v1.19.0

MediaMTX

Door: github-actions[bot]

2 Juni 2026 om 23:49

New major features

Media-over-QUIC

support reading and publishing with Media-over-QUIC (#5815) Media-over-QUIC is a streaming protocol built upon cutting edge protocols (QUIC, HTTP3) and browser APIs (WebTransport, WebCodecs). It's slightly faster than WebRTC, has an advanced data recovery mechanism, it supports additional codecs (FLAC) and is less complicated to route. Check the documentation for instructions and details.

RTMP

support reading and writing FLAC (#5778) (#5789)

HLS

support reading and publishing FLAC (#5778) (#5791)

Fixes and improvements

General

Add user agent field to RTMP, RTSP, WebRTC, and HLS (#5753)
add --check-version command line flag (#5786) this allows to check whether a new version is available without upgrading.
use file name suffix for OS-specific code wherever possible (#5787)
fix two hot reloading cases (#5817) * reload SRT server when metrics server is reloaded * reload API server when RTMPS server is reloaded

RTSP

client: trigger TCP timeout only if nothing is received (bluenviron/gortsplib#1002) (bluenviron/gortsplib#968) (bluenviron/gortsplib#1067) Previously, a data packet was required, now a keepalive response from the server is enough.
sdp: support non-standard 'meta' media type (bluenviron/gortsplib#1068)
forbid H264 packetization mode zero (bluenviron/gortsplib#1072) Packetization mode zero requires allowing inefficient and brittle fragmented UDP packets, which we are not.

RTMP

client: add FLAC fourCC (bluenviron/gortmplib#73)
do not exit in case of undocumented Flash control messages (#5512) (bluenviron/gortmplib#75)

HLS

remove redundant JavaScript argument (#5806)
muxer: fix race condition when generating playlist (bluenviron/gohlslib#359) (bluenviron/gohlslib#360) Max age of playlist depends on segments, so it needs to be covered by the segment mutex.
muxer: use coherent version in all playlists (#5781) (bluenviron/gohlslib#363)

WebRTC

make JavaScript internal variables private (#5804)
fix connectivity after network changes (#5097) (#5818)

RPI Camera

use timestamp of frame in text overlay (#2733) (bluenviron/mediamtx-rpicamera#103)

Dependencies

code.cloudfoundry.org/bytefmt updated from v0.72.0 to v0.74.0
github.com/abema/go-mp4 updated from v1.5.0 to v1.6.0
github.com/bluenviron/gohlslib/v2 updated from v2.3.2 to v2.4.0
github.com/bluenviron/gortmplib updated from v0.3.2 to v0.4.0
github.com/bluenviron/gortsplib/v5 updated from v5.5.3 to v5.5.4
github.com/bluenviron/mediacommon/v2 updated from v2.8.3 to v2.9.0
github.com/go-git/go-git/v5 updated from v5.19.0 to v5.19.1
github.com/matthewhartstonge/argon2 updated from v1.5.3 to v1.5.4
github.com/pion/ice/v4 updated from v4.2.5 to v4.2.7
github.com/pion/transport/v4 updated from v4.0.1 to v4.0.2
github.com/pion/webrtc/v4 updated from v4.2.12 to v4.2.14
golang.org/x/crypto updated from v0.51.0 to v0.52.0
golang.org/x/net updated from v0.54.0 to v0.55.0
golang.org/x/sys updated from v0.44.0 to v0.45.0
github.com/pion/dtls/v3 updated from v3.1.2 to v3.1.3
github.com/pion/sctp updated from v1.9.5 to v1.10.0
github.com/pion/srtp/v3 updated from v3.0.10 to v3.0.11
github.com/pion/stun/v3 updated from v3.1.2 to v3.1.4
github.com/pion/turn/v5 updated from v5.0.3 to v5.0.7
github.com/quic-go/webtransport-go v0.10.0 added
golang.org/x/sync v0.20.0 added
github.com/dunglas/httpsfv v1.1.0 added
github.com/bluenviron/mediamtx-rpicamera updated from v2.5.7 to v2.6.0

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

Stable Channel Update for Desktop

Google Chrome

5 Juni 2026 om 00:27

The Chrome team is delighted to announce the promotion of Chrome 149 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 149.0.7827.53 (Linux) 149.0.7827.53/54 Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 149.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 429 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$97000][498904293] Critical CVE-2026-10881: Out of bounds read and write in ANGLE. Reported by Anonymous on 2026-04-02

[$43000][503420443] Critical CVE-2026-10882: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$5000][503768143] Critical CVE-2026-10883: Out of bounds write in ANGLE. Reported by Maher Azzouzi on 2026-04-17

[N/A][503617302] Critical CVE-2026-10884: Use after free in Chromecast. Reported by Google on 2026-04-17

[N/A][504072665] Critical CVE-2026-10885: Use after free in Chrome for iOS. Reported by Google on 2026-04-18

[TBD][505096898] Critical CVE-2026-10886: Use after free in FileSystem. Reported by Andrew Boni on 2026-04-21

[N/A][505204771] Critical CVE-2026-10887: Use after free in Chromoting. Reported by Google on 2026-04-22

[N/A][505815080] Critical CVE-2026-10888: Use after free in Cast Streaming. Reported by Google on 2026-04-23

[N/A][513003797] Critical CVE-2026-10889: Out of bounds read in ANGLE. Reported by Google on 2026-05-14

[N/A][513136593] Critical CVE-2026-10890: Use after free in Cast. Reported by Google on 2026-05-14

[N/A][513160681] Critical CVE-2026-10891: Use after free in GFX. Reported by Google on 2026-05-14

[N/A][513165325] Critical CVE-2026-10892: Out of bounds write in GPU. Reported by Google on 2026-05-14

[N/A][513231432] Critical CVE-2026-10893: Use after free in Chromoting. Reported by Google on 2026-05-14

[N/A][513445101] Critical CVE-2026-10894: Use after free in Printing. Reported by Google on 2026-05-15

[N/A][513454018] Critical CVE-2026-10895: Use after free in Ozone. Reported by Google on 2026-05-15

[N/A][513514692] Critical CVE-2026-10896: Use after free in Chrome for iOS. Reported by Google on 2026-05-15

[N/A][513543143] Critical CVE-2026-10897: Out of bounds write in GPU. Reported by Google on 2026-05-15

[N/A][513946753] Critical CVE-2026-10898: Stack buffer overflow in GPU. Reported by Google on 2026-05-17

[N/A][516653777] Critical CVE-2026-10899: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A][516878683] Critical CVE-2026-10900: Use after free in Passwords. Reported by Google on 2026-05-26

[N/A][516957738] Critical CVE-2026-10901: Use after free in Passwords. Reported by Google on 2026-05-27

[N/A][517046249] Critical CVE-2026-10902: Use after free in Ozone. Reported by Google on 2026-05-27

[$11000][503422316] High CVE-2026-10903: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$8000][506855825] High CVE-2026-10904: Inappropriate implementation in V8. Reported by 303f06e3 on 2026-04-27

[$5000][487357841] High CVE-2026-10905: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25

[$3000][503420438] High CVE-2026-10906: Use after free in WebAuthentication. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-17

[$2000][489071023] High CVE-2026-10907: Out of bounds write in ANGLE. Reported by sweetchip on 2026-03-02

[$2000][505045913] High CVE-2026-10908: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-21

[$1000][508092644] High CVE-2026-10909: Use after free in Dawn. Reported by whiter@xuanyusec on 2026-04-30

[$500][508811477] High CVE-2026-10910: Type Confusion in V8. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-05-02

[N/A][495819067] High CVE-2026-10911: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-24

[N/A][496614553] High CVE-2026-10912: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-26

[N/A][497450927] High CVE-2026-10913: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A][497574371] High CVE-2026-10914: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A][497612174] High CVE-2026-10915: Use after free in Core. Reported by Google on 2026-03-30

[N/A][497643690] High CVE-2026-10916: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-30

[N/A][497929481] High CVE-2026-10917: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-30

[N/A][498259721] High CVE-2026-10918: Use after free in Viz. Reported by Google on 2026-03-31

[N/A][498872764] High CVE-2026-10919: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498977444] High CVE-2026-10920: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-04-02

