Qt qtwebengine-chromium repo reports:
Backports for 7 security bugs in Chromium:
- CVE-2025-13638: Prevent media element GC in callbacks in WebMediaPlayerMS
- CVE-2025-13639: Improve validation of SDP direction in remote description
- CVE-2025-13720: Avoid downcasting Hash and Integrity reports
- CVE-2025-14174: Metal: Don't use pixelsDepthPitch to size buffers
- CVE-2025-14765: Polyfill unary negation and abs for amd mesa frontend
- CVE-2026-0908: Use CheckedNumerics in HandleAllocator
- CVE-2026-1504: Block opaque 416 responses to non-range requests