Fedora has released important security updates for Chromium, Vim, and EDK2 across its recent distribution versions. The new Chromium build addresses critical memory corruption flaws that could compromise DevTools or GPU rendering processes. Vim receives a targeted patch to prevent arbitrary code execution through its NetBeans interface integration. Meanwhile, the EDK2 firmware upgrade for Fedora 43 restores reliable HTTPS booting, bumps OpenSSL to version 3.5.6, and resolves a denial of service vulnerability in CMS processing.

Fedora 44 Update: chromium-147.0.7727.116-1.fc44
Fedora 44 Update: vim-9.2.390-1.fc44
Fedora 43 Update: edk2-20260213-4.fc43

[SECURITY] Fedora 44 Update: chromium-147.0.7727.116-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7521734dcc
2026-04-29 02:55:16.411979+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 147.0.7727.116
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 147.0.7727.116
* High CVE-2026-6919: Use after free in DevTools
* High CVE-2026-6920: Out of bounds read in GPU
* Medium CVE-2026-6921: Race in GPU
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 23 2026 Than Ngo [than@redhat.com] - 147.0.7727.116-1
- Update to 147.0.7727.116
* High CVE-2026-6919: Use after free in DevTools
* High CVE-2026-6920: Out of bounds read in GPU
* Medium CVE-2026-6921: Race in GPU
- Fix rhbz#2458171, unexpanded macros in manpage
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2458171 - unexpanded macros/variables? in manpage
https://bugzilla.redhat.com/show_bug.cgi?id=2458171
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7521734dcc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: vim-9.2.390-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3954a4ed07
2026-04-29 02:55:16.411974+00:00
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 44
Version : 9.2.390
Release : 1.fc44
URL : https://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2026-39881
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 24 2026 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.2.390-1
- patchlevel 390
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2456722 - CVE-2026-39881 vim: Vim: Arbitrary code execution via command injection in NetBeans interface
https://bugzilla.redhat.com/show_bug.cgi?id=2456722
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3954a4ed07' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: edk2-20260213-4.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a484707720
2026-04-29 02:45:22.223433+00:00
--------------------------------------------------------------------------------

Name : edk2
Product : Fedora 43
Version : 20260213
Release : 4.fc43
URL : http://www.tianocore.org
Summary : UEFI firmware for 64-bit virtual machines
Description :
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.

--------------------------------------------------------------------------------
Update Information:

unbreak https boot
update openssl to 3.5.6
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 23 2026 Gerd Hoffmann [kraxel@redhat.com] - 20260213-4
- unbreak https boot
* Thu Apr 9 2026 Gerd Hoffmann [kraxel@redhat.com] - 20260213-3
- update openssl to 3.5.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2456455 - CVE-2026-28390 edk2: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2456455
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a484707720' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new