[N/A][499159695] High CVE-2026-10921: Integer overflow in Dawn. Reported by Google on 2026-04-03

[N/A][499164652] High CVE-2026-10922: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-03

[N/A][499423683] High CVE-2026-10923: Use after free in WebAppInstalls. Reported by Google on 2026-04-04

[N/A][500055357] High CVE-2026-10924: Integer overflow in Chromecast. Reported by Google on 2026-04-06

[N/A][500071763] High CVE-2026-10925: Out of bounds write in Skia. Reported by Google on 2026-04-06

[N/A][500075522] High CVE-2026-10926: Use after free in Cast. Reported by Google on 2026-04-06

[N/A][500090141] High CVE-2026-10927: Out of bounds read in Dawn. Reported by Google on 2026-04-06

[N/A][500124367] High CVE-2026-10928: Script injection in Headless. Reported by Google on 2026-04-06

[N/A][500429259] High CVE-2026-10929: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500472605] High CVE-2026-10930: Out of bounds read in ANGLE. Reported by Google on 2026-04-07

[TBD][501115599] High CVE-2026-10931: Use after free in FileSystem. Reported by asjidkalam on 2026-04-10

[N/A][501335606] High CVE-2026-10932: Use after free in UI. Reported by Google on 2026-04-10

[N/A][501557633] High CVE-2026-10933: Use after free in Audio. Reported by Google on 2026-04-11

[N/A][501594107] High CVE-2026-10934: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501898683] High CVE-2026-10935: Inappropriate implementation in V8. Reported by Google on 2026-04-12

[N/A][502439789] High CVE-2026-10936: Type Confusion in V8. Reported by Google on 2026-04-14

[N/A][502651056] High CVE-2026-10937: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502681591] High CVE-2026-10938: Insufficient validation of untrusted input in Input. Reported by Google on 2026-04-14

[N/A][503502607] High CVE-2026-10939: Use after free in WebRTC. Reported by Google on 2026-04-17

[N/A][503879873] High CVE-2026-10940: Race in Codecs. Reported by Google on 2026-04-17

[N/A][503958940] High CVE-2026-10941: Out of bounds memory access in Skia. Reported by Google on 2026-04-18

[N/A][504104263] High CVE-2026-10942: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-18

[TBD][504194151] High CVE-2026-10943: Use after free in WebRTC. Reported by Rayyan Kadar on 2026-04-20

[N/A][504215814] High CVE-2026-10944: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-19

[N/A][504417768] High CVE-2026-10945: Use after free in PDF. Reported by Google on 2026-04-20

[N/A][504587797] High CVE-2026-10946: Heap buffer overflow in Media. Reported by Google on 2026-04-20

[N/A][504597736] High CVE-2026-10947: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504599749] High CVE-2026-10948: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504644843] High CVE-2026-10949: Heap buffer overflow in Video. Reported by Google on 2026-04-20

[N/A][505123022] High CVE-2026-10950: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-21

[N/A][505191883] High CVE-2026-10951: Use after free in Autofill. Reported by Google on 2026-04-22

[N/A][505231370] High CVE-2026-10952: Use after free in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][506147564] High CVE-2026-10953: Use after free in Core. Reported by Google on 2026-04-24

[N/A][506150628] High CVE-2026-10954: Use after free in Actor. Reported by Google on 2026-04-24

[N/A][506374676] High CVE-2026-10955: Type Confusion in ANGLE. Reported by Google on 2026-04-25

[N/A][506375731] High CVE-2026-10956: Use after free in MimeHandlerView. Reported by Google on 2026-04-25

[N/A][506377279] High CVE-2026-10957: Use after free in Glic. Reported by Google on 2026-04-25

[N/A][507251069] High CVE-2026-10958: Use after free in Chrome for iOS. Reported by Google on 2026-04-28

[N/A][507258648] High CVE-2026-10959: Use after free in Input. Reported by Google on 2026-04-28

[N/A][507258786] High CVE-2026-10960: Uninitialized Use in Codecs. Reported by Google on 2026-04-28

[N/A][508281950] High CVE-2026-10961: Use after free in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][511006880] High CVE-2026-10962: Type Confusion in Media. Reported by Google on 2026-05-08

[N/A][511218177] High CVE-2026-10963: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511228272] High CVE-2026-10964: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511290038] High CVE-2026-10965: Integer overflow in DevTools. Reported by Google on 2026-05-08

[N/A][511713779] High CVE-2026-10966: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-10

[N/A][511714900] High CVE-2026-10967: Use after free in SurfaceCapture. Reported by Google on 2026-05-10

[N/A][511758373] High CVE-2026-10968: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-10

[N/A][511765713] High CVE-2026-10969: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-10

[N/A][512772489] High CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups. Reported by Google on 2026-05-13

[N/A][513005991] High CVE-2026-10971: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-14

[N/A][513006660] High CVE-2026-10972: Use after free in Ozone. Reported by Google on 2026-05-14

[N/A][513042859] High CVE-2026-10973: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513135862] High CVE-2026-10974: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-14

[N/A][513154132] High CVE-2026-10975: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A][513249847] High CVE-2026-10976: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513340227] High CVE-2026-10977: Uninitialized Use in Skia. Reported by Google on 2026-05-14

[N/A][513394258] High CVE-2026-10978: Use after free in Chromoting. Reported by Google on 2026-05-15

[N/A][513468021] High CVE-2026-10979: Out of bounds read in ANGLE. Reported by Google on 2026-05-15

[N/A][513713927] High CVE-2026-10980: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16

[N/A][513762354] High CVE-2026-10981: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-16

[N/A][513774197] High CVE-2026-10982: Use after free in WebXR. Reported by Google on 2026-05-16

[N/A][513947609] High CVE-2026-10983: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-17

[N/A][514022635] High CVE-2026-10984: Inappropriate implementation in Accessibility. Reported by Google on 2026-05-17

[N/A][514082801] High CVE-2026-10985: Out of bounds read in Skia. Reported by Google on 2026-05-17

[N/A][514744613] High CVE-2026-10986: Integer overflow in Media. Reported by Google on 2026-05-19

[N/A][515431687] High CVE-2026-10987: Integer overflow in V8. Reported by Google on 2026-05-21

[N/A][515465685] High CVE-2026-10988: Use after free in Views. Reported by Google on 2026-05-21

[N/A][516311623] High CVE-2026-10989: Inappropriate implementation in V8. Reported by Google on 2026-05-25

[$4000][506311914] Medium CVE-2026-10990: Use after free in Glic. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-25

[$3000][503553614] Medium CVE-2026-10991: Use after free in V8. Reported by Alisa Esage (@alisaesage) on 2026-04-17

[$2000][493534964] Medium CVE-2026-10992: Insufficient data validation in Animation. Reported by heapracer (@heapracer) on 2026-03-17

[$2000][504160794] Medium CVE-2026-10993: Heap buffer overflow in Skia. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-04-19

[$2000][504820809] Medium CVE-2026-10994: Uninitialized Use in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[$2000][505371980] Medium CVE-2026-10995: Heap buffer overflow in TabStrip. Reported by Sven Dysthe (@svn-dys) on 2026-04-22

[TBD][40051700] Medium CVE-2026-10996: Inappropriate implementation in Workers. Reported by Jayateertha Guruprasad on 2024-12-23

[TBD][464217867] Medium CVE-2026-10997: Insufficient policy enforcement in Extensions. Reported by djallalakira@gmail.com on 2025-11-28

[TBD][486536242] Medium CVE-2026-10998: Out of bounds read in Media. Reported by Ameen Basha M K on 2026-02-22

[TBD][489369089] Medium CVE-2026-10999: Out of bounds memory access in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04

[TBD][492374380] Medium CVE-2026-11000: Use after free in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13

[N/A][493691489] Medium CVE-2026-11001: Incorrect security UI in Payments. Reported by Google on 2026-03-18

[TBD][494740162] Medium CVE-2026-11002: Use after free in Autofill. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21

[TBD][494823867] Medium CVE-2026-11003: Use after free in WebRTC. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2026-03-21

[TBD][494823889] Medium CVE-2026-11004: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[TBD][495052581] Medium CVE-2026-11005: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[N/A][495489174] Medium CVE-2026-11006: Out of bounds read in Dawn. Reported by Google on 2026-03-23

