❌

Normale weergave

Ontvangen β€” 18 Maart 2026 ⏭

Stable Channel Update for Desktop

βœ‡Google Chrome
20 Maart 2026 om 02:31

The Stable channel has been updated to 146.0.7680.153/154 for Windows/MacΒ  andΒ 146.0.7680.153 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in theΒ Log

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 26 security fixes. Please see the Chrome Security Page for more information.


[TBD][475877320] Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15
[TBD][485935305] Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20
[TBD][489381399] Critical CVE-2026-4441: Use after free in Base. Reported by Google on 2026-03-03
[TBD][484751092] High CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse on 2026-02-16
[TBD][485292589] High CVE-2026-4443: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18
[TBD][486349161] High CVE-2026-4444: Stack buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-21
[TBD][486421953] High CVE-2026-4445: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[TBD][486421954] High CVE-2026-4446: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[TBD][486657483] High CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge on 2026-02-23
[TBD][486972661] High CVE-2026-4448: Heap buffer overflow in ANGLE. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-02-23
[TBD][487117772] High CVE-2026-4449: Use after free in Blink. Reported by Syn4pse on 2026-02-24
[TBD][487746373] High CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c on 2026-02-26
[TBD][487768779] High CVE-2026-4451: Insufficient validation of untrusted input in Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-26
[TBD][487977696] High CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-26
[TBD][488400770] High CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip on 2026-02-27
[TBD][488585488] High CVE-2026-4454: Use after free in Network. Reported by heapracer (@heapracer) on 2026-03-01
[TBD][488585504] High CVE-2026-4455: Heap buffer overflow in PDFium. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-01
[TBD][488617440] High CVE-2026-4456: Use after free in Digital Credentials API. Reported by sean wong on 2026-02-28
[TBD][488803413] High CVE-2026-4457: Type Confusion in V8. Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-03-01
[TBD][489619753] High CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim on 2026-03-04
[TBD][490246422] High CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-06
[TBD][490254124] High CVE-2026-4460: Out of bounds read in Skia. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-06
[TBD][490558172] High CVE-2026-4461: Inappropriate implementation in V8. Reported by Google on 2026-03-07
[TBD][491080830] High CVE-2026-4462: Out of bounds read in Blink. Reported by heapracer (@heapracer) on 2026-03-09
[TBD][491358681] High CVE-2026-4463: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-10
[TBD][487208468] Medium CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun on 2026-02-24


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out howΒ here. If you find a new issue, please let us know byΒ filing a bug. TheΒ community help forumΒ is also a great place to reach out for help or learn about common issues.


Srinivas Sista

Google Chrome
  •  
  • ↗️

Distribution Release: Asahi Linux 43

βœ‡DistroWatch
Door: distro@distrowatch.com
18 Maart 2026 om 15:42
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Asahi Linux is an open-source project that ports Fedora to Apple computers that use Apple's Silicon-powered (AArch64) processors. The project's latest version is Fedora Asahi Remix 43. "We are happy to announce the general availability of Fedora Asahi Remix 43. This release brings Fedora Linux 43 to Apple....
  •  
  • ↗️

Distribution Release: Peropesis 3.2

βœ‡DistroWatch
Door: distro@distrowatch.com
18 Maart 2026 om 12:58
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Peropesis project has published a new release, version 3.2, which introduces a dozen new software packages. "Peropesis 3.2 is released. In the new edition, part of the old software was updated and new software was installed. New software installed: 1. git 2.53.0. Git is version control system,....
  •  
  • ↗️

v24.10.6

βœ‡OpenWrt
Door: github-actions[bot]
19 Maart 2026 om 00:07

Hi,

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 24.10 stable series.

Download firmware images using the OpenWrt Firmware Selector:

Download firmware images directly from our download servers:

Main changes between OpenWrt 24.10.5 and OpenWrt 24.10.6

Only the main changes are listed below. See changelog-24.10.6 for the full changelog.

