CVS commit: pkgsrc/www/chromium

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/chromium
From: "Robert Bagdan" <kikadf%netbsd.org@localhost>
Date: Fri, 1 May 2026 16:37:25 +0000

Module Name:    pkgsrc
Committed By:   kikadf
Date:           Fri May  1 16:37:25 UTC 2026

Modified Files:
        pkgsrc/www/chromium: Makefile distinfo

Log Message:
www/chromium: update to 147.0.7727.137

* 147.0.7727.116
This update includes 19 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[TBD][493652473] High CVE-2026-6919: Use after free in DevTools.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18
[TBD][499891888] High CVE-2026-6920: Out of bounds read in GPU.
Reported by tatiwari of Microsoft on 2026-04-06
[TBD][493315759] Medium CVE-2026-6921: Race in GPU.
Reported by soiax on 2026-03-17

* 147.0.7727.137
This update includes 30 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[$7000][494352590] Critical CVE-2026-7363: Use after free in Canvas.
Reported by heapracer on 2026-03-19
[N/A][493221953] Critical CVE-2026-7361: Use after free in iOS.
Reported by Google on 2026-03-16
[N/A][503419515] Critical CVE-2026-7344: Use after free in Accessibility.
Reported by Google on 2026-04-16
[N/A][503645680] Critical CVE-2026-7343: Use after free in Views.
Reported by Google on 2026-04-17
[$16000][493955227] High CVE-2026-7333: Use after free in GPU.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19
[N/A][495852034] High CVE-2026-7360: Insufficient validation of untrusted
input in Compositing. Reported by Google on 2026-03-24
[N/A][496284494] High CVE-2026-7359: Use after free in ANGLE.
Reported by Google on 2026-03-25
[N/A][496285281] High CVE-2026-7358: Use after free in Animation.
Reported by Google on 2026-03-25
[TBD][496456528] High CVE-2026-7334: Use after free in Views.
Reported by Batuhan Eşref KOÇ on 2026-03-26
[N/A][497047552] High CVE-2026-7357: Use after free in GPU.
Reported by Google on 2026-03-27
[N/A][497769116] High CVE-2026-7356: Use after free in Navigation.
Reported by Google on 2026-03-30
[N/A][498746519] High CVE-2026-7354: Out of bounds read and write in Angle.
Reported by Google on 2026-04-01
[N/A][498809718] High CVE-2026-7353: Heap buffer overflow in Skia.
Reported by Google on 2026-04-01
[N/A][499023054] High CVE-2026-7352: Use after free in Media.
Reported by Google on 2026-04-02
[N/A][499119490] High CVE-2026-7351: Race in MHTML.
Reported by Google on 2026-04-02
[N/A][500018484] High CVE-2026-7350: Use after free in WebMIDI.
Reported by Google on 2026-04-06
[N/A][500034684] High CVE-2026-7349: Use after free in Cast.
Reported by Google on 2026-04-06
[N/A][500104917] High CVE-2026-7348: Use after free in Codecs.
Reported by Google on 2026-04-06
[TBD][500387779] High CVE-2026-7335: Use after free in media.
Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-04-07
[TBD][500767595] High CVE-2026-7336: Use after free in WebRTC.
Reported by Mozilla on 2026-04-09
[TBD][500880819] High CVE-2026-7337: Type Confusion in V8.
Reported by q%calif.io@localhost on 2026-04-09
[N/A][501722605] High CVE-2026-7347: Use after free in Chromoting.
Reported by Google on 2026-04-11
[N/A][502206907] High CVE-2026-7346: Inappropriate implementation in Tint.
Reported by Google on 2026-04-13
[N/A][502248774] High CVE-2026-7345: Insufficient validation of untrusted
input in Feedback. Reported by Google on 2026-04-13
[TBD][502449857] High CVE-2026-7338: Use after free in Cast.
Reported by Krace on 2026-04-14
[N/A][503889643] High CVE-2026-7342: Use after free in WebView.
Reported by Google on 2026-04-17
[N/A][504586599] High CVE-2026-7341: Use after free in WebRTC.
Reported by Google on 2026-04-20
[$4000][493957495] Medium CVE-2026-7339: Heap buffer overflow in WebRTC.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19
[$3000][497896137] Medium CVE-2026-7340: Integer overflow in ANGLE.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-30
[N/A][498285711] Medium CVE-2026-7355: Use after free in Media.
Reported by Google on 2026-03-31


To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/chromium/Makefile
cvs rdiff -u -r1.39 -r1.40 pkgsrc/www/chromium/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/chromium/Makefile
diff -u pkgsrc/www/chromium/Makefile:1.53 pkgsrc/www/chromium/Makefile:1.54
--- pkgsrc/www/chromium/Makefile:1.53   Tue Apr 21 15:21:07 2026
+++ pkgsrc/www/chromium/Makefile        Fri May  1 16:37:25 2026
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.53 2026/04/21 15:21:07 kikadf Exp $
+# $NetBSD: Makefile,v 1.54 2026/05/01 16:37:25 kikadf Exp $
 
 DISTNAME=                      chromium-${VERSION}
-VERSION=                       147.0.7727.101
+VERSION=                       147.0.7727.137
 CATEGORIES=                    www
 MASTER_SITES=                  https://commondatastorage.googleapis.com/chromium-browser-official/
 EXTRACT_SUFX_C=                        .tar.xz

