Francis on 2026-02-15
[TBD][485115554] Low CVE-2026-5908: Integer overflow in Media.
Reported by Ameen Basha M K & Mohammed Yasar B on 2026-02-17
[TBD][485203821] Low CVE-2026-5909: Integer overflow in Media.
Reported by Mohammed Yasar B & Ameen Basha M K on 2026-02-17
[TBD][485212874] Low CVE-2026-5910: Integer overflow in Media.
Reported by Ameen Basha M K & Mohammed Yasar B on 2026-02-17
[TBD][485785246] Low CVE-2026-5911: Policy bypass in ServiceWorkers.
Reported by lebr0nli of National Yang Ming Chiao Tung University,
Dept. of CS, Security and Systems Lab on 2026-02-19
[TBD][486498791] Low CVE-2026-5912: Integer overflow in WebRTC.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[TBD][487195286] Low CVE-2026-5913: Out of bounds read in Blink.
Reported by Vitaly Simonovich on 2026-02-24
[TBD][490023239] Low CVE-2026-5914: Type Confusion in CSS.
Reported by Syn4pse on 2026-03-05
[TBD][494341335] Low CVE-2026-5915: Insufficient validation of untrusted
input in WebML. Reported by ningxin.hu@@intel.com on 2026-03-20
[TBD][490139441] Low CVE-2026-5918: Inappropriate implementation in Navigation.
Reported by Google on 2026-03-05
[TBD][483423893] Low CVE-2026-5919: Insufficient validation of untrusted
input in WebSockets. Reported by Richard Belisle on 2026-02-10
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2026-04-06 16:25:54.000000000 +0000
@


1.8
log
@

www/chromium: update to 146.0.7680.75

* 146.0.7680.75
This update includes 2 security fixes. Please see the
Chrome Security Page for more information.
[N/A][491421267] High CVE-2026-3909: Out of bounds write in Skia.
Reported by Google on 2026-03-10
[N/A][491410818] High CVE-2026-3910: Inappropriate implementation
in V8. Reported by Google on 2026-03-10

Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910
exist in the wild.

* 146.0.7680.71
This update includes 29 security fixes. Please see the
Chrome Security Page for more information.
[$33000][483445078] Critical CVE-2026-3913: Heap buffer overflow
in WebML. Reported by Tobias Wienand on 2026-02-10
[$43000][481776048] High CVE-2026-3914: Integer overflow in WebML.
Reported by cinzinga on 2026-02-04
[$43000][483971526] High CVE-2026-3915: Heap buffer overflow
in WebML. Reported by Tobias Wienand on 2026-02-12
[$36000][482828615] High CVE-2026-3916: Out of bounds read in
Web Speech. Reported by Grischa Hauser on 2026-02-09
[$11000][483569512] High CVE-2026-3917: Use after free in Agents.
Reported by Syn4pse on 2026-02-11
[$10000][483853103] High CVE-2026-3918: Use after free in WebMCP.
Reported by Syn4pse on 2026-02-12
[$2000][444176961] High CVE-2026-3919: Use after free in Extensions.
Reported by Huinian Yang (@@vmth6) of Amber Security Lab,
OPPO Mobile Telecommunications Corp. Ltd. on 2025-09-10
[TBD][482875307] High CVE-2026-3920: Out of bounds memory access
in WebML. Reported by Google on 2026-02-09
[TBD][484946544] High CVE-2026-3921: Use after free in TextEncoding.
Reported by Pranamya Keshkamat & Cantina.xyz on 2026-02-17
[TBD][485397139] High CVE-2026-3922: Use after free in MediaStream.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18
[TBD][485935314] High CVE-2026-3923: Use after free in WebMIDI.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20
[TBD][487338366] High CVE-2026-3924: Use after free in WindowDialog.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25
[$10000][418214610] Medium CVE-2026-3925: Incorrect security UI in
LookalikeChecks. Reported by NDevTK and Alesandro Ortiz on 2025-05-17
[$7000][478659010] Medium CVE-2026-3926: Out of bounds read in V8.
Reported by qymag1c on 2026-01-26
[$3000][474948986] Medium CVE-2026-3927: Incorrect security UI in
PictureInPicture. Reported by Barath Stalin K on 2026-01-11
[$2000][435980394] Medium CVE-2026-3928: Insufficient policy
enforcement in Extensions. Reported by portsniffer443 on 2025-08-03
[$2000][477180001] Medium CVE-2026-3929: Side-channel information
leakage in ResourceTiming. Reported by Povcfe of Tencent Security
Xuanwu Lab on 2026-01-20
[$1000][476898368] Medium CVE-2026-3930: Unsafe navigation in
Navigation. Reported by Povcfe of Tencent Security Xuanwu Lab
on 2026-01-19
[TBD][417599694] Medium CVE-2026-3931: Heap buffer overflow in Skia.
Reported by Huinian Yang (@@vmth6) of Amber Security Lab,
OPPO Mobile Telecommunications Corp. Ltd. on 2025-05-14
[TBD][478296121] Medium CVE-2026-3932: Insufficient policy
enforcement in PDF. Reported by Ayato Shitomi on 2026-01-23
[TBD][478783560] Medium CVE-2026-3934: Insufficient policy
enforcement in ChromeDriver. Reported by Povcfe of Tencent
Security Xuanwu Lab on 2026-01-26
[TBD][479326680] Medium CVE-2026-3935: Incorrect security UI in
WebAppInstalls. Reported by Barath Stalin K on 2026-01-28
[TBD][481920229] Medium CVE-2026-3936: Use after free in WebView.
Reported by Am4deu$ on 2026-02-05
[$3000][473118648] Low CVE-2026-3937: Incorrect security UI in Downloads.
Reported by Abhishek Kumar on 2026-01-03
[$2000][474763968] Low CVE-2026-3938: Insufficient policy enforcement
in Clipboard. Reported by vicevirus on 2026-01-10
[$1000][40058077] Low CVE-2026-3939: Insufficient policy enforcement
in PDF. Reported by NDevTK on 2021-11-30
[$1000][470574526] Low CVE-2026-3940: Insufficient policy enforcement
in DevTools. Reported by Jorian Woltjer, Mian, bug_blitzer on 2025-12-21
[$1000][474670215] Low CVE-2026-3941: Insufficient policy enforcement
in DevTools. Reported by Lyra Rebane (rebane2001) on 2026-01-10
[N/A][475238879] Low CVE-2026-3942: Incorrect security UI in
PictureInPicture. Reported by Barath Stalin K on 2026-01-12
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2026-03-11 22:12:25.000000000 +0000
@


