Detections
Analytics

Fedora 44 : chromium (2026-a688180654)

critical Nessus Plugin ID 318077

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a688180654 advisory.

 Update to 148.0.7778.215

 * CVE-2026-9872: Out of bounds write in GPU
 * CVE-2026-9873: Use after free in Network
 * CVE-2026-9874: Use after free in Dawn
 * CVE-2026-9875: Out of bounds read in WebGL
 * CVE-2026-9876: Use after free in WebGL
 * CVE-2026-9877: Use after free in ANGLE
 * CVE-2026-9878: Use after free in ANGLE
 * CVE-2026-9879: Out of bounds write in ANGLE
 * CVE-2026-9880: Insufficient validation of untrusted input in WebGL
 * CVE-2026-9881: Use after free in Bluetooth
 * CVE-2026-9882: Integer overflow in ANGLE
 * CVE-2026-9883: Use after free in Base
 * CVE-2026-9884: Use after free in Browser
 * CVE-2026-9885: Insufficient validation of untrusted input in UI
 * CVE-2026-9886: Use after free in Base
 * CVE-2026-9887: Use after free in Proxy
 * CVE-2026-9888: Use after free in WebView
 * CVE-2026-9889: Out of bounds read and write in Dawn
 * CVE-2026-9890: Use after free in XR
 * CVE-2026-9891: Use after free in Extensions
 * CVE-2026-9892: Inappropriate implementation in Skia
 * CVE-2026-9893: Use after free in Skia
 * CVE-2026-9894: Use after free in GPU
 * CVE-2026-9895: Out of bounds read in GPU
 * CVE-2026-9896: Out of bounds write in V8
 * CVE-2026-9897: Use after free in DOM
 * CVE-2026-9898: Insufficient validation of untrusted input in GPU
 * CVE-2026-9899: Use after free in ANGLE
 * CVE-2026-9900: Out of bounds write in ANGLE
 * CVE-2026-9901: Use after free in ANGLE
 * CVE-2026-9902: Use after free in Accessibility
 * CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
 * CVE-2026-9904: Use after free in ANGLE
 * CVE-2026-9905: Use after free in Accessibility
 * CVE-2026-9906: Out of bounds write in GPU
 * CVE-2026-9907: Out of bounds read in Dawn
 * CVE-2026-9908: Out of bounds read in ANGLE
 * CVE-2026-9909: Integer overflow in Skia
 * CVE-2026-9910: Out of bounds memory access in ANGLE
 * CVE-2026-9911: Integer overflow in ANGLE
 * CVE-2026-9912: Inappropriate implementation in GPU
 * CVE-2026-9913: Inappropriate implementation in ANGLE
 * CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
 * CVE-2026-9915: Heap buffer overflow in ANGLE
 * CVE-2026-9916: Out of bounds write in ANGLE
 * CVE-2026-9917: Uninitialized Use in WebGL
 * CVE-2026-9918: Inappropriate implementation in Tint
 * CVE-2026-9919: Out of bounds read in WebGL
 * CVE-2026-9920: Uninitialized Use in GPU
 * CVE-2026-9921: Uninitialized Use in WebGL
 * CVE-2026-9922: Use after free in GPU
 * CVE-2026-9923: Use after free in Skia
 * CVE-2026-9924: Heap buffer overflow in ANGLE
 * CVE-2026-9925: Use after free in ANGLE
 * CVE-2026-9926: Heap buffer overflow in ANGLE
 * CVE-2026-9927: Use after free in ANGLE
 * CVE-2026-9928: Out of bounds read in ANGLE
 * CVE-2026-9929: Inappropriate implementation in WebGL
 * CVE-2026-9930: Out of bounds write in Dawn
 * CVE-2026-9931: Use after free in GPU
 * CVE-2026-9932: Use after free in ANGLE
 * CVE-2026-9933: Use after free in Input
 * CVE-2026-9934: Use after free in Aura
 * CVE-2026-9935: Uninitialized Use in ANGLE
 * CVE-2026-9936: Use after free in GFX
 * CVE-2026-9937: Use after free in UI
 * CVE-2026-9938: Inappropriate implementation in V8
 * CVE-2026-9939: Heap buffer overflow in WebCodecs
 * CVE-2026-9940: Heap buffer overflow in ANGLE
 * CVE-2026-9941: Use after free in ANGLE
 * CVE-2026-9942: Uninitialized Use in ANGLE
 * CVE-2026-9943: Out of bounds read in WebGL
 * CVE-2026-9944: Uninitialized Use in ANGLE
 * CVE-2026-9945: Use after free in Media
 * CVE-2026-9946: Use after free in ANGLE
