chromium: update to 147.0.7727.137

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: chromium: update to 147.0.7727.137
From: kikadf (via pkgsrc-wip) <commit-notify%pkgsrc.org@localhost>
Date: Wed, 29 Apr 2026 11:20:42 +0000
Module Name:	pkgsrc-wip
Committed By:	kikadf <kikadf.01%gmail.com@localhost>
Pushed By:	kikadf
Date:		Wed Apr 29 13:20:27 2026 +0200
Changeset:	595f3735462c4c96e17eaef962d8e6ba4597f97a

Modified Files:
	chromium/COMMIT_MSG
	chromium/Makefile
	chromium/distinfo

Log Message:
chromium: update to 147.0.7727.137

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=595f3735462c4c96e17eaef962d8e6ba4597f97a

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 chromium/COMMIT_MSG | 129 ++++++++++++++++++++++++++++------------------------
 chromium/Makefile   |   2 +-
 chromium/distinfo   |  18 ++++----
 3 files changed, 79 insertions(+), 70 deletions(-)

diffs:
diff --git a/chromium/COMMIT_MSG b/chromium/COMMIT_MSG
index dc168cf5af..9a3e06b42a 100644
--- a/chromium/COMMIT_MSG
+++ b/chromium/COMMIT_MSG
@@ -1,68 +1,77 @@
-www/chromium: update to 147.0.7727.101
+www/chromium: update to 147.0.7727.137
 
