ELBA-2026-61288

ELBA-2026-61288 - chromium Bug Fix update

Type:	BUG
Impact:	NA
Release Date:	2026-01-20

Description

[144.0.7559.59-1]
- Update to 144.0.7559.59
* CVE-2026-0899: Out of bounds memory access in V8
* CVE-2026-0900: Inappropriate implementation in V8
* CVE-2026-0901: Inappropriate implementation in Blink
* CVE-2026-0902: Inappropriate implementation in V8
* CVE-2026-0903: Insufficient validation of untrusted input in Downloads
* CVE-2026-0904: Incorrect security UI in Digital Credentials
* CVE-2026-0905: Insufficient policy enforcement in Network
* CVE-2026-0906: Incorrect security UI
* CVE-2026-0907: Incorrect security UI in Split View
* CVE-2026-0908: Use after free in ANGLE

[143.0.7499.192-1]
- Update to 143.0.7499.192
* High CVE-2026-0628: Insufficient policy enforcement in WebView tag
- Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64
- Enable build for epel10.1

[143.0.7499.169-1]
- Update to 143.0.7499.169

[143.0.7499.146-1]
- Update to 143.0.7499.146
* High CVE-2025-14765: Use after free in WebGPU
* High CVE-2025-14766: Out of bounds read and write in V8
- Force dark mode when auto dark mode web content is on
- Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as it's merged

[143.0.7499.109-2]
- Enable gtk4 by default

[143.0.7499.109-1]
- Update to 143.0.7499.109
* High: Under coordination
* Medium CVE-2025-14372: Use after free in Password Manager
* Medium CVE-2025-14373: Inappropriate implementation in Toolbar
- Workaround problem of auto dark mode inverting images and making them unreadable

[143.0.7499.40-2]
- Backport Wayland Omnibox bug fix from upstream

[143.0.7499.40-1]
- Update to 143.0.7499.40
* High CVE-2025-13630: Type Confusion in V8
* High CVE-2025-13631: Inappropriate implementation in Google Updater
* High CVE-2025-13632: Inappropriate implementation in DevTools
* High CVE-2025-13633: Use after free in Digital Credentials
* Medium CVE-2025-13634: Inappropriate implementation in Downloads
* Medium CVE-2025-13720: Bad cast in Loader
* Medium CVE-2025-13721: Race in v8
* Low CVE-2025-13635: Inappropriate implementation in Downloads
* Low CVE-2025-13636: Inappropriate implementation in Split View
* Low CVE-2025-13637: Inappropriate implementation in Downloads
* Low CVE-2025-13638: Use after free in Media Stream
* Low CVE-2025-13639: Inappropriate implementation in WebRTC
* Low CVE-2025-13640: Inappropriate implementation in Passwords

[142.0.7444.175-5]
- Backport one more Wayland DnD bug fix from upstream

[142.0.7444.175-4]
- Enable system libcxx
- Fix link error when building with system libcxx
- Apply memory-allocator-dcheck-assert-fix for aarch64

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 10 (x86_64)	chromium-144.0.7559.59-1.el10_1.src.rpm	ce8c33864be0d12ba83f8756fdca6d63e16b11e14cbb47b80449b73a8614cbee	-	ol10_x86_64_u1_developer_EPEL
	chromedriver-144.0.7559.59-1.el10_1.x86_64.rpm	1e2f9691243fece83c2926865d3834b63e5f657459e487fba54b808eee1189d8	-	ol10_x86_64_u1_developer_EPEL
	chromium-144.0.7559.59-1.el10_1.x86_64.rpm	dc0d6437dfd7717ab026ebe092a5ed2afdaa4bd9970a07e3d78bd4a5654ca1af	-	ol10_x86_64_u1_developer_EPEL
	chromium-common-144.0.7559.59-1.el10_1.x86_64.rpm	bc0d512c866873ecd360f0714f8350fa4f88a6e7bb4a4469073456b7f27b1230	-	ol10_x86_64_u1_developer_EPEL
	chromium-headless-144.0.7559.59-1.el10_1.x86_64.rpm	37a4f529337e2d589e4e89918ceb003da864e182ff91481b1642633543ba082f	-	ol10_x86_64_u1_developer_EPEL
	chromium-qt5-ui-144.0.7559.59-1.el10_1.x86_64.rpm	e501184054b3f54ba23d73733eacc4671eaa9c15159fca3e322bca2a1280873c	-	ol10_x86_64_u1_developer_EPEL
	chromium-qt6-ui-144.0.7559.59-1.el10_1.x86_64.rpm	ed0e5e3dcaef3c766baac406d8c949972f9d7de0b4d0171ff5b99a8a4a6b2c40	-	ol10_x86_64_u1_developer_EPEL

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team