 * CVE-2026-9947: Use after free in XML
 * CVE-2026-9948: Use after free in Views
 * CVE-2026-9949: Use after free in Core
 * CVE-2026-9950: Insufficient validation of untrusted input in iOS
 * CVE-2026-9951: Use after free in UI
 * CVE-2026-9952: Use after free in WebAudio
 * CVE-2026-9953: Out of bounds read in ANGLE
 * CVE-2026-9954: Use after free in TabStrip
 * CVE-2026-9955: Inappropriate implementation in iOS
 * CVE-2026-9956: Use after free in iOS
 * CVE-2026-9957: Use after free in PDF
 * CVE-2026-9958: Use after free in PDFium
 * CVE-2026-9959: Race in WebRTC
 * CVE-2026-9960: Integer overflow in PDFium
 * CVE-2026-9961: Use after free in SurfaceCapture
 * CVE-2026-9962: Use after free in WebRTC
 * CVE-2026-9963: Uninitialized Use in iOS
 * CVE-2026-9964: Use after free in Bluetooth
 * CVE-2026-9965: Out of bounds write in ANGLE
 * CVE-2026-9966: Integer overflow in XML
 * CVE-2026-9967: Out of bounds write in GPU
 * CVE-2026-9968: Integer overflow in V8
 * CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
 * CVE-2026-9970: Use after free in WebGL
 * CVE-2026-9971: Inappropriate implementation in iOS
 * CVE-2026-9972: Uninitialized Use in Gamepad
 * CVE-2026-9973: Out of bounds write in V8
 * CVE-2026-9974: Out of bounds write in GPU
 * CVE-2026-9975: Out of bounds read and write in ANGLE
 * CVE-2026-9976: Inappropriate implementation in USB
 * CVE-2026-9977: Insufficient validation of untrusted input in WebShare
 * CVE-2026-9978: Use after free in Glic
 * CVE-2026-9979: Insufficient validation of untrusted input in Input
 * CVE-2026-9980: Insufficient validation of untrusted input in Printing
 * CVE-2026-9981: Inappropriate implementation in Skia
 * CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
 * CVE-2026-9983: Type Confusion in Skia
 * CVE-2026-9984: Use after free in UI
 * CVE-2026-9985: Insufficient validation of untrusted input in Media
 * CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
 * CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
 * CVE-2026-9988: Use after free in WebRTC
 * CVE-2026-9989: Inappropriate implementation in Media
 * CVE-2026-9990: Use after free in WebAppInstalls
 * CVE-2026-9991: Inappropriate implementation in Media
 * CVE-2026-9992: Use after free in Network
 * CVE-2026-9993: Use after free in Views
 * CVE-2026-9994: Use after free in Core
 * CVE-2026-9995: Use after free in WebXR
 * CVE-2026-9996: Out of bounds read in WebRTC
 * CVE-2026-9997: Use after free in Input
 * CVE-2026-9998: Integer overflow in Skia
 * CVE-2026-9999: Inappropriate implementation in ANGLE
 * CVE-2026-10000: Use after free in Passwords
 * CVE-2026-10001: Use after free in PerformanceManager
 * CVE-2026-10002: Use after free in PDFium
 * CVE-2026-10003: Use after free in Views
 * CVE-2026-10004: Insufficient validation of untrusted input in Passwords
 * CVE-2026-10005: Use after free in WebAppInstalls
 * CVE-2026-10006: Race in WebAudio
 * CVE-2026-10007: Use after free in SVG
 * CVE-2026-10008: Uninitialized Use in GPU
 * CVE-2026-10009: Integer overflow in Skia
 * CVE-2026-10010: Inappropriate implementation in Input
 * CVE-2026-10011: Inappropriate implementation in Skia
 * CVE-2026-10012: Use after free in Skia
 * CVE-2026-10013: Use after free in WebCodecs
 * CVE-2026-10014: Use after free in WebMIDI
 * CVE-2026-10015: Integer overflow in WTF
 * CVE-2026-10016: Use after free in DOM
 * CVE-2026-10017: Out of bounds read in Headless
 * CVE-2026-10018: Integer overflow in ANGLE
 * CVE-2026-10019: Integer overflow in ANGLE
 * CVE-2026-10020: Insufficient validation of untrusted input in Skia
 * CVE-2026-10021: Insufficient validation of untrusted input in USB
 * CVE-2026-10022: Type Confusion in V8


