[Git][security-tracker-team/security-tracker][master] new chromium issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 12 08:40:36 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a728de3 by Moritz Muehlenhoff at 2026-03-12T09:40:06+01:00
new chromium issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,63 +79,92 @@ CVE-2026-3956 (A vulnerability was detected in xierongwkhd weimai-wetapp up to 5
 CVE-2026-3955 (A security vulnerability has been detected in elecV2P up to 3.8.3. Aff ...)
 	TODO: check
 CVE-2026-3942 (Incorrect security UI in PictureInPicture in Google Chrome prior to 14 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3941 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3940 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3939 (Insufficient policy enforcement in PDF in Google Chrome prior to 146.0 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3938 (Insufficient policy enforcement in Clipboard in Google Chrome prior to ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3937 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3936 (Use after free in WebView in Google Chrome on Android prior to 146.0.7 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3935 (Incorrect security UI in WebAppInstalls in Google Chrome prior to 146. ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3934 (Insufficient policy enforcement in ChromeDriver in Google Chrome prior ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3932 (Insufficient policy enforcement in PDF in Google Chrome on Android pri ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3931 (Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 a ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3930 (Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3929 (Side-channel information leakage in ResourceTiming in Google Chrome pr ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3928 (Insufficient policy enforcement in Extensions in Google Chrome prior t ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3927 (Incorrect security UI in PictureInPicture in Google Chrome prior to 14 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3926 (Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allow ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3925 (Incorrect security UI in LookalikeChecks in Google Chrome on Android p ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3924 (use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3923 (Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allo ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3922 (Use after free in MediaStream in Google Chrome prior to 146.0.7680.71  ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3921 (Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3920 (Out of bounds memory access in WebML in Google Chrome prior to 146.0.7 ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3919 (Use after free in Extensions in Google Chrome prior to 146.0.7680.71 a ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3918 (Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allow ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3917 (Use after free in Agents in Google Chrome prior to 146.0.7680.71 allow ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3916 (Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680. ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3915 (Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71  ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3914 (Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allo ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3913 (Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71  ...)
-	TODO: check
+	- chromium 146.0.7680.71-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3657 (The My Sticky Bar plugin for WordPress is vulnerable to SQL injection  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3226 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -18,6 +18,8 @@ amd64-microcode (carnil)
 ceph
  for CVE-2024-47866, rest harmless
 --
+chromium (dilinger)
+--
 cpp-httplib
   Maintainer preparing updates, waiting for feedback on bookworm status
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a728de3c58cd729e149061ceea8b6e1a85350a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a728de3c58cd729e149061ceea8b6e1a85350a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260312/5b0f169b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list