-* 147.0.7727.101
-This update includes 31 security fixes. Please see the
+* 147.0.7727.116
+This update includes 19 security fixes. Below, we highlight fixes
+that were contributed by external researchers. Please see the
 Chrome Security Page for more information.
-[$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE.
-Reported by cinzinga on 2026-03-05
-[$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy.
-Reported by heapracer on 2026-03-17
-[TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia.
-Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24
-[N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender.
-Reported by Google on 2026-03-28
-[TBD][497724498] Critical CVE-2026-6358: Use after free in XR.
-Reported by Jihyeon Jeong (Compsec Lab, Seoul National University /
-Research Intern) on 2026-03-30
-[TBD][490251701] High CVE-2026-6359: Use after free in Video.
-Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06
-[TBD][491994185] High CVE-2026-6300: Use after free in CSS.
-Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12
-[TBD][495273999] High CVE-2026-6301: Type Confusion in Turbofan.
-Reported by qymag1c on 2026-03-23
-[TBD][495477995] High CVE-2026-6302: Use after free in Video.
-Reported by Syn4pse on 2026-03-24
-[N/A][496282147] High CVE-2026-6303: Use after free in Codecs.
+[TBD][493652473] High CVE-2026-6919: Use after free in DevTools.
+Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18
+[TBD][499891888] High CVE-2026-6920: Out of bounds read in GPU.
+Reported by tatiwari of Microsoft on 2026-04-06
+[TBD][493315759] Medium CVE-2026-6921: Race in GPU.
+Reported by soiax on 2026-03-17
+
+* 147.0.7727.137
+This update includes 30 security fixes. Below, we highlight fixes
+that were contributed by external researchers. Please see the
+Chrome Security Page for more information.
+[$7000][494352590] Critical CVE-2026-7363: Use after free in Canvas.
+Reported by heapracer on 2026-03-19
+[N/A][493221953] Critical CVE-2026-7361: Use after free in iOS.
+Reported by Google on 2026-03-16
+[N/A][503419515] Critical CVE-2026-7344: Use after free in Accessibility.
+Reported by Google on 2026-04-16
+[N/A][503645680] Critical CVE-2026-7343: Use after free in Views.
+Reported by Google on 2026-04-17
+[$16000][493955227] High CVE-2026-7333: Use after free in GPU.
+Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19
+[N/A][495852034] High CVE-2026-7360: Insufficient validation of untrusted
+input in Compositing. Reported by Google on 2026-03-24
+[N/A][496284494] High CVE-2026-7359: Use after free in ANGLE.
 Reported by Google on 2026-03-25
-[N/A][496393742] High CVE-2026-6304: Use after free in Graphite.
-Reported by Google on 2026-03-26
-[TBD][496618639] High CVE-2026-6305: Heap buffer overflow in PDFium.
-Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-26
-[TBD][496907110] High CVE-2026-6306: Heap buffer overflow in PDFium.
-Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27
-[TBD][497404188] High CVE-2026-6307: Type Confusion in Turbofan.
-Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-03-29
-[N/A][497412658] High CVE-2026-6308: Out of bounds read in Media.
-Reported by Google on 2026-03-29
-[N/A][497846428] High CVE-2026-6309: Use after free in Viz.
+[N/A][496285281] High CVE-2026-7358: Use after free in Animation.
+Reported by Google on 2026-03-25
+[TBD][496456528] High CVE-2026-7334: Use after free in Views.
+Reported by Batuhan Eşref KOÇ on 2026-03-26
+[N/A][497047552] High CVE-2026-7357: Use after free in GPU.
+Reported by Google on 2026-03-27
+[N/A][497769116] High CVE-2026-7356: Use after free in Navigation.
 Reported by Google on 2026-03-30
-[TBD][497880137] High CVE-2026-6360: Use after free in FileSystem.
-Reported by asjidkalam on 2026-03-31
-[N/A][497969820] High CVE-2026-6310: Use after free in Dawn.
-Reported by Google on 2026-03-31
-[N/A][498201025] High CVE-2026-6311: Uninitialized Use in Accessibility.
-Reported by Google on 2026-03-31
-[N/A][498269651] High CVE-2026-6312: Insufficient policy enforcement in Passwords.
-Reported by Google on 2026-03-31
-[N/A][498765210] High CVE-2026-6313: Insufficient policy enforcement in CORS.
+[N/A][498746519] High CVE-2026-7354: Out of bounds read and write in Angle.
+Reported by Google on 2026-04-01
+[N/A][498809718] High CVE-2026-7353: Heap buffer overflow in Skia.
+Reported by Google on 2026-04-01
+[N/A][499023054] High CVE-2026-7352: Use after free in Media.
 Reported by Google on 2026-04-02
-[N/A][498782145] High CVE-2026-6314: Out of bounds write in GPU.
+[N/A][499119490] High CVE-2026-7351: Race in MHTML.
 Reported by Google on 2026-04-02
-[N/A][499247910] High CVE-2026-6315: Use after free in Permissions.
-Reported by Google on 2026-04-03
-[N/A][499384399] High CVE-2026-6316: Use after free in Forms.
-Reported by Google on 2026-04-03
-[N/A][500036290] High CVE-2026-6361: Heap buffer overflow in PDFium.
+[N/A][500018484] High CVE-2026-7350: Use after free in WebMIDI.
 Reported by Google on 2026-04-06
-[TBD][500066234] High CVE-2026-6362: Use after free in Codecs.
-Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07
-[N/A][500091052] High CVE-2026-6317: Use after free in Cast.
+[N/A][500034684] High CVE-2026-7349: Use after free in Cast.
 Reported by Google on 2026-04-06
-[N/A][495751197] Medium CVE-2026-6363: Type Confusion in V8.
-Reported by Google on 2026-03-24
-[TBD][495996858] Medium CVE-2026-6318: Use after free in Codecs.
-Reported by Syn4pse on 2026-03-25
-[TBD][499018889] Medium CVE-2026-6319: Use after free in Payments.
-Reported by pwn2addr on 2026-04-02
-[N/A][502103414] Medium CVE-2026-6364: Out of bounds read in Skia.
-Reported by Google Threat Intelligence on 2026-04-13
+[N/A][500104917] High CVE-2026-7348: Use after free in Codecs.
+Reported by Google on 2026-04-06
+[TBD][500387779] High CVE-2026-7335: Use after free in media.
+Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-04-07
+[TBD][500767595] High CVE-2026-7336: Use after free in WebRTC.
+Reported by Mozilla on 2026-04-09
+[TBD][500880819] High CVE-2026-7337: Type Confusion in V8.
+Reported by q%calif.io@localhost on 2026-04-09
+[N/A][501722605] High CVE-2026-7347: Use after free in Chromoting.
+Reported by Google on 2026-04-11
+[N/A][502206907] High CVE-2026-7346: Inappropriate implementation in Tint.
+Reported by Google on 2026-04-13
+[N/A][502248774] High CVE-2026-7345: Insufficient validation of untrusted
+input in Feedback. Reported by Google on 2026-04-13
+[TBD][502449857] High CVE-2026-7338: Use after free in Cast.
+Reported by Krace on 2026-04-14
+[N/A][503889643] High CVE-2026-7342: Use after free in WebView.
+Reported by Google on 2026-04-17
+[N/A][504586599] High CVE-2026-7341: Use after free in WebRTC.
+Reported by Google on 2026-04-20
+[$4000][493957495] Medium CVE-2026-7339: Heap buffer overflow in WebRTC.
+Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19
+[$3000][497896137] Medium CVE-2026-7340: Integer overflow in ANGLE.
+Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-30
+[N/A][498285711] Medium CVE-2026-7355: Use after free in Media.
+Reported by Google on 2026-03-31
diff --git a/chromium/Makefile b/chromium/Makefile
index 9ec8af540a..d6e379194a 100644
--- a/chromium/Makefile
+++ b/chromium/Makefile
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.52 2026/04/10 17:31:46 kikadf Exp $
 
