chromium: update to 149.0.7827.200

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: chromium: update to 149.0.7827.200
From: kikadf (via pkgsrc-wip) <commit-notify%pkgsrc.org@localhost>
Date: Tue, 30 Jun 2026 11:16:52 +0000
Module Name:	pkgsrc-wip
Committed By:	kikadf <kikadf.01%gmail.com@localhost>
Pushed By:	kikadf
Date:		Tue Jun 30 13:15:59 2026 +0200
Changeset:	e6d520d95b78721cdc92fa346ffb9aef3feef18e

Modified Files:
	chromium/COMMIT_MSG
	chromium/Makefile
	chromium/distinfo
	chromium/options.mk

Log Message:
chromium: update to 149.0.7827.200

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=e6d520d95b78721cdc92fa346ffb9aef3feef18e

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 chromium/COMMIT_MSG | 65 ++++++++++++++++++++++++-----------------------------
 chromium/Makefile   |  3 ++-
 chromium/distinfo   | 12 +++++-----
 chromium/options.mk |  1 -
 4 files changed, 37 insertions(+), 44 deletions(-)

diffs:
diff --git a/chromium/COMMIT_MSG b/chromium/COMMIT_MSG
index ac920b3a28..4071cb1cda 100644
--- a/chromium/COMMIT_MSG
+++ b/chromium/COMMIT_MSG
@@ -1,41 +1,34 @@
-www/chromium: update to 149.0.7827.155
+www/chromium: update to 149.0.7827.200
 
-* 149.0.7827.155
-This update includes 33 security fixes. Below, we highlight fixes
+* 149.0.7827.200
+This update includes 3 security fixes. Please see the Chrome Security Pagefor more information.
+
+[N/A][513138301] High CVE-2026-13281: Integer overflow in Mojo. Reported by Google on 2026-05-14
+[N/A][517522620] High CVE-2026-13282: Use after free in Payments. Reported by Google on 2026-05-28
+[N/A][522561151] High CVE-2026-13283: Use after free in AdFilter. Reported by Google on 2026-06-11
+
+* 149.0.7827.196
+
+This update includes 18 security fixes. Below, we highlight fixes
 that were contributed by external researchers.
 Please see the Chrome Security Page for more information.
 