Security fixes

OpenWrt components (Trail of Bits audit, February 2026):

  • CVE-2026-30871: Stack buffer overflow in umdns DNS PTR query handling (HIGH)
  • CVE-2026-30872: Stack buffer overflow in umdns IPv6 reverse DNS lookup (HIGH)
  • CVE-2026-30873: Memory leak in jsonpath when processing strings, labels, and regexp tokens (LOW)
  • CVE-2026-30874: Command execution via PATH environment variable filter bypass in procd (LOW)

LuCI:

  • CVE-2026-32721: Possible XSS attack via malicious SSID in LuCI WiFi scan modal (MEDIUM)

OpenSSL:

  • openssl: update to 3.0.19, fixing multiple security vulnerabilities

Device support

  • airoha: an7581: fix switch port and LED functionality
  • ath79: CF-EW71 v2: fix MAC address assignment
  • imx: Gateworks Venice GW72xx-2x, GW73xx-2x, GW75xx-0x, GW75xx-2x: add sysupgrade support
  • ipq40xx: ASUS Lyra: fix reading of WiFi calibration data
  • lantiq: fix GPIO expander clock, restoring correct LED and GPIO behaviour on affected devices
  • mediatek: Banana Pi BPi-R3: fix PWM fan speed control β€” medium cooling level now works correctly
  • mediatek: Cudy AP3000 v1, Cudy WR3000H: fix Ethernet connectivity on units with a Motorcomm PHY
  • mediatek: Cudy M3000, ramips: Cudy AP1300 Outdoor: fix incorrect Ethernet port assignment
  • mediatek: Cudy WR3000P: enable USB 3.0 support in default firmware image
  • mediatek: GL-MT2500: fix sysupgrade compatibility from earlier releases
  • mt7620: fix potential crash on MT7620-based devices
  • ramips: mt76x8: fix boot counter tracking
  • realtek: GS1900-24E: fix switch reliability

Various fixes and improvements

  • imx: cortexa53: fix memory allocation for DMA-intensive operations
  • jsonpath: fix memory leak (CVE-2026-30873)
  • mac80211: ath11k: fix crash caused by unsupported 11ax EDCA parameters
  • mac80211: ath9k: fix WiFi hang β€” chip is now automatically reset on inactivity
  • mt76: mt76x02: fix WiFi traffic stall after interface reconfiguration
  • procd: fix security issues (CVE-2026-30874) and other improvements
  • umdns: fix security issues (CVE-2026-30871, CVE-2026-30872)

Core components update

  • Linux kernel: update from 6.6.119 to 6.6.127
  • openssl: update from 3.0.18 to 3.0.19
  • procd: update from 2024-12-22 to 2026-03-14
  • umdns: update from 2025-02-10 to 2026-02-06
  • wireless-regdb: update from 2025.10.07 to 2026.02.04

OpenWrt 24.10 end of life

With the release of OpenWrt 25.12 stable series, the OpenWrt 24.10 stable series will go end of life in 6 months. We will not provide security updates for OpenWrt 24.10 after September 2026. We encourage everyone to upgrade to OpenWrt 25.12 before September 2026.

Upgrading to 24.10

Sysupgrade can be used to upgrade a device from 23.05 to 24.10, and configuration will be preserved in most cases.

For for upgrades inside the OpenWrt 24.10 stable series for example from a OpenWrt 24.10 release candidate Attended Sysupgrade is supported in addition which allows preserving the installed packages too.

  • Sysupgrade from 22.03 to 24.10 is not officially supported.

  • There is no configuration migration path for users of the ipq806x target for Qualcomm Atheros IPQ806X SoCs because it switched to DSA. You have to upgrade without saving the configuration.
    ''Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed''

  • User of the Linksys E8450 aka. Belkin RT3200 running OpenWrt 23.05 or earlier will need to run installer version v1.1.3 or later in order to reorganize the UBI layout for the 24.10 release. A detailed description is in the OpenWrt wiki. Updating without using the installer will break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

  • Users of the Xiaomi AX3200 aka. Redmi AX6S running OpenWrt 23.05 or earlier have to follow a special upgrade procedure described in the wiki. This will increase the flash memory available for OpenWrt. Updating without following the guide in the wiki break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

  • Users of Zyxel GS1900 series switches running OpenWrt 23.05 or earlier have to perform a new factory install with the initramfs image due to a changed partition layout. Sysupgrade will show a warning before doing an incompatible upgrade and is not possible. After upgrading, the config file /etc/config/system should not be restored from a backup, as this will overwrite the new compat_version value.