1.7
log
@
www/chromium: update to 145.0.7632.75

* 144.0.7559.132
This update includes 2 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[N/A][478942410] High CVE-2026-1861: Heap buffer overflow in libvpx.
Reported by Google on 2026-01-26
[TBD][479726070] High CVE-2026-1862: Type Confusion in V8.
Reported by Chaoyuan Peng (@@ret2happy) on 2026-01-29

* 145.0.7632.45
This update includes 11 security fixes. Please see the
Chrome Security Page for more information.
[$8000][467297219] High CVE-2026-2313: Use after free in CSS.
Reported by Han Zheng (HexHive), Wenhao Fang (University of St. Andrews),
and Qinying Wang (HexHive) on 2025-12-09
[N/A][478560268] High CVE-2026-2314: Heap buffer overflow in Codecs.
Reported by Google on 2026-01-26
[N/A][479242793] High CVE-2026-2315: Inappropriate implementation in
WebGPU. Reported by Google on 2026-01-27
[$5000][422531206] Medium CVE-2026-2316: Insufficient policy enforcement
in Frames. Reported by Luan Herrera (@@lbherrera_) on 2025-06-05
[$2000][464173573] Medium CVE-2026-2317: Inappropriate implementation
in Animation. Reported by Brendan Draper on 2025-11-28
[$1000][363930141] Medium CVE-2026-2318: Inappropriate implementation
in PictureInPicture. Reported by Shaheen Fazim on 2024-09-02
[$1000][40071155] Medium CVE-2026-2319: Race in DevTools.
Reported by Anonymous on 2023-09-01
[TBD][435684924] Medium CVE-2026-2320: Inappropriate implementation
in File input. Reported by Alesandro Ortiz on 2025-08-02
[N/A][461877477] Medium CVE-2026-2321: Use after free in Ozone.
Reported by Google on 2025-11-18
[$1000][470928605] Low CVE-2026-2322: Inappropriate implementation in
File input. Reported by Robbe Van Roey | PinkDraconian on 2025-12-22
[$500][467442136] Low CVE-2026-2323: Inappropriate implementation in
Downloads. Reported by Hafiizh on 2025-12-10

* 144.0.7559.75
This update includes 1 security fix. Please see the Chrome Security
Page for more information.
[TBD][483569511] High CVE-2026-2441: Use after free in CSS.
Reported by Shaheen Fazim on 2026-02-11

