Detections
Analytics

Fedora 43 : chromium (2026-f4e92d8d66)

critical Nessus Plugin ID 314292

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f4e92d8d66 advisory.

 Update to 148.0.7778.96

 * CVE-2026-7896: Integer overflow in Blink
 * CVE-2026-7897: Use after free in Mobile
 * CVE-2026-7898: Use after free in Chromoting
 * CVE-2026-7899: Out of bounds read and write in V8
 * CVE-2026-7900: Heap buffer overflow in ANGLE
 * CVE-2026-7901: Use after free in ANGLE
 * CVE-2026-7902: Out of bounds memory access in V8
 * CVE-2026-7903: Integer overflow in ANGLE
 * CVE-2026-7904: Out of bounds read in Fonts
 * CVE-2026-7905: Insufficient validation of untrusted input in Media
 * CVE-2026-7906: Use after free in SVG
 * CVE-2026-7907: Use after free in DOM
 * CVE-2026-7908: Use after free in Fullscreen
 * CVE-2026-7909: Inappropriate implementation in ServiceWorker
 * CVE-2026-7910: Use after free in Views
 * CVE-2026-7911: Use after free in Aura
 * CVE-2026-7912: Integer overflow in GPU
 * CVE-2026-7913: Insufficient policy enforcement in DevTools
 * CVE-2026-7914: Type Confusion in Accessibility
 * CVE-2026-7915: Insufficient data validation in DevTools
 * CVE-2026-7916: Insufficient data validation in InterestGroups
 * CVE-2026-7917: Use after free in Fullscreen
 * CVE-2026-7918: Use after free in GPU
 * CVE-2026-7919: Use after free in Aura
 * CVE-2026-7920: Use after free in Skia
 * CVE-2026-7921: Use after free in Passwords
 * CVE-2026-7922: Use after free in ServiceWorker
 * CVE-2026-7923: Out of bounds write in Skia
 * CVE-2026-7924: Uninitialized Use in Dawn
 * CVE-2026-7925: Use after free in Chromoting
 * CVE-2026-7926: Use after free in PresentationAPI
 * CVE-2026-7927: Type Confusion in Runtime
 * CVE-2026-7928: Use after free in WebRTC
 * CVE-2026-7929: Use after free in MediaRecording
 * CVE-2026-7930: Insufficient validation of untrusted input in Cookies
 * CVE-2026-7931: Insufficient validation of untrusted input in iOS
 * CVE-2026-7932: Insufficient policy enforcement in Downloads
 * CVE-2026-7933: Out of bounds read in WebCodecs
 * CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker
 * CVE-2026-7935: Inappropriate implementation in Speech
 * CVE-2026-7936: Object lifecycle issue in V8
 * CVE-2026-7937: Insufficient policy enforcement in DevTools
 * CVE-2026-7938: Use after free in CSS
 * CVE-2026-7939: Inappropriate implementation in SanitizerAPI
 * CVE-2026-7940: Use after free in V8
 * CVE-2026-7941: Insufficient validation of untrusted input in Mobile
 * CVE-2026-7942: Integer overflow in ANGLE
 * CVE-2026-7943: Insufficient validation of untrusted input in ANGLE
 * CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache
 * CVE-2026-7945: Insufficient validation of untrusted input in COOP
 * CVE-2026-7946: Insufficient policy enforcement in WebUI
 * CVE-2026-7947: Insufficient validation of untrusted input in Network
 * CVE-2026-7948: Race in Chromoting
 * CVE-2026-7949: Out of bounds read in Skia
 * CVE-2026-7950: Out of bounds read and write in GFX
 * CVE-2026-7951: Out of bounds write in WebRTC
 * CVE-2026-7952: Insufficient policy enforcement in Extensions
 * CVE-2026-7953: Insufficient validation of untrusted input in Omnibox
 * CVE-2026-7954: Race in Shared Storage
 * CVE-2026-7955: Uninitialized Use in GPU
 * CVE-2026-7956: Use after free in Navigation
 * CVE-2026-7957: Out of bounds write in Media
 * CVE-2026-7958: Inappropriate implementation in ServiceWorker
 * CVE-2026-7959: Inappropriate implementation in Navigation
 * CVE-2026-7960: Race in Speech