Known issues

  • LEDs for Airoha AN8855 are not yet supported. Devices like the Xiaomi AX3000T with an Airoha switch will have their switch LEDs powered off. This issue will be addressed in an upcoming OpenWrt SNAPSHOT and the OpenWrt 24.10 minor release.
  • 5GHz WiFi is non-functional on certain devices with ath10k chipsets. Affected models include the Phicomm K2T, TP-Link Archer C60 v3 and possibly others. For details, see issue #14541.

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/24.10/notes-24.10.6

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/24.10/notes-24.10.6#known_issues

For a detailed list of all changes since 24.10.5, refer to
https://openwrt.org/releases/24.10/changelog-24.10.6

To download the 24.10.6 images, navigate to:
https://downloads.openwrt.org/releases/24.10.6/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org?version=24.10.6

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

  •  
  • ↗️

v25.12.1

βœ‡OpenWrt
Door: github-actions[bot]
19 Maart 2026 om 00:07

Hi,

The OpenWrt community is proud to announce the first service release of the OpenWrt 25.12 stable series.

Download firmware images using the OpenWrt Firmware Selector:

Download firmware images directly from our download servers:

Main changes between OpenWrt 25.12.0 and OpenWrt 25.12.1

Only the main changes are listed below. See the full changelog for details.

Security fixes

OpenWrt components (Trail of Bits audit, February 2026):

  • CVE-2026-30871: Stack buffer overflow in umdns DNS PTR query handling (HIGH)
  • CVE-2026-30872: Stack buffer overflow in umdns IPv6 reverse DNS lookup (HIGH)
  • CVE-2026-30873: Memory leak in jsonpath when processing strings, labels, and regexp tokens (LOW)
  • CVE-2026-30874: Command execution via PATH environment variable filter bypass in procd (LOW)

LuCI:

  • CVE-2026-32721: Possible XSS attack via malicious SSID in LuCI WiFi scan modal (HIGH)

Additional hardening from the same Trail of Bits audit (no CVE assigned):

  • odhcpd: fix stack buffer overflow in DHCPv6 Identity Association logging
  • procd: fix out-of-bounds write in cgroup path building and cgroup rule application

Device support

  • airoha: fix EN7581 PCIe initialization and add x2 (2-lane) link support β€” improves PCIe reliability and unlocks full bandwidth for affected devices
  • ath79: TP-Link RE355 v1, RE450 v1/v2: fix partition alignment to prevent configuration loss on sysupgrade
  • ipq40xx: Devolo Magic 2 WiFi next: enable device support
  • ipq40xx: re-enable MeshPoint.One target
  • ipq806x: AP3935: fix U-Boot NVMEM layout
  • lantiq: fix GPIO expander clock (gpio-stp-xway) β€” restores correct LED and GPIO behaviour on affected devices
  • lantiq: fix missing WAN MAC address assignment on some devices
  • mediatek: Cudy M3000: add support for hardware variant with Motorcomm YT8821 PHY (previously only the Realtek PHY variant was supported)
  • mediatek: TP-Link BE450: fix 10GbE PHY reset timing that caused intermittent boot stalls, add missing WLAN toggle button, fix reported memory size
  • microchipsw: Novarq Tactical 1000: fix swapped SFP I2C buses for ports 1 and 3 β€” fixes SFP EEPROM read failures
  • ramips: Keenetic KN-1910: fix sysupgrade functionality
  • realtek: RTL838x-based switches: fix non-functional reboot
  • treewide: Linksys devices: fix MAC address assignment

WiFi fixes and improvements

  • mac80211: fix crash triggered by Channel Switch Announcement (CSA) when AP VLAN interfaces are in use
  • mt76: add MT7990 firmware support (new MediaTek WiFi 7 chipset)
  • mt76: mt7915: fix power save mode handling
  • mt76: mt7921/MT7902: add MT7902e MCU and DMA layout support
  • mt76: mt7996/mt7992: fix crash in transmit path, fix out-of-bounds access during hardware restart, improve MLO/CSA and radar detection support
  • wifi-scripts: fix incorrect VHT160 capability advertisement β€” was incorrectly set on non-160 MHz AP configurations, degrading station upload speed (#22435)
  • wifi-scripts: fix malformed wpa_supplicant config when 802.1X EAP credentials (identity, password, certificates) contain spaces (#22212)

