chore: cherry-pick 17 changes from angle, chromium, webrtc#51906
Merged
Conversation
dsanders11
approved these changes
Jun 6, 2026
jkleinsc
approved these changes
Jun 8, 2026
|
Release Notes Persisted
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports the following changes:
16dcbc3d1476from chromium — win: Use static to keep track of in progress drags (503551154, CVE-2026-9110)12cce13db567from webrtc — [M146] [Pipewire] Fix mouse cursor data race (504551032, CVE-2026-9111)7d0b7c526075from chromium — Add AMSC macro to QuicProxyDatagramClientSocket (495798630, CVE-2026-9114 — hardening mitigation; see note below)1cd1e8607c8efrom chromium — Block invalid responses for Static Router cache source (495999481, CVE-2026-9115)e2b91876eb01from chromium — Enforce CORP for Static Router Cache Source (497436273, CVE-2026-9116)2cdb07c74d06from chromium — Enable ServiceWorkerStaticRouterCORPCheck and OpaqueCheck by default (495999481 / 497436273, CVE-2026-9115 / CVE-2026-9116)faada322153dfrom chromium — [media/gpu] Enforce safe range for NativePixmapPlane construction (497542537, CVE-2026-9117)7adec41c4fdcfrom chromium — Remove GPU observer in XRRuntimeManager destructor (498702233, CVE-2026-9118)21d9744bd599from webrtc — Always release VideoEncoders before destruction (504620824, CVE-2026-9120)458a75ec3e37from webrtc — Call Release in SimulcastEncoderAdapter destructor if inited (504620824, CVE-2026-9120)86d64be7672efrom angle — Translator: Fix codegen of switch with empty last case (488064108, CVE-2026-9121)0323970550b9from angle — Metal: Fix pitch computation for compressed textures in PBOs (489579953, CVE-2026-9122)b885cb0c8e97from chromium — input: Validate SetMouseCapture requests in the browser process (496375695, CVE-2026-9124)d3ea06df9a4cfrom chromium — Use index-based for in Element::CloneAttributesFrom (496280532, CVE-2026-9126)155b785d0e4ffrom chromium — Add stronger (D)CHECK()s around batch setting of attributes (496280532, CVE-2026-9126)6aa38f2d02b7from chromium — Add EventDispatchForbiddenScope for batch attribute notification (496280532, CVE-2026-9126)926d3d259750from chromium — Avoid setting attribute in SliderThumbElement constructor (496280532, CVE-2026-9126)Covers the security fixes from the Chrome 148.0.7778.178 stable release that were missing from the 41-x-y tree (Chromium 146.0.7680.216). Already in-tree and therefore not included: CVE-2026-9112, CVE-2026-9113 (ANGLE M146 merges), CVE-2026-9119 (WebRTC M146 merge).
For CVE-2026-9114 (QUIC use-after-free), the cherry-pick is the same hardening mitigation Chrome shipped on stable (
ADVANCED_MEMORY_SAFETY_CHECKS()on the vulnerable class); the actual fix (7900197) landed on Chromium main on 2026-06-04 and has not shipped in any Chrome stable channel yet.Intentionally not backported:
7765503(CVE-2026-9123) touches onlychromecast/media/, which Electron does not compile.Notes: Security: backported fixes for CVE-2026-9110, CVE-2026-9111, CVE-2026-9114, CVE-2026-9115, CVE-2026-9116, CVE-2026-9117, CVE-2026-9118, CVE-2026-9120, CVE-2026-9121, CVE-2026-9122, CVE-2026-9124, CVE-2026-9126.