[N/A][495834228] Medium CVE-2026-11007: Insufficient validation of untrusted input in WebView. Reported by Google on 2026-03-24

[N/A][495864099] Medium CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-24

[N/A][496233132] Medium CVE-2026-11009: Use after free in USB. Reported by Google on 2026-03-25

[TBD][496266444] Medium CVE-2026-11010: Use after free in WebShare. Reported by David Sievers on 2026-03-26

[N/A][496702621] Medium CVE-2026-11011: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-03-26

[N/A][497000161] Medium CVE-2026-11012: Use after free in Serial. Reported by Google on 2026-03-27

[N/A][497056412] Medium CVE-2026-11013: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497058611] Medium CVE-2026-11014: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-28

[TBD][497183443] Medium CVE-2026-11015: Out of bounds read in WebGPU. Reported by Yuma Takeuchi on 2026-03-29

[N/A][497278395] Medium CVE-2026-11016: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497336872] Medium CVE-2026-11017: Inappropriate implementation in Link Preview. Reported by Google on 2026-03-29

[N/A][497342466] Medium CVE-2026-11018: Insufficient policy enforcement in Actor. Reported by Google on 2026-03-29

[N/A][497344640] Medium CVE-2026-11019: Inappropriate implementation in Payments. Reported by Google on 2026-03-29

[N/A][497440270] Medium CVE-2026-11020: Inappropriate implementation in Extensions. Reported by Google on 2026-03-29

[N/A][497487755] Medium CVE-2026-11021: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-29

[N/A][497532918] Medium CVE-2026-11022: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-29

[N/A][497538899] Medium CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-29

[N/A][497591594] Medium CVE-2026-11024: Stack buffer overflow in Skia. Reported by Google on 2026-03-30

[N/A][497595264] Medium CVE-2026-11025: Insufficient policy enforcement in Navigation. Reported by Google on 2026-03-30

[N/A][497599683] Medium CVE-2026-11026: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-30

[N/A][497604407] Medium CVE-2026-11027: Insufficient validation of untrusted input in Glic. Reported by Google on 2026-03-30

[N/A][497627277] Medium CVE-2026-11028: Use after free in Media. Reported by Google on 2026-03-30

[N/A][497651688] Medium CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop. Reported by Google on 2026-03-30

[N/A][497722502] Medium CVE-2026-11030: Use after free in Network. Reported by Google on 2026-03-30

[N/A][497748760] Medium CVE-2026-11031: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-30

[N/A][497831111] Medium CVE-2026-11032: Insufficient data validation in Password Manager. Reported by Google on 2026-03-30

[N/A][497926664] Medium CVE-2026-11033: Uninitialized Use in WebML. Reported by Google on 2026-03-30

[N/A][497934980] Medium CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync. Reported by Google on 2026-03-30

[N/A][497936421] Medium CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs. Reported by Google on 2026-03-30

[N/A][497964917] Medium CVE-2026-11036: Inappropriate implementation in DOM. Reported by Google on 2026-03-30

[N/A][497971287] Medium CVE-2026-11037: Out of bounds write in Codecs. Reported by Google on 2026-03-31

[N/A][498080391] Medium CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity. Reported by Google on 2026-03-31

[N/A][498204112] Medium CVE-2026-11039: Uninitialized Use in Skia. Reported by Google on 2026-03-31

[N/A][498371085] Medium CVE-2026-11040: Use after free in ANGLE. Reported by Google on 2026-04-01

[N/A][498700369] Medium CVE-2026-11041: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498720094] Medium CVE-2026-11042: Use after free in Views. Reported by Google on 2026-04-01

[N/A][498721316] Medium CVE-2026-11043: Out of bounds write in ANGLE. Reported by Google on 2026-04-01

[N/A][498724803] Medium CVE-2026-11044: Integer overflow in ANGLE. Reported by Google on 2026-04-01

[N/A][498727111] Medium CVE-2026-11045: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-01

[N/A][498728857] Medium CVE-2026-11046: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498768132] Medium CVE-2026-11047: Insufficient validation of untrusted input in Base. Reported by Google on 2026-04-02

[N/A][498808432] Medium CVE-2026-11048: Inappropriate implementation in Extensions. Reported by Google on 2026-04-02

[N/A][498815068] Medium CVE-2026-11049: Use after free in Password Manager. Reported by Google on 2026-04-02

[N/A][498818402] Medium CVE-2026-11050: Use after free in V8. Reported by Google on 2026-04-02

[TBD][498828605] Medium CVE-2026-11051: Out of bounds read in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-02

[N/A][498834967] Medium CVE-2026-11052: Type Confusion in GPU. Reported by Google on 2026-04-02

[N/A][498841456] Medium CVE-2026-11053: VULNERABILITY in WebRTC. Reported by Google on 2026-04-02

[N/A][498845284] Medium CVE-2026-11054: Use after free in WebRTC. Reported by Google on 2026-04-02

[N/A][498881735] Medium CVE-2026-11055: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498887785] Medium CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-04-02

[N/A][498951946] Medium CVE-2026-11057: Uninitialized Use in Skia. Reported by Google on 2026-04-02

[N/A][498986406] Medium CVE-2026-11058: Integer overflow in CredentialProvider. Reported by Google on 2026-04-02

[N/A][498991983] Medium CVE-2026-11059: Use after free in Blink. Reported by Google on 2026-04-02

[N/A][499018355] Medium CVE-2026-11060: Use after free in Media. Reported by Google on 2026-04-02

[N/A][499031961] Medium CVE-2026-11061: Out of bounds read in ANGLE. Reported by Google on 2026-04-02

[N/A][499033012] Medium CVE-2026-11062: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-02

[N/A][499051067] Medium CVE-2026-11063: Insufficient validation of untrusted input in WebNN. Reported by Google on 2026-04-02

[N/A][499075743] Medium CVE-2026-11064: Uninitialized Use in GPU. Reported by Google on 2026-04-02

[N/A][499093536] Medium CVE-2026-11065: Use after free in ANGLE. Reported by Google on 2026-04-03

[N/A][499124128] Medium CVE-2026-11066: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-03

[N/A][499140183] Medium CVE-2026-11067: Uninitialized Use in Dawn. Reported by Google on 2026-04-03

[N/A][499194333] Medium CVE-2026-11068: Use after free in WebSockets. Reported by Google on 2026-04-03

[N/A][499213367] Medium CVE-2026-11069: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499225384] Medium CVE-2026-11070: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-03

[N/A][499227659] Medium CVE-2026-11071: Use after free in Base. Reported by Google on 2026-04-03

[N/A][499238195] Medium CVE-2026-11072: Use after free in WebView. Reported by Google on 2026-04-03

[N/A][499365904] Medium CVE-2026-11073: Use after free in WebGL. Reported by Google on 2026-04-03

[TBD][499587071] Medium CVE-2026-11074: Use after free in WebRTC. Reported by boboliverfrancishoward@gmail.com on 2026-04-05

[TBD][499659070] Medium CVE-2026-11075: Out of bounds read in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab on 2026-04-06

[N/A][499784386] Medium CVE-2026-11076: Type Confusion in CSS. Reported by Google on 2026-04-05

[TBD][499908918] Medium CVE-2026-11077: Out of bounds read in Dawn. Reported by Anonymous on 2026-04-06

[TBD][499917177] Medium CVE-2026-11078: Insufficient validation of untrusted input in FileSystem. Reported by Eran Rom of Palo Alto Networks on 2026-04-06

[N/A][500028989] Medium CVE-2026-11079: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-06

[N/A][500032538] Medium CVE-2026-11080: Use after free in WebView. Reported by Google on 2026-04-06

[N/A][500076131] Medium CVE-2026-11081: Policy bypass in Canvas. Reported by Google on 2026-04-06

[N/A][500079715] Medium CVE-2026-11082: Use after free in GPU. Reported by Google on 2026-04-06

[N/A][500095743] Medium CVE-2026-11083: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500124500] Medium CVE-2026-11084: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500132379] Medium CVE-2026-11085: Integer overflow in GPU. Reported by Google on 2026-04-06

[N/A][500140111] Medium CVE-2026-11086: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-04-07