 * CVE-2026-7961: Insufficient validation of untrusted input in Permissions
 * CVE-2026-7962: Insufficient policy enforcement in DirectSockets
 * CVE-2026-7963: Inappropriate implementation in ServiceWorker
 * CVE-2026-7964: Insufficient validation of untrusted input in FileSystem
 * CVE-2026-7965: Insufficient validation of untrusted input in DevTools
 * CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation
 * CVE-2026-7967: Insufficient validation of untrusted input in Navigation
 * CVE-2026-7968: Insufficient validation of untrusted input in CORS
 * CVE-2026-7969: Integer overflow in Network
 * CVE-2026-7970: Use after free in TopChrome
 * CVE-2026-7971: Inappropriate implementation in ORB
 * CVE-2026-7972: Uninitialized Use in GPU
 * CVE-2026-7973: Integer overflow in Dawn
 * CVE-2026-7974: Use after free in Blink
 * CVE-2026-7975: Use after free in DevTools
 * CVE-2026-7976: Use after free in Views
 * CVE-2026-7977: Inappropriate implementation in Canvas
 * CVE-2026-7978: Inappropriate implementation in Companion
 * CVE-2026-7979: Inappropriate implementation in Media
 * CVE-2026-7980: Use after free in WebAudio
 * CVE-2026-7981: Out of bounds read in Codecs
 * CVE-2026-7982: Uninitialized Use in WebCodecs
 * CVE-2026-7983: Out of bounds read in Dawn
 * CVE-2026-7984: Use after free in ReadingMode
 * CVE-2026-7985: Use after free in GPU
 * CVE-2026-7986: Insufficient policy enforcement in Autofill
 * CVE-2026-7987: Use after free in WebRTC
 * CVE-2026-7988: Type Confusion in WebRTC
 * CVE-2026-7989: Insufficient data validation in DataTransfer
 * CVE-2026-7990: Insufficient validation of untrusted input in Updater
 * CVE-2026-7991: Use after free in UI
 * CVE-2026-7992: Insufficient validation of untrusted input in UI
 * CVE-2026-7993: Insufficient validation of untrusted input in Payments
 * CVE-2026-7994: Inappropriate implementation in Chromoting
 * CVE-2026-7995: Out of bounds read in AdFilter
 * CVE-2026-7996: Insufficient validation of untrusted input in SSL
 * CVE-2026-7997: Insufficient validation of untrusted input in Updater
 * CVE-2026-7998: Insufficient validation of untrusted input in Dialog
 * CVE-2026-7999: Inappropriate implementation in V8
 * CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver
 * CVE-2026-8001: Use after free in Printing
 * CVE-2026-8002: Use after free in Audio
 * CVE-2026-8003: Insufficient validation of untrusted input in TabGroups
 * CVE-2026-8004: Insufficient policy enforcement in DevTools
 * CVE-2026-8005: Insufficient validation of untrusted input in Cast
 * CVE-2026-8006: Insufficient policy enforcement in DevTools
 * CVE-2026-8007: Insufficient validation of untrusted input in Cast
 * CVE-2026-8008: Inappropriate implementation in DevTools
 * CVE-2026-8009: Inappropriate implementation in Cast
 * CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation
 * CVE-2026-8011: Insufficient policy enforcement in Search
 * CVE-2026-8012: Inappropriate implementation in MHTML
 * CVE-2026-8013: Insufficient validation of untrusted input in FedCM
 * CVE-2026-8014: Inappropriate implementation in Preload
 * CVE-2026-8015: Inappropriate implementation in Media
 * CVE-2026-8016: Use after free in WebRTC
 * CVE-2026-8017: Side-channel information leakage in Media
 * CVE-2026-8018: Insufficient policy enforcement in DevTools
 * CVE-2026-8019: Insufficient policy enforcement in WebApp
 * CVE-2026-8020: Uninitialized Use in GPU
 * CVE-2026-8021: Script injection in UI
 * CVE-2026-8022: Inappropriate implementation in MHTML