-[N/A][516496659] Critical CVE-2026-12437: Use after free in WebShare. Reported by Google on 2026-05-25
-[N/A][516947912] Critical CVE-2026-12438: Inappropriate implementation in WebView. Reported by Google on 2026-05-27
-[N/A][519728275] Critical CVE-2026-12439: Use after free in Digital Credentials. Reported by Google on 2026-06-03
-[N/A][519731619] Critical CVE-2026-12440: Use after free in DigitalCredentials. Reported by Google on 2026-06-03
-[N/A][520157118] Critical CVE-2026-12441: Use after free in File Input. Reported by Google on 2026-06-05
-[N/A][521950423] Critical CVE-2026-12442: Use after free in Passwords. Reported by Google on 2026-06-09
-[N/A][522566295] Critical CVE-2026-12443: Use after free in Web Authentication. Reported by Google on 2026-06-11
-[N/A][513160088] High CVE-2026-12444: Out of bounds read in Chromoting. Reported by Google on 2026-05-14
-[N/A][513199795] High CVE-2026-12445: Use after free in Extensions. Reported by Google on 2026-05-14
-[N/A][513313107] High CVE-2026-12446: Insufficient data validation in Passwords. Reported by Google on 2026-05-14
-[N/A][513405023] High CVE-2026-12447: Heap buffer overflow in WebRTC. Reported by Google on 2026-05-15
-[N/A][513458233] High CVE-2026-12448: Inappropriate implementation in WebView. Reported by Google on 2026-05-15
-[N/A][513480539] High CVE-2026-12449: Use after free in Chromoting. Reported by Google on 2026-05-15
-[N/A][514531776] High CVE-2026-12450: Inappropriate implementation in Media. Reported by Zhixin Tu on 2026-05-19
-[N/A][514741076] High CVE-2026-12451: Use after free in DigitalCredentials. Reported by Google on 2026-05-19
-[N/A][515462244] High CVE-2026-12452: Use after free in Downloads. Reported by Google on 2026-05-21
-[N/A][516448843] High CVE-2026-12453: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-25
-[N/A][516926968] High CVE-2026-12454: Race in Safe Browsing. Reported by Google on 2026-05-27
-[N/A][517069848] High CVE-2026-12455: Use after free in Tab Strip. Reported by Google on 2026-05-27
-[N/A][517124587] High CVE-2026-12456: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-27
-[N/A][517153117] High CVE-2026-12457: Insufficient data validation in Extensions. Reported by Google on 2026-05-27
-[N/A][517258337] High CVE-2026-12458: Incorrect security UI in Passwords. Reported by Google on 2026-05-27
-[N/A][517406035] High CVE-2026-12459: Inappropriate implementation in Serial. Reported by Google on 2026-05-28
-[N/A][517484284] High CVE-2026-12460: Insufficient policy enforcement in File System Access. Reported by Google on 2026-05-28
-[N/A][517727318] High CVE-2026-12461: Out of bounds read in WebRTC. Reported by Google on 2026-05-29
-[N/A][517916024] High CVE-2026-12462: Use after free in Media. Reported by Google on 2026-05-29
-[N/A][518042749] High CVE-2026-12463: Inappropriate implementation in Views. Reported by Google on 2026-05-30
-[N/A][519358344] High CVE-2026-12464: Use after free in Browser. Reported by Google on 2026-06-03
-[N/A][520189702] High CVE-2026-12465: Insufficient validation of untrusted input in Metrics. Reported by Google on 2026-06-05
-[N/A][520199394] High CVE-2026-12466: Heap buffer overflow in WebRTC. Reported by Google on 2026-06-05
-[N/A][520202726] High CVE-2026-12467: Use after free in Extensions. Reported by Google on 2026-06-05
-[N/A][521485244] High CVE-2026-12468: Inappropriate implementation in Updater. Reported by Google on 2026-06-08
-[N/A][521618871] High CVE-2026-12469: Uninitialized Use in GPU. Reported by Google on 2026-06-09
+[TBD][520656244] Critical CVE-2026-13028: Use after free in WebGL. Reported by anonymous on 2026-06-07
+[N/A][523591974] Critical CVE-2026-13032: Use after free in WebGL. Reported by Google on 2026-06-13
+[N/A][523677844] Critical CVE-2026-13033: Out of bounds read in Blink>InterestGroups. Reported by Google on 2026-06-13
+[N/A][523740781] Critical CVE-2026-13038: Use after free in Autofill. Reported by Google on 2026-06-14
+[N/A][511776603] High CVE-2026-13021: Inappropriate implementation in DeviceBoundSessionCredentials. Reported by Google on 2026-05-10
+[N/A][516734537] High CVE-2026-13022: Inappropriate implementation in Autofill. Reported by Google on 2026-05-26
+[N/A][517080836] High CVE-2026-13023: Uninitialized Use in GPU. Reported by Google on 2026-05-27
+[N/A][517148260] High CVE-2026-13024: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-05-27
+[N/A][518043569] High CVE-2026-13025: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-30
+[N/A][519728279] High CVE-2026-13026: Use after free in Digital Credentials. Reported by Google on 2026-06-03
+[N/A][520543781] High CVE-2026-13027: Use after free in FileSystem. Reported by Google on 2026-06-05
+[N/A][521495992] High CVE-2026-13029: Use after free in Web Authentication. Reported by Google on 2026-06-08
+[N/A][522840723] High CVE-2026-13030: Uninitialized Use in GPU. Reported by Google on 2026-06-11
+[N/A][523308824] High CVE-2026-13031: Use after free in Blink. Reported by Google on 2026-06-12
+[N/A][523699355] High CVE-2026-13034: Inappropriate implementation in Passwords. Reported by Google on 2026-06-13
+[N/A][523704570] High CVE-2026-13035: Use after free in Bluetooth. Reported by Google on 2026-06-13
+[N/A][523711130] High CVE-2026-13036: Use after free in Blink. Reported by Google on 2026-06-13
+[N/A][523721871] High CVE-2026-13037: Use after free in WebView. Reported by Google on 2026-06-14
 
diff --git a/chromium/Makefile b/chromium/Makefile
index d0994d2603..bd3abbf8bc 100644
--- a/chromium/Makefile
+++ b/chromium/Makefile
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.52 2026/04/10 17:31:46 kikadf Exp $
 