[N/A][500140149] Medium CVE-2026-11087: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500144879] Medium CVE-2026-11088: Integer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500154880] Medium CVE-2026-11089: Uninitialized Use in Media. Reported by Google on 2026-04-07

[N/A][500161302] Medium CVE-2026-11090: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500162791] Medium CVE-2026-11091: Inappropriate implementation in Dawn. Reported by Google on 2026-04-07

[N/A][500170887] Medium CVE-2026-11092: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-07

[N/A][500172365] Medium CVE-2026-11093: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-04-07

[N/A][500174874] Medium CVE-2026-11094: Use after free in Codecs. Reported by Google on 2026-04-07

[N/A][500293394] Medium CVE-2026-11095: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-07

[N/A][500296311] Medium CVE-2026-11096: Out of bounds read in WebRTC. Reported by Google on 2026-04-07

[N/A][500311718] Medium CVE-2026-11097: Inappropriate implementation in WebView. Reported by Google on 2026-04-07

[N/A][500315455] Medium CVE-2026-11098: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-07

[N/A][500414865] Medium CVE-2026-11099: Vulnerability in Skia. Reported by Google on 2026-04-07

[N/A][500416901] Medium CVE-2026-11100: Use after free in File Input. Reported by Google on 2026-04-07

[N/A][500443031] Medium CVE-2026-11101: Uninitialized Use in Dawn. Reported by Google on 2026-04-07

[N/A][500468338] Medium CVE-2026-11102: Inappropriate implementation in Isolated Web Apps. Reported by Google on 2026-04-07

[N/A][500483038] Medium CVE-2026-11103: Inappropriate implementation in Installer. Reported by Google on 2026-04-07

[N/A][500501226] Medium CVE-2026-11104: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500505339] Medium CVE-2026-11105: Insufficient validation of untrusted input in WebUI. Reported by Google on 2026-04-08

[N/A][500508725] Medium CVE-2026-11106: Inappropriate implementation in Media. Reported by Google on 2026-04-08

[N/A][500510384] Medium CVE-2026-11107: Inappropriate implementation in Downloads. Reported by Google on 2026-04-08

[N/A][500517053] Medium CVE-2026-11108: Inappropriate implementation in NFC. Reported by Google on 2026-04-08

[N/A][500524833] Medium CVE-2026-11109: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500528864] Medium CVE-2026-11110: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500530720] Medium CVE-2026-11111: Out of bounds read in ANGLE. Reported by Google on 2026-04-08

[N/A][500541413] Medium CVE-2026-11112: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-08

[N/A][500560764] Medium CVE-2026-11113: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-08

[N/A][501360342] Medium CVE-2026-11114: Use after free in Device Trust. Reported by Google on 2026-04-10

[N/A][501370283] Medium CVE-2026-11115: Use after free in Updater. Reported by Google on 2026-04-10

[N/A][501376612] Medium CVE-2026-11116: Use after free in Chromoting. Reported by Google on 2026-04-10

[N/A][501403820] Medium CVE-2026-11117: Use after free in Views. Reported by Google on 2026-04-10

[N/A][501424047] Medium CVE-2026-11118: Use after free in WebRTC. Reported by Google on 2026-04-10

[N/A][501461853] Medium CVE-2026-11119: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-10

[N/A][501467566] Medium CVE-2026-11120: Insufficient validation of untrusted input in Enterprise Reporting. Reported by Google on 2026-04-10

[N/A][501483855] Medium CVE-2026-11121: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-04-10

[N/A][501485453] Medium CVE-2026-11122: Inappropriate implementation in Keyboard. Reported by Google on 2026-04-10

[N/A][501505198] Medium CVE-2026-11123: Uninitialized Use in ANGLE. Reported by Google on 2026-04-10

[N/A][501511299] Medium CVE-2026-11124: Heap buffer overflow in Skia. Reported by Google on 2026-04-10

[N/A][501517520] Medium CVE-2026-11125: Use after free in Compositing. Reported by Google on 2026-04-10

[N/A][501528031] Medium CVE-2026-11126: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-10

[N/A][501535295] Medium CVE-2026-11127: Inappropriate implementation in WebAPKs. Reported by Google on 2026-04-10

[N/A][501541341] Medium CVE-2026-11128: Insufficient validation of untrusted input in Web Share. Reported by Google on 2026-04-10

[N/A][501541962] Medium CVE-2026-11129: Inappropriate implementation in Extensions. Reported by Google on 2026-04-10

[N/A][501546443] Medium CVE-2026-11130: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501561644] Medium CVE-2026-11131: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501597365] Medium CVE-2026-11132: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501606085] Medium CVE-2026-11133: Insufficient policy enforcement in Paint. Reported by Google on 2026-04-11

[N/A][501640084] Medium CVE-2026-11134: Insufficient data validation in Media. Reported by Google on 2026-04-11

[N/A][501644835] Medium CVE-2026-11135: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-11

[TBD][501646327] Medium CVE-2026-11136: Use after free in Canvas. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-04-11

[N/A][501647943] Medium CVE-2026-11137: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650354] Medium CVE-2026-11138: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650594] Medium CVE-2026-11139: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501659253] Medium CVE-2026-11140: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-11

[N/A][501667839] Medium CVE-2026-11141: Uninitialized Use in Audio. Reported by Google on 2026-04-11

[N/A][501668745] Medium CVE-2026-11142: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501674219] Medium CVE-2026-11143: Heap buffer overflow in Extensions. Reported by Google on 2026-04-11

[N/A][501676175] Medium CVE-2026-11144: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501683745] Medium CVE-2026-11145: Race in Geolocation. Reported by Google on 2026-04-11

[N/A][501709220] Medium CVE-2026-11146: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-11

[N/A][501731689] Medium CVE-2026-11147: Use after free in WebML. Reported by Google on 2026-04-11

[N/A][501738451] Medium CVE-2026-11148: Inappropriate implementation in Payments. Reported by Google on 2026-04-11

[N/A][501739206] Medium CVE-2026-11149: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-04-11

[N/A][501740299] Medium CVE-2026-11150: Inappropriate implementation in XML. Reported by Google on 2026-04-11

[N/A][501740323] Medium CVE-2026-11151: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-11

[N/A][501762953] Medium CVE-2026-11152: Object lifecycle issue in Dawn. Reported by Google on 2026-04-11

[N/A][501779840] Medium CVE-2026-11153: Side-channel information leakage in Forms. Reported by Google on 2026-04-12

[N/A][501789156] Medium CVE-2026-11154: Use after free in Dawn. Reported by Google on 2026-04-12

[N/A][501801823] Medium CVE-2026-11155: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-12

[N/A][501810226] Medium CVE-2026-11156: Inappropriate implementation in CSS. Reported by Google on 2026-04-12

[N/A][501823385] Medium CVE-2026-11157: Script injection in Accessibility. Reported by Google on 2026-04-12

[N/A][501844153] Medium CVE-2026-11158: Insufficient validation of untrusted input in Downloads. Reported by Google on 2026-04-12

[N/A][501861921] Medium CVE-2026-11159: Uninitialized Use in Skia. Reported by Google on 2026-04-12

[N/A][501862016] Medium CVE-2026-11160: Out of bounds read in Input. Reported by Google on 2026-04-12

[N/A][501920294] Medium CVE-2026-11161: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-12

[N/A][502035074] Medium CVE-2026-11162: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-13

[N/A][502072755] Medium CVE-2026-11163: Use after free in Messages. Reported by Google on 2026-04-13

[N/A][502089411] Medium CVE-2026-11164: Use after free in Blink. Reported by Google on 2026-04-13

[N/A][502099949] Medium CVE-2026-11165: Use after free in WebMIDI. Reported by Google on 2026-04-13

[N/A][502118936] Medium CVE-2026-11166: Inappropriate implementation in SVG. Reported by Google on 2026-04-13

[N/A][502228856] Medium CVE-2026-11167: Inappropriate implementation in WebView. Reported by Google on 2026-04-13

[N/A][502256049] Medium CVE-2026-11168: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-13

[N/A][502285273] Medium CVE-2026-11169: Inappropriate implementation in XML. Reported by Google on 2026-04-13

[N/A][502322596] Medium CVE-2026-11170: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-13