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromium package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2026-f4e92d8d66

Plugin Details

Severity: Critical

ID: 314292

File Name: fedora_2026-f4e92d8d66.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 5/12/2026

Updated: 5/12/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-7927

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-7910

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:chromium, cpe:/o:fedoraproject:fedora:43

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2026

Vulnerability Publication Date: 5/5/2026

Reference Information

CVE: CVE-2026-7896, CVE-2026-7897, CVE-2026-7898, CVE-2026-7899, CVE-2026-7900, CVE-2026-7901, CVE-2026-7902, CVE-2026-7903, CVE-2026-7904, CVE-2026-7905, CVE-2026-7906, CVE-2026-7907, CVE-2026-7908, CVE-2026-7909, CVE-2026-7910, CVE-2026-7911, CVE-2026-7912, CVE-2026-7913, CVE-2026-7914, CVE-2026-7915, CVE-2026-7916, CVE-2026-7917, CVE-2026-7918, CVE-2026-7919, CVE-2026-7920, CVE-2026-7921, CVE-2026-7922, CVE-2026-7923, CVE-2026-7924, CVE-2026-7925, CVE-2026-7926, CVE-2026-7927, CVE-2026-7928, CVE-2026-7929, CVE-2026-7930, CVE-2026-7931, CVE-2026-7932, CVE-2026-7933, CVE-2026-7934, CVE-2026-7935, CVE-2026-7936, CVE-2026-7937, CVE-2026-7938, CVE-2026-7939, CVE-2026-7940, CVE-2026-7941, CVE-2026-7942, CVE-2026-7943, CVE-2026-7944, CVE-2026-7945, CVE-2026-7946, CVE-2026-7947, CVE-2026-7948, CVE-2026-7949, CVE-2026-7950, CVE-2026-7951, CVE-2026-7952, CVE-2026-7953, CVE-2026-7954, CVE-2026-7955, CVE-2026-7956, CVE-2026-7957, CVE-2026-7958, CVE-2026-7959, CVE-2026-7960, CVE-2026-7961, CVE-2026-7962, CVE-2026-7963, CVE-2026-7964, CVE-2026-7965, CVE-2026-7966, CVE-2026-7967, CVE-2026-7968, CVE-2026-7969, CVE-2026-7970, CVE-2026-7971, CVE-2026-7972, CVE-2026-7973, CVE-2026-7974, CVE-2026-7975, CVE-2026-7976, CVE-2026-7977, CVE-2026-7978, CVE-2026-7979, CVE-2026-7980, CVE-2026-7981, CVE-2026-7982, CVE-2026-7983, CVE-2026-7984, CVE-2026-7985, CVE-2026-7986, CVE-2026-7987, CVE-2026-7988, CVE-2026-7989, CVE-2026-7990, CVE-2026-7991, CVE-2026-7992, CVE-2026-7993, CVE-2026-7994, CVE-2026-7995, CVE-2026-7996, CVE-2026-7997, CVE-2026-7998, CVE-2026-7999, CVE-2026-8000, CVE-2026-8001, CVE-2026-8002, CVE-2026-8003, CVE-2026-8004, CVE-2026-8005, CVE-2026-8006, CVE-2026-8007, CVE-2026-8008, CVE-2026-8009, CVE-2026-8010, CVE-2026-8011, CVE-2026-8012, CVE-2026-8013, CVE-2026-8014, CVE-2026-8015, CVE-2026-8016, CVE-2026-8017, CVE-2026-8018, CVE-2026-8019, CVE-2026-8020, CVE-2026-8021, CVE-2026-8022