* Pkgsrc: use external rollup and esbuild to fix build
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2026-02-03 22:07:10.000000000 +0000
@


1.6
log
@
www/chromium: update to 144.0.7559.59

* 144.0.7559.59

This update includes 10 security fixes. Below, we highlight fixes that
were contributed by external researchers. Please see the Chrome Security
Page for more information.
[$8000][458914193] High CVE-2026-0899: Out of bounds memory access in V8.
Reported by @@p1nky4745 on 2025-11-08
[TBD][465730465] High CVE-2026-0900: Inappropriate implementation in V8.
Reported by Google on 2025-12-03
[TBD][40057499] High CVE-2026-0901: Inappropriate implementation in Blink.
Reported by Irvan Kurniawan (sourc7) on 2021-10-04
[$4000][469143679] Medium CVE-2026-0902: Inappropriate implementation in V8.
Reported by 303f06e3 on 2025-12-16
[$3000][444803530] Medium CVE-2026-0903: Insufficient validation of untrusted
input in Downloads. Reported by Azur on 2025-09-13
[$1000][452209495] Medium CVE-2026-0904: Incorrect security UI in Digital
Credentials. Reported by Hafiizh on 2025-10-15
[TBD][465466773] Medium CVE-2026-0905: Insufficient policy enforcement in
Network. Reported by Google on 2025-12-02
[$2000][467448811] Low CVE-2026-0906: Incorrect security UI.
Reported by Khalil Zhani on 2025-12-10
[$500][444653104] Low CVE-2026-0907: Incorrect security UI in Split View.
Reported by Hafiizh on 2025-09-12
[TBD][452209503] Low CVE-2026-0908: Use after free in ANGLE.
Reported by Glitchers BoB 14th. on 2025-10-15

* pkgsrc: fix render glitches / flickering rectangle corruption
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2026-01-07 00:50:30.000000000 +0000
@


1.5
log
@
www/chromium: update to 143.0.7499.169

* 143.0.7499.169
This update doesn't include security fixes.

* 143.0.7499.146
This update includes 2 security fixes. Below, we highlight fixes
that were contributed by external researchers.
Please see the Chrome Security Page for more information.
[$10000][448294721] High CVE-2025-14765: Use after free in WebGPU.
Reported by Anonymous on 2025-09-30
[TBD][466786677] High CVE-2025-14766: Out of bounds read and write
in V8. Reported by Shaheen Fazim on 2025-12-08
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2025-12-17 23:05:18.000000000 +0000
@


1.4
log
@www/chromium: update to 143.0.7499.109

* 143.0.7499.109
This update includes 3 security fixes. Below, we highlight
fixes that were contributed by external researchers. Please
see the Chrome Security Page for more information.
[N/A][466192044] High CVE-2025-14174: Out of bounds memory
access in ANGLE. Reported by Apple Security Engineering and
Architecture (SEAR) and Google Threat Analysis Group on 2025-12-05
[$2000][460599518] Medium CVE-2025-14372: Use after free in
Password Manager.
Reported by Weipeng Jiang (@@Krace) of VRI on 2025-11-14
[$2000][461532432] Medium CVE-2025-14373: Inappropriate
implementation in Toolbar. Reported by Khalil Zhani on 2025-11-18

Google is aware that an exploit for CVE-2025-14174 exists in the wild.1~
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2025-11-19 21:40:05.000000000 +0000
@


1.3
log
@
www/chromium: update to 143.0.7499.40

* 143.0.7499.40
This update includes 13 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[$11000][456547591] High CVE-2025-13630: Type Confusion in V8.
Reported by Shreyas Penkar (@@streypaws) on 2025-10-31
[$3000][448113221] High CVE-2025-13631: Inappropriate implementation
in Google Updater. Reported by Jota Domingos on 2025-09-29
[TBD][439058242] High CVE-2025-13632: Inappropriate implementation
in DevTools. Reported by Leandro Teles on 2025-08-16
[N/A][458082926] High CVE-2025-13633: Use after free in Digital
Credentials. Reported by Chrome on 2025-11-05
[TBD][429140219] Medium CVE-2025-13634: Inappropriate implementation
in Downloads. Reported by Eric Lawrence of Microsoft on 2025-07-02
[N/A][457818670] Medium CVE-2025-13720: Bad cast in Loader.
Reported by Chrome on 2025-11-04
[N/A][355120682] Medium CVE-2025-13721: Race in v8.
Reported by Chrome on 2024-07-23
[$3000][405727341] Low CVE-2025-13635: Inappropriate implementation
in Downloads. Reported by Hafiizh on 2025-03-24
[$1000][446181124] Low CVE-2025-13636: Inappropriate implementation
in Split View. Reported by Khalil Zhani on 2025-09-20
[TBD][392375329] Low CVE-2025-13637: Inappropriate implementation
in Downloads. Reported by Hafiizh on 2025-01-27
[TBD][448046109] Low CVE-2025-13638: Use after free in Media Stream.
Reported by sherkito on 2025-09-29
[TBD][448408148] Low CVE-2025-13639: Inappropriate implementation
in WebRTC. Reported by Philipp Hancke on 2025-10-01
[TBD][452071826] Low CVE-2025-13640: Inappropriate implementation
in Passwords. Reported by Anonymous on 2025-10-14
@
text
@@