Index: pkgsrc/www/chromium/distinfo
diff -u pkgsrc/www/chromium/distinfo:1.39 pkgsrc/www/chromium/distinfo:1.40
--- pkgsrc/www/chromium/distinfo:1.39   Tue Apr 21 15:21:07 2026
+++ pkgsrc/www/chromium/distinfo        Fri May  1 16:37:25 2026
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2026/04/21 15:21:07 kikadf Exp $
+$NetBSD: distinfo,v 1.40 2026/05/01 16:37:25 kikadf Exp $
 
 BLAKE2s (Inflector-0.11.4.crate) = 2f8b4a805230be3b58267c7fb6b9c26c2ec966378d195673d1128a851cca515d
 SHA512 (Inflector-0.11.4.crate) = f1f6463e033b6d3c16c51dc1e1a3f5569954308b95b59058294b7f9310919bbda797e99e6a07529071bb83f0688867a243997d33795a7136b0af73977004296e
@@ -51,15 +51,15 @@ Size (cc-1.1.21.crate) = 83463 bytes
 BLAKE2s (cfg-if-1.0.0.crate) = fbb02f63b24cc224b045ff2aac3aefd0a77cf7b578df4d5f9da9517a59aaf9bb
 SHA512 (cfg-if-1.0.0.crate) = 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
 Size (cfg-if-1.0.0.crate) = 7934 bytes
-BLAKE2s (chromium-147.0.7727.101-lite.tar.xz) = dc365b6571e5be91af7b6f070b0782b2f404cf5f870d8dfdb5296c033cbc0389
-SHA512 (chromium-147.0.7727.101-lite.tar.xz) = 8a79e6d71777e474316d328699af087281a0ab45726dbdbfd8cf36545fb71547f167220469e24b91ee154ac6a2501175180c3ab7230ce78d3f8ebc3af7b6da69
-Size (chromium-147.0.7727.101-lite.tar.xz) = 1474134964 bytes
-BLAKE2s (chromium-147.0.7727.101-profdata.tar.xz) = 69697835c46ed712c1d45f5a28ad59d2a95976d3c7b1e58df8c37d3e595654c5
-SHA512 (chromium-147.0.7727.101-profdata.tar.xz) = 8f9dc240361c5b55fa8928fd31992370b1e6ce89f0d29f025c0223f82c39076a91f838c0d1040a181b27feb0138d8c6c19937a7e8f26d7ccc267efb57497e40d
-Size (chromium-147.0.7727.101-profdata.tar.xz) = 15232580 bytes
-BLAKE2s (chromium-147.0.7727.101-testdata.tar.xz) = cc25d1ba66cc46c70ea44447c2521948717a036675e3877d0ff7beb8c98521de
-SHA512 (chromium-147.0.7727.101-testdata.tar.xz) = 9fd07dce1f1b9f15572bb069c610f7c55abe31d2103f8c065bc0b3c096fc2be5e86f56adc92638fcb2ac92885c4e9e2bb469576bae30640482bd04ab5fea4dbc
-Size (chromium-147.0.7727.101-testdata.tar.xz) = 1318304744 bytes
+BLAKE2s (chromium-147.0.7727.137-lite.tar.xz) = 3dc02118ef48ccd2625fa7e5d0f29b7b61633c031ed7bc557db8b0941ba85fee
+SHA512 (chromium-147.0.7727.137-lite.tar.xz) = b22daf1fe8fcf6039b5eb03ae954f46a08b6af14ec95f1cbee80655d3216335f285d12d2530cd179c3af975b3ed7b390b167d59bb2bccb054a8eb52429d85af1
+Size (chromium-147.0.7727.137-lite.tar.xz) = 1474095908 bytes
+BLAKE2s (chromium-147.0.7727.137-profdata.tar.xz) = 4809609998eb9768abbc60fdb79b1e5c78dd98d288cbce40a01342f5c8734c1e
+SHA512 (chromium-147.0.7727.137-profdata.tar.xz) = be3d2691221c6f4988ac331884702377610f7935a67f8af88b57483998d531b1301df6a0dac3c6085ab7e947713814bc3f339c754727df72066fee903cf6298a
+Size (chromium-147.0.7727.137-profdata.tar.xz) = 15245988 bytes
+BLAKE2s (chromium-147.0.7727.137-testdata.tar.xz) = 345579b04a1db025b1d95e9215703d8dabfae793b336a9f1f8a02c50a3c5ea65
+SHA512 (chromium-147.0.7727.137-testdata.tar.xz) = 736707b6814417617d8484dc0e7f47ef3b970886540ce25e8fb7a990cdfee015655e005a6f6f712886455f3b6e6da5d5a1d04f20fbf99219ec03323b24cbbea1
+Size (chromium-147.0.7727.137-testdata.tar.xz) = 1318264688 bytes
 BLAKE2s (convert_case-0.6.0.crate) = c65fc0970543af9611c565957751df80f31efa3aa7c4d8e5eac41712864a67d5
 SHA512 (convert_case-0.6.0.crate) = 3b17449195a9a36e3965db89eeb967979c192ad7743217ea08e8c8b91ecae1ac1674362d05dc6f32f1f361fface3f783398285bb78060403f65a777a9d29adf2
 Size (convert_case-0.6.0.crate) = 18675 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index