chromium -- security fixes

Chrome Releases reports:

This update includes 31 security fixes:

• [490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05
• [493628982] Critical CVE-2026-6297: Use after free in Proxy. Reported by heapracer on 2026-03-17
• [495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24
• [497053588] Critical CVE-2026-6299: Use after free in Prerender. Reported by Google on 2026-03-28
• [497724498] Critical CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-30
• [490251701] High CVE-2026-6359: Use after free in Video. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06
• [491994185] High CVE-2026-6300: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12
• [495273999] High CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c on 2026-03-23
• [495477995] High CVE-2026-6302: Use after free in Video. Reported by Syn4pse on 2026-03-24
• [496282147] High CVE-2026-6303: Use after free in Codecs. Reported by Google on 2026-03-25
• [496393742] High CVE-2026-6304: Use after free in Graphite. Reported by Google on 2026-03-26
• [496618639] High CVE-2026-6305: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-26
• [496907110] High CVE-2026-6306: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27
• [497404188] High CVE-2026-6307: Type Confusion in Turbofan. Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-03-29
• [497412658] High CVE-2026-6308: Out of bounds read in Media. Reported by Google on 2026-03-29
• [497846428] High CVE-2026-6309: Use after free in Viz. Reported by Google on 2026-03-30
• [497880137] High CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam on 2026-03-31
• [497969820] High CVE-2026-6310: Use after free in Dawn. Reported by Google on 2026-03-31
• [498201025] High CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google on 2026-03-31
• [498269651] High CVE-2026-6312: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-31
• [498765210] High CVE-2026-6313: Insufficient policy enforcement in CORS. Reported by Google on 2026-04-02
• [498782145] High CVE-2026-6314: Out of bounds write in GPU. Reported by Google on 2026-04-02
• [499247910] High CVE-2026-6315: Use after free in Permissions. Reported by Google on 2026-04-03
• [499384399] High CVE-2026-6316: Use after free in Forms. Reported by Google on 2026-04-03
• [500036290] High CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google on 2026-04-06
• [500066234] High CVE-2026-6362: Use after free in Codecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07
• [500091052] High CVE-2026-6317: Use after free in Cast. Reported by Google on 2026-04-06
• [495751197] Medium CVE-2026-6363: Type Confusion in V8. Reported by Google on 2026-03-24
• [495996858] Medium CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse on 2026-03-25
• [499018889] Medium CVE-2026-6319: Use after free in Payments. Reported by pwn2addr on 2026-04-02
• [502103414] Medium CVE-2026-6364: Out of bounds read in Skia. Reported by Google Threat Intelligence on 2026-04-13

[source]