[N/A][502322843] Medium CVE-2026-11171: Integer overflow in Blink. Reported by Google on 2026-04-13

[TBD][502328201] Medium CVE-2026-11172: Incorrect security UI in Contact Picker. Reported by mochazril.ti@gmail.com on 2026-04-14

[N/A][502337304] Medium CVE-2026-11173: Out of bounds write in V8. Reported by Google on 2026-04-14

[N/A][502348223] Medium CVE-2026-11174: Insufficient policy enforcement in Site Isolation. Reported by Google on 2026-04-14

[N/A][502368088] Medium CVE-2026-11175: Incorrect security UI in Messages. Reported by Google on 2026-04-14

[N/A][502371717] Medium CVE-2026-11176: Inappropriate implementation in Media. Reported by Google on 2026-04-14

[TBD][502449864] Medium CVE-2026-11177: Use after free in Omnibox. Reported by gevakun on 2026-04-14

[N/A][502501810] Medium CVE-2026-11178: Policy bypass in WebView. Reported by Google on 2026-04-14

[N/A][502615170] Medium CVE-2026-11179: Inappropriate implementation in ORB. Reported by Google on 2026-04-14

[N/A][502631225] Medium CVE-2026-11180: Policy bypass in SVG. Reported by Google on 2026-04-14

[N/A][502633299] Medium CVE-2026-11181: Inappropriate implementation in Media Session. Reported by Google on 2026-04-14

[N/A][502651014] Medium CVE-2026-11182: Inappropriate implementation in SVG. Reported by Google on 2026-04-14

[N/A][502768780] Medium CVE-2026-11183: Out of bounds read in GWP-ASan. Reported by Google on 2026-04-15

[N/A][502777516] Medium CVE-2026-11184: Insufficient policy enforcement in Actor. Reported by Google on 2026-04-15

[N/A][502784366] Medium CVE-2026-11185: Use after free in V8. Reported by Google on 2026-04-15

[N/A][502805170] Medium CVE-2026-11186: Inappropriate implementation in CSS. Reported by Google on 2026-04-15

[N/A][502819675] Medium CVE-2026-11187: Insufficient policy enforcement in Glic. Reported by Google on 2026-04-15

[N/A][502959826] Medium CVE-2026-11188: Use after free in USB. Reported by Google on 2026-04-15

[TBD][503197481] Medium CVE-2026-11189: Insufficient validation of untrusted input in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-04-16

[N/A][503375371] Medium CVE-2026-11190: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-16

[N/A][503392431] Medium CVE-2026-11191: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-16

[N/A][503490678] Medium CVE-2026-11192: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-17

[N/A][503642586] Medium CVE-2026-11193: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-04-17

[N/A][503719488] Medium CVE-2026-11194: Inappropriate implementation in Network. Reported by Google on 2026-04-17

[N/A][503865896] Medium CVE-2026-11195: Inappropriate implementation in MHTML. Reported by Google on 2026-04-17

[N/A][503879106] Medium CVE-2026-11196: Type Confusion in XML. Reported by Google on 2026-04-17

[TBD][504073872] Medium CVE-2026-11197: Insufficient policy enforcement in Workers. Reported by VEZEKA on 2026-04-19

[N/A][504395300] Medium CVE-2026-11198: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-20

[N/A][504572664] Medium CVE-2026-11199: Insufficient validation of untrusted input in WebRTC. Reported by Google on 2026-04-20

[N/A][504579798] Medium CVE-2026-11200: Inappropriate implementation in WebRTC. Reported by Google on 2026-04-20

[TBD][505068950] Medium CVE-2026-11201: Use after free in ServiceWorker. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-22

[N/A][505144022] Medium CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][505192638] Medium CVE-2026-11203: Policy bypass in GPU. Reported by Google on 2026-04-22

[N/A][505200733] Medium CVE-2026-11204: Inappropriate implementation in Signin. Reported by Google on 2026-04-22

[N/A][505290253] Medium CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[TBD][505427216] Medium CVE-2026-11206: Policy bypass in ServiceWorker. Reported by David Bors, Catalin Iovita on 2026-04-23

[N/A][506127858] Medium CVE-2026-11207: Insufficient validation of untrusted input in Autofill. Reported by Google on 2026-04-24

[N/A][506387278] Medium CVE-2026-11208: Use after free in Codecs. Reported by Google on 2026-04-25

[N/A][506391032] Medium CVE-2026-11209: Insufficient policy enforcement in Passwords. Reported by Google on 2026-04-25

[N/A][506473226] Medium CVE-2026-11210: Insufficient policy enforcement in Safe Browsing. Reported by Google on 2026-04-25

[N/A][506629455] Medium CVE-2026-11211: Integer overflow in V8. Reported by Google on 2026-04-26

[N/A][507216833] Medium CVE-2026-11212: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-28

[N/A][507382702] Medium CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode. Reported by Google on 2026-04-28

[N/A][508257850] Medium CVE-2026-11214: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][513446116] Medium CVE-2026-11215: Inappropriate implementation in Cronet. Reported by Google on 2026-05-15

[$3000][474583539] Low CVE-2026-11216: Incorrect security UI in File Input. Reported by Azza Tegar Naufal Ataullah on 2026-01-10

[$3000][487564032] Low CVE-2026-11217: Insufficient policy enforcement in Fenced Frames. Reported by Tianyi Hu on 2026-02-25

[$2000][476862276] Low CVE-2026-11218: Inappropriate implementation in PlatformIntegration. Reported by Han Liu (Xi’an Jiaotong University, School of Cyber Science and Engineering)
on 2026-01-19

[$2000][480074849] Low CVE-2026-11219: Insufficient data validation in Navigation. Reported by Bharat (mrnoob) on 2026-01-30

[$2000][487300831] Low CVE-2026-11220: Insufficient validation of untrusted input in Navigation. Reported by Tianyi Hu on 2026-02-24

[$1500][492211919] Low CVE-2026-11221: Insufficient validation of untrusted input in PointerLock. Reported by mihalis.haatainen@bountyy.fi on 2026-03-12

[$1000][458442542] Low CVE-2026-11222: Incorrect security UI in Tab Strip. Reported by Hafiizh on 2025-11-07

[$1000][494800494] Low CVE-2026-11223: Insufficient validation of untrusted input in Network. Reported by Tianyi Hu on 2026-03-21

[$500][502461760] Low CVE-2026-11224: Use after free in Chromoting. Reported by David Bors, Catalin Iovita on 2026-04-14

[$500][503346647] Low CVE-2026-11225: Incorrect security UI in WebUI. Reported by Tareq Ahamed - itztrq on 2026-04-16

[N/A][385662278] Low CVE-2026-11226: Insufficient policy enforcement in PreviewTab. Reported by Google on 2020-03-05

[TBD][448421954] Low CVE-2026-11227: Incorrect security UI in Tab Hover Cards. Reported by Hafiizh on 2025-10-01

[TBD][454484864] Low CVE-2026-11228: Incorrect security UI in File Input. Reported by Umar Farooq on 2025-10-23

[TBD][482713603] Low CVE-2026-11229: Insufficient policy enforcement in Enterprise. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-08

[N/A][493225428] Low CVE-2026-11230: Use after free in Extensions. Reported by Google on 2026-03-16

[N/A][495840862] Low CVE-2026-11231: Inappropriate implementation in Safe Browsing. Reported by Google on 2026-03-24

[N/A][495981782] Low CVE-2026-11232: Inappropriate implementation in TabGroups. Reported by Google on 2026-03-25

[N/A][496088449] Low CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496095145] Low CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496419374] Low CVE-2026-11235: Insufficient validation of untrusted input in Compositing. Reported by Google on 2026-03-26

[N/A][496427030] Low CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth. Reported by Google on 2026-03-26

[N/A][496617698] Low CVE-2026-11237: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-26

[N/A][496705691] Low CVE-2026-11238: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26

[N/A][497025738] Low CVE-2026-11239: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-27

[N/A][497030032] Low CVE-2026-11240: Insufficient validation of untrusted input in Loader. Reported by Google on 2026-03-27

[N/A][497203741] Low CVE-2026-11241: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-28

[N/A][497385823] Low CVE-2026-11242: Insufficient validation of untrusted input in Plugins. Reported by Google on 2026-03-29