 DISTNAME=			chromium-${VERSION}
-VERSION=			147.0.7727.101
+VERSION=			147.0.7727.137
 CATEGORIES=			www
 MASTER_SITES=			https://commondatastorage.googleapis.com/chromium-browser-official/
 EXTRACT_SUFX_C=			.tar.xz
diff --git a/chromium/distinfo b/chromium/distinfo
index 3ee6653ff3..5be9002da2 100644
--- a/chromium/distinfo
+++ b/chromium/distinfo
@@ -51,15 +51,15 @@ Size (cc-1.1.21.crate) = 83463 bytes
 BLAKE2s (cfg-if-1.0.0.crate) = fbb02f63b24cc224b045ff2aac3aefd0a77cf7b578df4d5f9da9517a59aaf9bb
 SHA512 (cfg-if-1.0.0.crate) = 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
 Size (cfg-if-1.0.0.crate) = 7934 bytes
-BLAKE2s (chromium-147.0.7727.101-lite.tar.xz) = dc365b6571e5be91af7b6f070b0782b2f404cf5f870d8dfdb5296c033cbc0389
-SHA512 (chromium-147.0.7727.101-lite.tar.xz) = 8a79e6d71777e474316d328699af087281a0ab45726dbdbfd8cf36545fb71547f167220469e24b91ee154ac6a2501175180c3ab7230ce78d3f8ebc3af7b6da69
-Size (chromium-147.0.7727.101-lite.tar.xz) = 1474134964 bytes
-BLAKE2s (chromium-147.0.7727.101-profdata.tar.xz) = 69697835c46ed712c1d45f5a28ad59d2a95976d3c7b1e58df8c37d3e595654c5
-SHA512 (chromium-147.0.7727.101-profdata.tar.xz) = 8f9dc240361c5b55fa8928fd31992370b1e6ce89f0d29f025c0223f82c39076a91f838c0d1040a181b27feb0138d8c6c19937a7e8f26d7ccc267efb57497e40d
-Size (chromium-147.0.7727.101-profdata.tar.xz) = 15232580 bytes
-BLAKE2s (chromium-147.0.7727.101-testdata.tar.xz) = cc25d1ba66cc46c70ea44447c2521948717a036675e3877d0ff7beb8c98521de
-SHA512 (chromium-147.0.7727.101-testdata.tar.xz) = 9fd07dce1f1b9f15572bb069c610f7c55abe31d2103f8c065bc0b3c096fc2be5e86f56adc92638fcb2ac92885c4e9e2bb469576bae30640482bd04ab5fea4dbc
-Size (chromium-147.0.7727.101-testdata.tar.xz) = 1318304744 bytes
+BLAKE2s (chromium-147.0.7727.137-lite.tar.xz) = 3dc02118ef48ccd2625fa7e5d0f29b7b61633c031ed7bc557db8b0941ba85fee
+SHA512 (chromium-147.0.7727.137-lite.tar.xz) = b22daf1fe8fcf6039b5eb03ae954f46a08b6af14ec95f1cbee80655d3216335f285d12d2530cd179c3af975b3ed7b390b167d59bb2bccb054a8eb52429d85af1
+Size (chromium-147.0.7727.137-lite.tar.xz) = 1474095908 bytes
+BLAKE2s (chromium-147.0.7727.137-profdata.tar.xz) = 4809609998eb9768abbc60fdb79b1e5c78dd98d288cbce40a01342f5c8734c1e
+SHA512 (chromium-147.0.7727.137-profdata.tar.xz) = be3d2691221c6f4988ac331884702377610f7935a67f8af88b57483998d531b1301df6a0dac3c6085ab7e947713814bc3f339c754727df72066fee903cf6298a
+Size (chromium-147.0.7727.137-profdata.tar.xz) = 15245988 bytes
+BLAKE2s (chromium-147.0.7727.137-testdata.tar.xz) = 345579b04a1db025b1d95e9215703d8dabfae793b336a9f1f8a02c50a3c5ea65
+SHA512 (chromium-147.0.7727.137-testdata.tar.xz) = 736707b6814417617d8484dc0e7f47ef3b970886540ce25e8fb7a990cdfee015655e005a6f6f712886455f3b6e6da5d5a1d04f20fbf99219ec03323b24cbbea1
+Size (chromium-147.0.7727.137-testdata.tar.xz) = 1318264688 bytes
 BLAKE2s (convert_case-0.6.0.crate) = c65fc0970543af9611c565957751df80f31efa3aa7c4d8e5eac41712864a67d5
 SHA512 (convert_case-0.6.0.crate) = 3b17449195a9a36e3965db89eeb967979c192ad7743217ea08e8c8b91ecae1ac1674362d05dc6f32f1f361fface3f783398285bb78060403f65a777a9d29adf2
 Size (convert_case-0.6.0.crate) = 18675 bytes
Prev by Date: unison-snaphot: Update to 2.54.0rc1
Next by Date: bob: add patch to fix build on earmv6hf and earmv7hf
Previous by Thread: unison-snaphot: Update to 2.54.0rc1
Next by Thread: bob: add patch to fix build on earmv6hf and earmv7hf
Indexes:
Home | Main Index | Thread Index | Old Index