1.2
log
@
www/chromium: update to 142.0.7444.175

* 142.0.7444.175
This update includes 2 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[N/A][460017370] High CVE-2025-13223: Type Confusion in V8.
Reported by Google Threat Analysis Group on 2025-11-12
[N/A][450328966] High CVE-2025-13224: Type Confusion in V8.
Reported by Google Big Sleep on 2025-10-09

Google is aware that an exploit for CVE-2025-13223 exists in the wild.
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2025-11-14 20:31:45.000000000 +0000
d13 2
a14 2
-  use_autogenerated_modules = !is_apple
+  use_autogenerated_modules = !is_apple && !is_bsd
@


1.1
log
@
www/chromium: update to 142.0.7444.59

* 142.0.7444.59
This update includes 20 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[$50000][447613211] High CVE-2025-12428: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26
[$50000][450618029] High CVE-2025-12429: Inappropriate implementation
in V8. Reported by Aorui Zhang on 2025-10-10
[$10000][442860743] High CVE-2025-12430: Object lifecycle issue in
Media. Reported by round.about on 2025-09-04
[$4000][436887350] High CVE-2025-12431: Inappropriate implementation
in Extensions. Reported by Alesandro Ortiz on 2025-08-06
[N/A][439522866] High CVE-2025-12432: Race in V8.
Reported by Google Big Sleep on 2025-08-18
[N/A][449760249] High CVE-2025-12433: Inappropriate implementation
in V8. Reported by Google Big Sleep on 2025-10-07
[N/A][452296415] High CVE-2025-12036: Inappropriate implementation
in V8. Reported by Google Big Sleep on 2025-10-15
[$3000][337356054] Medium CVE-2025-12434: Race in Storage.
Reported by Lijo A.T on 2024-04-27
[$3000][446463993] Medium CVE-2025-12435: Incorrect security UI
in Omnibox. Reported by Hafiizh on 2025-09-21
[$2000][40054742] Medium CVE-2025-12436: Policy bypass in Extensions.
Reported by Luan Herrera (@@lbherrera_) on 2021-02-08
[$2000][446294487] Medium CVE-2025-12437: Use after free in PageInfo.
Reported by Umar Farooq on 2025-09-20
[$1000][433027577] Medium CVE-2025-12438: Use after free in Ozone.
Reported by Wei Yuan of MoyunSec VLab on 2025-07-20
[TBD][382234536] Medium CVE-2025-12439: Inappropriate implementation
in App-Bound Encryption. Reported by Ari Novick on 2024-12-04
[N/A][430555440] Low CVE-2025-12440: Inappropriate implementation in
Autofill. Reported by Khalil Zhani on 2025-07-09
[N/A][444049512] Medium CVE-2025-12441: Out of bounds read in V8.
Reported by Google Big Sleep on 2025-09-10
[TBD][452071845] Medium CVE-2025-12443: Out of bounds read in WebXR.
Reported by Aisle Research on 2025-10-15
[$3000][390571618] Low CVE-2025-12444: Incorrect security UI in
Fullscreen UI. Reported by syrf on 2025-01-18
[$1000][428397712] Low CVE-2025-12445: Policy bypass in Extensions.
Reported by Thomas Greiner on 2025-06-29
[$1000][444932667] Low CVE-2025-12446: Incorrect security UI in
SplitView. Reported by Hafiizh on 2025-09-14
[TBD][442636157] Low CVE-2025-12447: Incorrect security UI in Omnibox.
Reported by Khalil Zhani on 2025-09-03
@
text
@d7 1
a7 1
--- build/config/c++/modules.gni.orig	2025-10-24 16:42:30.000000000 +0000
@