[N/A][497394061] Low CVE-2026-11243: Incorrect security UI in Downloads. Reported by Google on 2026-03-29

[N/A][497609145] Low CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication. Reported by Google on 2026-03-30

[N/A][497610654] Low CVE-2026-11245: Inappropriate implementation in Payments. Reported by Google on 2026-03-30

[N/A][497660733] Low CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB. Reported by Google on 2026-03-30

[N/A][497865734] Low CVE-2026-11247: Insufficient policy enforcement in CustomTabs. Reported by Google on 2026-03-30

[N/A][497946941] Low CVE-2026-11248: Policy bypass in Google Lens. Reported by Google on 2026-03-30

[N/A][497989379] Low CVE-2026-11249: Use after free in Network. Reported by Google on 2026-03-31

[N/A][498281224] Low CVE-2026-11250: Inappropriate implementation in DevTools. Reported by Google on 2026-03-31

[N/A][498301853] Low CVE-2026-11251: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-31

[N/A][498373018] Low CVE-2026-11252: Policy bypass in Content Settings. Reported by Google on 2026-04-01

[N/A][498397912] Low CVE-2026-11253: Race in Permissions. Reported by Google on 2026-04-01

[N/A][498405554] Low CVE-2026-11254: Inappropriate implementation in Permissions. Reported by Google on 2026-04-01

[N/A][498417152] Low CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API. Reported by Google on 2026-04-01

[N/A][498856565] Low CVE-2026-11256: Out of bounds read in GPU. Reported by Google on 2026-04-02

[N/A][499051898] Low CVE-2026-11257: Inappropriate implementation in Browser. Reported by Google on 2026-04-02

[N/A][499078161] Low CVE-2026-11258: Inappropriate implementation in File System Access. Reported by Google on 2026-04-02

[N/A][499215943] Low CVE-2026-11259: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499257860] Low CVE-2026-11260: Policy bypass in Permissions. Reported by Google on 2026-04-03

[N/A][499262832] Low CVE-2026-11261: Insufficient validation of untrusted input in PDF. Reported by Google on 2026-04-03

[N/A][499386363] Low CVE-2026-11262: Use after free in TabStrip. Reported by Google on 2026-04-03

[N/A][500044225] Low CVE-2026-11263: Insufficient policy enforcement in WebAuthentication. Reported by Google on 2026-04-06

[N/A][500099106] Low CVE-2026-11264: Policy bypass in Content Security Policy. Reported by Google on 2026-04-06

[N/A][500262869] Low CVE-2026-11265: Insufficient data validation in Autofill. Reported by Google on 2026-04-07

[N/A][500521311] Low CVE-2026-11266: Policy bypass in SafeBrowsing. Reported by Google on 2026-04-08

[N/A][500528267] Low CVE-2026-11267: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-08

[N/A][500528706] Low CVE-2026-11268: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500551122] Low CVE-2026-11269: Inappropriate implementation in Extensions. Reported by Google on 2026-04-08

[N/A][501504245] Low CVE-2026-11270: Inappropriate implementation in UI. Reported by Google on 2026-04-10

[N/A][501685207] Low CVE-2026-11271: Incorrect security UI in Passwords. Reported by Google on 2026-04-11

[N/A][501747321] Low CVE-2026-11272: Insufficient validation of untrusted input in Reading List. Reported by Google on 2026-04-11

[N/A][501757688] Low CVE-2026-11273: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-04-11

[N/A][501760514] Low CVE-2026-11274: Inappropriate implementation in DOM Distiller. Reported by Google on 2026-04-11

[N/A][501763121] Low CVE-2026-11275: Insufficient policy enforcement in Page Info. Reported by Google on 2026-04-11

[N/A][501780338] Low CVE-2026-11276: Inappropriate implementation in Cast. Reported by Google on 2026-04-12

[N/A][501839664] Low CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-12

[N/A][501859865] Low CVE-2026-11278: Inappropriate implementation in CustomTabs. Reported by Google on 2026-04-12

[N/A][501878477] Low CVE-2026-11279: Out of bounds read in DevTools. Reported by Google on 2026-04-12

[N/A][501892820] Low CVE-2026-11280: Insufficient validation of untrusted input in Signin. Reported by Google on 2026-04-12

[N/A][501900366] Low CVE-2026-11281: Integer overflow in Chromoting. Reported by Google on 2026-04-12

[N/A][502023400] Low CVE-2026-11282: Policy bypass in Sandbox. Reported by Google on 2026-04-13

[N/A][502069297] Low CVE-2026-11283: Policy bypass in Shortcuts. Reported by Google on 2026-04-13

[N/A][502073069] Low CVE-2026-11284: Side-channel information leakage in PerformanceAPIs. Reported by Google on 2026-04-13

[N/A][502090914] Low CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-13

[N/A][502110170] Low CVE-2026-11286: Insufficient validation of untrusted input in Wallet. Reported by Google on 2026-04-13

[N/A][502173136] Low CVE-2026-11287: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-04-13

[N/A][502231588] Low CVE-2026-11288: Policy bypass in CSS. Reported by Google on 2026-04-13

[N/A][502239897] Low CVE-2026-11289: Side-channel information leakage in Paint. Reported by Google on 2026-04-13

[N/A][502264647] Low CVE-2026-11290: Integer overflow in WebView. Reported by Google on 2026-04-13

[N/A][502346855] Low CVE-2026-11291: Policy bypass in Android Autofill. Reported by Google on 2026-04-14

[N/A][502358901] Low CVE-2026-11292: Policy bypass in Blink. Reported by Google on 2026-04-14

[TBD][502362260] Low CVE-2026-11293: Use after free in Input. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-14

[N/A][502403953] Low CVE-2026-11294: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502444677] Low CVE-2026-11295: Inappropriate implementation in WebView. Reported by Google on 2026-04-14

[N/A][502493950] Low CVE-2026-11296: Inappropriate implementation in ImageCapture. Reported by Google on 2026-04-14

[N/A][502502017] Low CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode. Reported by Google on 2026-04-14

[N/A][502503860] Low CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-14

[TBD][502598424] Low CVE-2026-11299: Out of bounds read in Fonts. Reported by sharadboni@gmail.com on 2026-04-14

[N/A][503614310] Low CVE-2026-11300: Inappropriate implementation in Permissions. Reported by Google on 2026-04-17

[N/A][504180386] Low CVE-2026-11301: Out of bounds read in LiveCaption. Reported by Google on 2026-04-19

[N/A][504196549] Low CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-19

[N/A][504416752] Low CVE-2026-11303: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504418475] Low CVE-2026-11304: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504545544] Low CVE-2026-11305: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504548949] Low CVE-2026-11306: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504551617] Low CVE-2026-11307: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][505945112] Low CVE-2026-11308: Inappropriate implementation in Extensions. Reported by Google on 2026-04-24

[N/A][506392934] Low CVE-2026-11309: Insufficient policy enforcement in History. Reported by Google on 2026-04-25

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

Distribution Release: Clonezilla Live 3.3.2-31

DistroWatch

Door: distro@distrowatch.com

2 Juni 2026 om 20:13

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Clonezilla Live is a Debian-based live CD containing Clonezilla, a partition and disk cloning software. The project's latest announcement brings Clonezilla Live up to date with Debian's "Unstable" repository: "Stable Clonezilla Live 3.3.2-31 released. This release of Clonezilla live includes major enhancements and bug fixes. Enhancements and changes....

Apple reveals winners of the 2026 Apple Design Awards

Apple Newsroom

Door: Apple Newsroom

2 Juni 2026 om 19:00

Apple announces the winners of the 2026 Apple Design Awards, recognizing outstanding app and game design across six categories.

Apple reveals winners of the 2026 Apple Design Awards

Minecraft 26.2-pre-3 (snapshot) Released

Minecraft

2 Juni 2026 om 13:48

26.2 Pre-Release 3 (known as 26.2-pre-3 in the launcher) is the third pre-release for Java Edition 26.2, released on June 2, 2026. Full changelog: https://minecraft.wiki/Java_Edition_26.2-pre-3

Ben Hutchings: FOSS activity in 2025

Planet Debian

2 Juni 2026 om 16:17

This was a particularly busy month for me in terms of Debian contributions.