Web interface (LuCI) and system fixes

  • luci-mod-network: fix XSS vulnerability in WiFi scan modal (CVE-2026-32721)
  • ustream-ssl (OpenSSL variant): fix use-after-free crash causing uhttpd (the LuCI web server) to crash under high load (#19349)

Networking and system fixes

  • firewall4: set as the preferred firewall package over the legacy firewall package
  • iptables: prefer the nftables-backed variants (iptables-nft, ip6tables-nft) when iptables is pulled in as a dependency
  • kernel: CAKE QoS scheduler fixes β€” avoid unnecessary synchronization overhead when running without a rate limit, fix DiffServ rate scaling
  • kernel: SFP: improve Huawei MA5671a module support β€” module is now accessible even when no fiber is connected
  • odhcpd: fix segfault when disabling a DHCP interface, fix DHCPv4 lease tree corruption, fix truncated field in DHCPv6 lease queries, fix DNS search list padding
  • ppp: fix potential memory safety issue (undefined behavior in memcpy with overlapping buffers); remove the MRU limit patch for PPPoE connections (ppp-project/ppp#573)

Package manager (apk)

  • apk: update to version 3.0.5 with several OpenWrt-specific bug fixes
  • apk: add --force-reinstall option to reinstall already-installed packages without requiring a version change

Core component updates

  • apk: update from 3.0.2 to 3.0.5
  • jsonfilter: update from 2025-10-04 to 2026-03-16 (fixes CVE-2026-30873)
  • libubox: update from 2026-02-13 to 2026-03-13 (ABI version stabilized for 25.12 stable series)
  • Linux kernel: update from 6.12.71 to 6.12.74
  • odhcpd: update from 2026-01-19 to 2026-03-16
  • omcproxy: update from 2025-10-04 to 2026-03-07
  • procd: update from 2026-02-20 to 2026-03-14 (fixes CVE-2026-30874)
  • umdns: update from 2025-10-04 to 2026-02-06 (fixes CVE-2026-30871, CVE-2026-30872)
  • ustream-ssl: update from 2025-10-03 to 2026-03-01

Upgrading to 25.12.1

Upgrading from 24.10 to 25.12 should be transparent on most devices, as most configuration data has either remained the same or will be translated correctly on first boot by the package init scripts.
For upgrades within the OpenWrt 25.12 stable series, Attended Sysupgrade is also supported, which allows preserving the installed packages.

  • Sysupgrade from 23.05 or earlier to 25.12 is not officially supported.

  • Cron log level was fixed in busybox. system.@system[0].cronloglevel should be set to 7 for normal logging. 7 is the default now. If this option is not set, the default is used and no manual action is needed. fc0c518

  • Bananapi BPI-R4: Interface eth1 was renamed to sfp-lan or lan4, and interface eth2 was renamed to sfp-wan to match the labels. You have to upgrade without saving the configuration. cd8dcfe

  • TP-Link RE355 v1, RE450 v1 and RE450 v2: The partition layout and block size changed in this release to fix configuration loss on sysupgrade. Users upgrading from OpenWrt 25.12.0 or earlier must use sysupgrade -F to force the upgrade. The image must not exceed 5.875 MB (6016 KiB).

Known issues

  • Zyxel EX5601-T0: the WAN interface was renamed from eth1 to wan β€” check and update your network configuration after upgrading.
  • Pixel 10 phones have problems connecting to WPA3-protected WiFi 6 APs. #21486
  • 802.11r Fast Transition (FT) causes connection problems with some WiFi clients when WPA3 is used. #22200
  • SQM CAKE MQ (cake_mq): throughput may be unexpectedly low on some configurations after the scheduler fixes in this release. #22344
  • 160 MHz channel width cannot be configured. #22481

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/25.12/notes-25.12.1

In particular, make sure to read the known issues before upgrading:
https://openwrt.org/releases/25.12/notes-25.12.1#known_issues

For a detailed list of all changes, refer to
https://openwrt.org/releases/25.12/changelog-25.12.1

To download the 25.12.1 images, navigate to:
https://downloads.openwrt.org/releases/25.12.1/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org?version=25.12.1

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

  •  
  • ↗️
❌