 DISTNAME=			chromium-${VERSION}
-VERSION=			149.0.7827.155
+VERSION=			149.0.7827.200
 CATEGORIES=			www
 MASTER_SITES=			https://commondatastorage.googleapis.com/chromium-browser-official/
 EXTRACT_SUFX_C=			.tar.xz
@@ -389,6 +389,7 @@ do-install:
 .include "../../audio/speech-dispatcher/buildlink3.mk"
 .include "../../audio/speex/buildlink3.mk"
 .include "../../devel/dconf/buildlink3.mk"
+.include "../../devel/input-headers/buildlink3.mk"
 .include "../../devel/libepoll-shim/buildlink3.mk"
 .include "../../devel/libudev-bsd/buildlink3.mk"
 .include "../../devel/libusb1/buildlink3.mk"
diff --git a/chromium/distinfo b/chromium/distinfo
index 1abac590f5..d6539c5130 100644
--- a/chromium/distinfo
+++ b/chromium/distinfo
@@ -51,12 +51,12 @@ Size (cc-1.1.21.crate) = 83463 bytes
 BLAKE2s (cfg-if-1.0.0.crate) = fbb02f63b24cc224b045ff2aac3aefd0a77cf7b578df4d5f9da9517a59aaf9bb
 SHA512 (cfg-if-1.0.0.crate) = 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
 Size (cfg-if-1.0.0.crate) = 7934 bytes
-BLAKE2s (chromium-149.0.7827.155-lite.tar.xz) = b363a7656e35c057de8dd27d9069058802122614283bab56e15d7cf957a69716
-SHA512 (chromium-149.0.7827.155-lite.tar.xz) = 54acfe3adf3d3149c049660149cfa700dc0e3aeff59e37546ab8c1974b13eb6a1837edaf9c6cfab22f04de085865dff12bef2313e3ae6fa1f60e22bde9630c22
-Size (chromium-149.0.7827.155-lite.tar.xz) = 1610093724 bytes
-BLAKE2s (chromium-149.0.7827.155-testdata.tar.xz) = b88b76062349b25835b7279b07435b478d75bf7102a272e88a6aaeeee79b61e6
-SHA512 (chromium-149.0.7827.155-testdata.tar.xz) = 9f5586e1ed4ae8b1e7c447f21aad04e7b32cb947d3ac8d74ee5bec526aaaeb2884ddf7b119b3bf1889f150655e30f9789f02572a27aa70b56b41cf8aa1f5b84a
-Size (chromium-149.0.7827.155-testdata.tar.xz) = 1314813100 bytes
+BLAKE2s (chromium-149.0.7827.200-lite.tar.xz) = 42c86cf0d1f241c9ea249b75b8dc08ae3eae5b2ca15a1649ed5d8e931a478b57
+SHA512 (chromium-149.0.7827.200-lite.tar.xz) = ad3847243c15f3d4c5ba6e762ef8ed1544b450276e2d252f78cf9c55cd940f714e3d2985c27dd38d590d1550ef6833e5c01331c2a64791be9ba7dc18bbca86c9
+Size (chromium-149.0.7827.200-lite.tar.xz) = 1609734124 bytes
+BLAKE2s (chromium-149.0.7827.200-testdata.tar.xz) = 1ae2dad9a64d8e47c45cb78d91ef1178d2ef27cfa3bffd0bd5c1dec32665cbc6
+SHA512 (chromium-149.0.7827.200-testdata.tar.xz) = 5d7c463d8ddd52377ae369bc48169b0746aebf6eb4204ab1d1e94cc308b27535fe65db6ac5163a74da20fa927d7bb4a4e46b2d9d49bfeb8d1e37a01390ed52ab
+Size (chromium-149.0.7827.200-testdata.tar.xz) = 1314825672 bytes
 BLAKE2s (convert_case-0.6.0.crate) = c65fc0970543af9611c565957751df80f31efa3aa7c4d8e5eac41712864a67d5
 SHA512 (convert_case-0.6.0.crate) = 3b17449195a9a36e3965db89eeb967979c192ad7743217ea08e8c8b91ecae1ac1674362d05dc6f32f1f361fface3f783398285bb78060403f65a777a9d29adf2
 Size (convert_case-0.6.0.crate) = 18675 bytes
diff --git a/chromium/options.mk b/chromium/options.mk
index ec3c0c8f8f..2b186b0aea 100644
--- a/chromium/options.mk
+++ b/chromium/options.mk
@@ -46,7 +46,6 @@ GN_ARGS+=	use_pulseaudio=false
 
 .if !empty(PKG_OPTIONS:Mwayland)
 GN_ARGS+=	use_system_libffi=true
-.include "../../devel/input-headers/buildlink3.mk"
 .include "../../devel/libffi/buildlink3.mk"
 .include "../../devel/wayland/buildlink3.mk"
 .else
Prev by Date: trivy: updated to 0.72.0
Next by Date: TODO: + tor-browser-15.0.17.
Previous by Thread: trivy: updated to 0.72.0
Next by Thread: TODO: + tor-browser-15.0.17.
Indexes:
Home | Main Index | Thread Index | Old Index