It started with a week in Hamburg for the MiniDebConf. I talked to many colleagues face-to-face and worked on various bugs and maintenance tasks. I’m pleased to have finally found the time to reproduce and fix the boot-time crashes in the parallel port subsystem that have been reported many times recently.

A series of easily exploited kernel LPE (local privilege execution) issues were published this month, mostly with very little coordination with distributions. Salvatore and I had to upload fixes for these at roughly weekly intervals. All of these fixes needed to be applied to 4 different upstream branches (currently 5.10, 6.1, 6.12, and 7.0) and 7 Debian branches (including backports).

Debian packages:
- cis-tools:
  - Bugs:
    - replied to #1135267: pack_cis should be installed in /usr/bin
- dracut:
  - Bugs:
    - replied to #1131809: dracut: ppc64el autopkgtest are flaky and take 7 hours per run (and discussed it in-person in Hamburg)
- firmware-free:
  - Bugs:
    - closed #1122755: firmware-free: Please remove/replace usage of dh_movetousr
  - Merge requests:
    - opened !11: Apply relevant changes from firmware-nonfree
- firmware-nonfree:
  - Merge requests:
    - closed !68: Draft: Update bullseye in line with buster
    - reviewed and merged !146: gencontrol: s/initramfs-tools/update-initramfs/
    - merged !147: control: stop suggesting initramfs-tools
    - opened and merged !148: Update to 20260519
    - opened and merged !149: Include more firmware in binary packages
    - opened !150: Update and remove obsolete package relations
- gnome-shell:
  - Bugs:
    - replied to and reassigned #1135951: linux-image-6.12.85+deb13-amd64: secure data is visible when waking from suspsend
- initramfs-tools:
  - Bugs:
    - closed #1108924: initramfs-tools: Cannot boot Trixie d-i rc2 USB storage target riscv64 MODULES=most (missing: cdns3 cdns3_starfive)
  - Merge requests:
  - Uploads:
    - uploaded version 0.148.4 to trixie
- ktls-utils:
  - Merge requests:
    - merged !5: Update to 1.4.0
  - Uploads:
    - uploaded version 1.4.0-1 to unstable
- linux:
  - Bugs:
    - replied to #1130365: linux-image-6.18.15+deb14-amd64: kernel panic during startup
    - replied to #1136800: linux-image-7.0.4+deb14-amd64: fails to boot
    - replied to #1136894: linux-image-7.0.4+deb14-amd64: Kernel Panic - AMDGPU crash
    - replied to #1136978: linux-image-7.0.4+deb14-amd64: kernel NULL pointer dereference
    - replied to and closed #1137202: linux-image-7.1-amd64: Kernel panic on boot
    - replied to #1137203: bnx2: ifupdown-hotplug fails at boot, no network, regression from 5.10.0-42
    - replied to #1137642: linux-image-7.0.7+deb13-amd64: Failed to load Bluetooth driver
  - Merge requests:
    - closed !1720: arm64: Enable Renesas RZ/G2L features
    - merged !1759: [arm64] Enable AIR_EN8811H_PHY as module
    - merged !1792: [arm64] Enable BST platform support
    - closed !1817: [sparc64] Add patches to fix user stack sync and add clone3() syscall
    - merged !1837: [arm64] Enable configs for Qualcomm RB1 boards
    - reviewed !1845: [amd64,arm64] Enable KEXEC_HANDOVER and LIVEUPDATE
    - merged !1878: [riscv64] Enable CMA and DMA_CMA. Set CMA_SIZE_MBYTES=64
    - merged !1884: [amd64] Enable Intel USBIO bridge driver and submodules
    - opened !1904: Improve package descriptions for most of the kernel packages
    - reviewed and merged !1906: Enable SND_SOC_SDCA_CLASS and SND_SOC_SDCA_{FDL, HID, IRQ} for Panther Lake audio support
    - opened and merged !1910: Add backported patches for Dirty Frag attack
    - merged !1911: Qualcomm Monaco and Talos support
    - merged !1913: d/watch: migrate to version 5
    - reviewed !1936: [sparc64] Add nvme module to scsi-modules udeb
    - reviewed !1948: [amd64] Enable Intel Platform Hardware Support Drivers
    - opened and merged !1951: Fix dirtying of the source tree when building tools
    - merged !1954: 7.0 backport ‘Fix for “fragnesia” (CVE-2026-46300) and variants’
    - merged !1955: 6.12 backport ‘Fix for “fragnesia” (CVE-2026-46300) and variants’
    - opened !1956: Draft: Enable a fully parallel build
  - Uploads:
    - (LTS) uploaded versions 5.10.251-2, 5.10.251-3, 5.10.251-4, 5.10.251-5, 5.10.257-1 to bullseye-security
    - uploaded versions 6.12.85-1~bpo12+1, 6.12.86-1~bpo12+1, 6.12.88-1~bpo12+1, 6.12.90-1~bpo12+1, 6.12.90-2~bpo12+1 to bookworm-backports
    - uploaded versions 6.19.14-1~bpo13+1, 7.0.10-1~bpo13+1, 7.0.4-1~bpo13+1, 7.0.7-1~bpo13+1, 7.0.9-1~bpo13+1 to trixie-backports
- (LTS) linux-6.1:
  - Uploads:
    - uploaded versions 6.1.170-1~deb11u1, 6.1.170-3~deb11u1, 6.1.172-1~deb11u1, 6.1.174-1~deb11u1 to bullseye-security
- miniramfs:
  - Bugs:
    - replied to #1132532: miniramfs: Missing cpio dependency
- nfs-utils:
  - Bugs:
    - replied to and closed #1138209: nfs-kernel-server: Parameter RPCNFSDCOUNT from /etc/default/nfs-kernel-server is ignored after Upgrade from Deb12
- wireless-regdb:
  - Uploads:
    - uploaded version 2026.03.18-1 to unstable
Debian non-package bugs:
- release.debian.org:
  - opened #1135902: trixie-pu: package initramfs-tools/0.148.4
Mailing lists:

American Truck Simulator: 1.60 Update Open Beta

SCS Software

Door: David

2 Juni 2026 om 09:42

We’re excited to share that the 1.60 Open Beta for American Truck Simulator is now available for players to try out. If you decide to join the beta, we’d really appreciate it if you report any bugs or issues you encounter in the appropriate section of our official forums.

Your feedback plays a huge role in helping us improve the game, and we truly value the time and effort you put into testing these new features and changes. Now, let’s dive into what you can expect in the 1.60 Open Beta update:

Game Radio

With Update 1.60, we are introducing Game Radio, a brand-new in-game radio system designed to make every drive feel more immersive and authentic. Rather than just playing music, Game Radio gives you five stations with their own distinct sounds, identities, and moods, each one built to shape the atmosphere of your journey in a different way.

At launch, players can tune into Rust FM, Escape, PUMP IT!, Pop Gear, and Roadio, spanning guitar-driven rock and American roots music to electronic, pop, and lo-fi. Each station features carefully curated tracks, handpicked to hold up across many hours on the road. Escape is also the only stream-safe station at launch, designed to help content creators avoid copyright claims.

Game Radio also introduces a new in-game widget displaying station info, track titles, and artist names while driving. Players can customize widget behavior through the Widget Options menu (F6). This update also brings a range of improvements to the existing radio and music player systems.

Game Radio arrives with its musical foundation in place, with more planned for future updates. You can find out more information about Game Radio in our dedicated blog post.

Improved Material System

The Improved Material System significantly improves the lighting and visual quality of vehicle interiors in selected trucks. Its main focus is to enhance how interior materials react to light, which will result in a more readable, detailed, and visually pleasing cabin environment.

During the development of Project Road Trip, we implemented a wide range of visual and technical improvements. One of the most significant changes was a redesign of the materials used in vehicle interiors. As a result, it makes differences between materials such as leather, fabric, plastic, and metal far more apparent, even in low-light conditions. The new solution uses multiple variants of dynamic cubemaps, allowing all materials to reflect their surroundings more naturally and respond to ambient light in a more realistic way.

The entire system was designed from the start with the interiors of trucks in both games in mind, so the base games and their existing fleets will gradually benefit from these improvements as well. The first trucks to benefit from the Improved Material System in ATS will be the Mack Anthem and the Western Star 49X. With future updates, we will gradually add this technology for other trucks across both games. You can read more about this feature here.