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromium package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2026-a688180654

Plugin Details

Severity: Critical

ID: 318077

File Name: fedora_2026-a688180654.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/1/2026

Updated: 6/1/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-9887

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-9874

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:44, p-cpe:/a:fedoraproject:fedora:chromium

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/30/2026

Vulnerability Publication Date: 5/27/2026

Reference Information

CVE: CVE-2026-10000, CVE-2026-10001, CVE-2026-10002, CVE-2026-10003, CVE-2026-10004, CVE-2026-10005, CVE-2026-10006, CVE-2026-10007, CVE-2026-10008, CVE-2026-10009, CVE-2026-10010, CVE-2026-10011, CVE-2026-10012, CVE-2026-10013, CVE-2026-10014, CVE-2026-10015, CVE-2026-10016, CVE-2026-10017, CVE-2026-10018, CVE-2026-10019, CVE-2026-10020, CVE-2026-10021, CVE-2026-10022, CVE-2026-9872, CVE-2026-9873, CVE-2026-9874, CVE-2026-9875, CVE-2026-9876, CVE-2026-9877, CVE-2026-9878, CVE-2026-9879, CVE-2026-9880, CVE-2026-9881, CVE-2026-9882, CVE-2026-9883, CVE-2026-9884, CVE-2026-9885, CVE-2026-9886, CVE-2026-9887, CVE-2026-9888, CVE-2026-9889, CVE-2026-9890, CVE-2026-9891, CVE-2026-9892, CVE-2026-9893, CVE-2026-9894, CVE-2026-9895, CVE-2026-9896, CVE-2026-9897, CVE-2026-9898, CVE-2026-9899, CVE-2026-9900, CVE-2026-9901, CVE-2026-9902, CVE-2026-9903, CVE-2026-9904, CVE-2026-9905, CVE-2026-9906, CVE-2026-9907, CVE-2026-9908, CVE-2026-9909, CVE-2026-9910, CVE-2026-9911, CVE-2026-9912, CVE-2026-9913, CVE-2026-9914, CVE-2026-9915, CVE-2026-9916, CVE-2026-9917, CVE-2026-9918, CVE-2026-9919, CVE-2026-9920, CVE-2026-9921, CVE-2026-9922, CVE-2026-9923, CVE-2026-9924, CVE-2026-9925, CVE-2026-9926, CVE-2026-9927, CVE-2026-9928, CVE-2026-9929, CVE-2026-9930, CVE-2026-9931, CVE-2026-9932, CVE-2026-9933, CVE-2026-9934, CVE-2026-9935, CVE-2026-9936, CVE-2026-9937, CVE-2026-9938, CVE-2026-9939, CVE-2026-9940, CVE-2026-9941, CVE-2026-9942, CVE-2026-9943, CVE-2026-9944, CVE-2026-9945, CVE-2026-9946, CVE-2026-9947, CVE-2026-9948, CVE-2026-9949, CVE-2026-9950, CVE-2026-9951, CVE-2026-9952, CVE-2026-9953, CVE-2026-9954, CVE-2026-9955, CVE-2026-9956, CVE-2026-9957, CVE-2026-9958, CVE-2026-9959, CVE-2026-9960, CVE-2026-9961, CVE-2026-9962, CVE-2026-9963, CVE-2026-9964, CVE-2026-9965, CVE-2026-9966, CVE-2026-9967, CVE-2026-9968, CVE-2026-9969, CVE-2026-9970, CVE-2026-9971, CVE-2026-9972, CVE-2026-9973, CVE-2026-9974, CVE-2026-9975, CVE-2026-9976, CVE-2026-9977, CVE-2026-9978, CVE-2026-9979, CVE-2026-9980, CVE-2026-9981, CVE-2026-9982, CVE-2026-9983, CVE-2026-9984, CVE-2026-9985, CVE-2026-9986, CVE-2026-9987, CVE-2026-9988, CVE-2026-9989, CVE-2026-9990, CVE-2026-9991, CVE-2026-9992, CVE-2026-9993, CVE-2026-9994, CVE-2026-9995, CVE-2026-9996, CVE-2026-9997, CVE-2026-9998, CVE-2026-9999