chromium -- security fixes

Chrome Releases reports:

This update includes 29 security fixes:

• [483445078] Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10
• [481776048] High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04
• [483971526] High CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-12
• [482828615] High CVE-2026-3916: Out of bounds read in Web Speech. Reported by Grischa Hauser on 2026-02-09
• [483569512] High CVE-2026-3917: Use after free in Agents. Reported by Syn4pse on 2026-02-11
• [483853103] High CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse on 2026-02-12
• [444176961] High CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2025-09-10
• [482875307] High CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google on 2026-02-09
• [484946544] High CVE-2026-3921: Use after free in TextEncoding. Reported by Pranamya Keshkamat & Cantina.xyz on 2026-02-17
• [485397139] High CVE-2026-3922: Use after free in MediaStream. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18
• [485935314] High CVE-2026-3923: Use after free in WebMIDI. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20
• [487338366] High CVE-2026-3924: Use after free in WindowDialog. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25
• [418214610] Medium CVE-2026-3925: Incorrect security UI in LookalikeChecks. Reported by NDevTK and Alesandro Ortiz on 2025-05-17
• [478659010] Medium CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c on 2026-01-26
• [474948986] Medium CVE-2026-3927: Incorrect security UI in PictureInPicture. Reported by Barath Stalin K on 2026-01-11
• [435980394] Medium CVE-2026-3928: Insufficient policy enforcement in Extensions. Reported by portsniffer443 on 2025-08-03
• [477180001] Medium CVE-2026-3929: Side-channel information leakage in ResourceTiming. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-20
• [476898368] Medium CVE-2026-3930: Unsafe navigation in Navigation. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-19
• [417599694] Medium CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2025-05-14
• [478296121] Medium CVE-2026-3932: Insufficient policy enforcement in PDF. Reported by Ayato Shitomi on 2026-01-23
• [478783560] Medium CVE-2026-3934: Insufficient policy enforcement in ChromeDriver. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-26
• [479326680] Medium CVE-2026-3935: Incorrect security UI in WebAppInstalls. Reported by Barath Stalin K on 2026-01-28
• [481920229] Medium CVE-2026-3936: Use after free in WebView. Reported by Am4deu$ on 2026-02-05
• [473118648] Low CVE-2026-3937: Incorrect security UI in Downloads. Reported by Abhishek Kumar on 2026-01-03
• [474763968] Low CVE-2026-3938: Insufficient policy enforcement in Clipboard. Reported by vicevirus on 2026-01-10
• [40058077] Low CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK on 2021-11-30
• [470574526] Low CVE-2026-3940: Insufficient policy enforcement in DevTools. Reported by Jorian Woltjer, Mian, bug_blitzer on 2025-12-21
• [474670215] Low CVE-2026-3941: Insufficient policy enforcement in DevTools. Reported by Lyra Rebane (rebane2001) on 2026-01-10
• [475238879] Low CVE-2026-3942: Incorrect security UI in PictureInPicture. Reported by Barath Stalin K on 2026-01-12

[source]