Light Tweaks

We have carried out minor adjustments to the global lighting, primarily focused on exposure and contrast balancing, along with subtle visual refinements for bad weather conditions. The work mainly consisted of smoothing out and polishing the overall visuals to achieve a more consistent and refined look.

Players' Company Paint Jobs

After over a year of development as a passion project for the ATS community, players are now able to customize their trucks and trailers with a brand-new collection of company-themed paint jobs inspired by the selectable company identities available when creating a driver profile. These designs bring a more cohesive and professional visual style to your fleet while fitting naturally into the world of ATS.

One of the biggest focuses during development was ensuring that every paint job feels unique, depending on the type of trailer it is applied to. Rather than simply using one design across all trailer models, our teams carefully adapted each company's paint scheme to match the shapes and details of different trailer types. Whether you’re hauling cargo with a tanker, transporting materials in a dumper, or pulling a traditional box trailer, each variant features its own tailored details and layout. You can find out more in our blog here.

Job Details Widget

Based on feedback from our #BestCommunityEver and upcoming widget designs, the Job Details Widget will be introduced with the 1.60 update. Its primary purpose will be to enable a new, more immediate, and concise way of displaying the relevant job info. Also, in response to community feedback, the GPS will now display the estimated arrival day and time, along with the remaining travel time and distance.

Once added, you'll be able to enable the Job Details Widget through the Widget Options menu (F6). The widget will display key job information, including cargo type and weight, delivery location, job income (colour-highlighted), and the remaining time to complete the job, so players will have this info available immediately without the necessity to pause the game. You can read more about the feature here.

Expanded Rest Mechanic

This new feature gives players greater control over their rest periods by allowing them to choose how long they want to sleep and exactly when they want to wake up, instead of being limited to a predefined rest duration.

Alongside this change, the Fatigue system will now be split into two separate values: Rest State and Mandatory Break, each represented by its own icon in the UI.

The Rest State, symbolised by a bed icon, will now gradually deplete rather than recover over time. Extended periods of driving will steadily reduce the Rest State, while resting will restore it at a faster rate.

The Mandatory Break system, indicated by a "P" icon along with the remaining hours before a required stop, will function more strictly. In American Truck Simulator, drivers can stay on the road for up to 14 hours before they must take a mandatory break, requiring 10 consecutive hours of rest afterward. You can read more about this feature here.

Changelog:

Vehicles

Players' Company Paint Jobs

Visual

Improved Material System
Light Tweaks

Sound

Game Radio

UI/UX

Job Details Widget
Expanded Rest Mechanic

Enjoy all the new additions, but please remember: It's only an open beta, not a stable public version, so you may encounter bugs, instability, or crashes. It's completely okay if you want to wait for the final release. But if you're interested in helping us to get there faster, we'd appreciate all of your feedback on our forum and your bug reports in the dedicated section.

Please check our modding wiki to get details pertaining to mods for the game.

If you wish to participate in this Open Beta, you can find this version in the Experimental Beta branch on Steam. The way to access it is as follows: Steam client → LIBRARY → right-click on American Truck Simulator → Properties → Betas tab → Beta Participation drop-down menu → public_beta. No password is required. Sometimes you will have to restart your Steam client to see the correct branch name there.

v1.5.0

VersityGW

Door: benmcclelland

2 Juni 2026 om 03:43

Changelog

3cf10d8 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/storage/azblob
cd3f2ff chore(deps): bump github.com/Azure/go-ntlmssp from 0.1.0 to 0.1.1
deda805 chore(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2
325ab6e chore(deps): bump the dev-dependencies group with 19 updates
fbe2a4b chore(deps): bump the dev-dependencies group with 7 updates
2ed8b78 chore(deps): bump the dev-dependencies group with 9 updates
e4fa31c chore: fix sidecar flag in runtests to correctly pass test option
db3478d chore: update go package dependencies
861c5f5 feat: add bucket metrics tag when request specifies a bucket
d1fba07 feat: add custom route and middleware options
8ae566d feat: add new ErrNoSpaceLeftOnDevice API error for ENOSPC errors
20939bd feat: extract gateway runtime into embeddable package
9f786b3 feat: global error refactoring
cb609e4 feat: replace webui client-side name filter with server-side prefix filter
d2fa265 feat: support sha512, md5, xxhash3, xxhash64, xxhash128 data integrity checksums
e6aa9de fix: apply CORS middleware to admin CreateBucket route
8d5b2be fix: check PutObjectTagging/LegalHold/Retention permissions on PutObject,CopyObject and CreateMultipartUpload
e137e8d fix: connection early termination resulting in internal error
a5fc7c1 fix: decode URL hash in webui before parsing bucket/prefix
5774702 fix: enforce required SignedHeaders validation for SigV4 requests
0e165ed fix: expose x-amz-storage-class in CORS response headers
4ef090d fix: fix empty ownership control rules panic
fe3cfbf fix: forward slash url encoded used as bucket/key separator
ed1ad6b fix: honor explicit public bucket policy deny
2c0844a fix: ignore implicit directories for Get/HeadObject
cd0b4e6 fix: normalize object keys during bucket policy evaluation
e69d073 fix: reject SigV2 requests
eecc1a7 fix: reject invalid PostObject keys
27971f2 fix: remove unsigned chunk reader caching
d498d48 fix: replace misleading webui CORS error toast with generic network error message
dd27c6c fix: scoutfs multipart alignment check for last part
bb3cdd9 fix: skip integration tests not compatible in sidecar
5cb5541 fix: store object multipart upload metadata compressed

Amin Bandali: Free software activities in May 2026

Planet Debian

1 Juni 2026 om 04:30

Hello and welcome to my May 2026 free software activities report. A lot's been going on in my life offline so I took a bit of a hiatus from doing these reports, but I've had a fairly productive month of May so I thought it'd be nice to do another one for this month.

GNU & FSF

GNU Emacs:
- ffs-0.2.2: I finally polished and published my ffs package for GNU Emacs on GNU ELPA. Many thanks to Protesilaos for rounds of code review and feedback for improving and polishing the package in preparation for submission to GNU ELPA.
- bug#81101: Trying to visit https://www.emacswiki.org in EWW I noticed it fails with a Somebody wants you to give them money error due to the anti-bot challenge being served with a HTTP 402 (Payment Required) response. So I landed a patch 12eec781ed6 to no longer do that. Thanks to Emacs comaintainer Sean Whitton for reviewing and approving my proposed patch.
- bug#81107: I noticed that in EWW, unlike <input type="submit"> HTML buttons, <button> elements were not tab-stoppable, leading to poorer usability and accessibility. So I landed a patch ec3d662de0b to fix that. Thanks to Emacs comaintainer Eli Zaretskii for reviewing, providing feedback, and accepting my proposed change.
- Emacs Chat with Sacha Chua: I joined Sacha for a new episode of her Emacs Chat podcast, where we talked about Emacs and life. I gave a quick tour of my Emacs configuration, discussing at length my configurations for EXWM (Emacs X Window Manager) among other topics like Emacs's facility for visually indicating buffer boundaries in the fringe by setting indicate-buffer-boundaries and my convenience configuration macros.
maintainers@: I started the next long-overdue round of emails to GNU package maintainers to confirm the contact information we have on file for them and get a brief status update about their packages. Emails are sent in small batches to keep the workload of handling the responses manageable for assistant GNUisances.
GNU Spotlight: I prepared and sent the May GNU Spotlight to the FSF campaigns team for publication on the FSF's community blog and the monthly Free Software Supporter newsletter.

Debian

I've begun the work toward updating the Jami package in Debian unstable again, which means I need to package new releases of its direct and indirect dependencies. For OpenDHT, I need to update RESTinio, and to do that I first need to package expected-lite and sobjectizer for Debian:

#1120837: ITP: expected-lite – expected objects for C++11 and later
#1137609: ITP: sobjectizer – C++ implementation of Actor, Publish-Subscribe, and CSP models

I've been working on packaging both and hope to have them uploaded to the archive in the next days and weeks.

That's it for this month's report.

Take care, and so long for now.

Lees weergave