Skip to content

Update Google Chrome to patch CVE-2026-5870#43465

Closed
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
patch-cve-2026-5870-chrome-update
Closed

Update Google Chrome to patch CVE-2026-5870#43465
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
patch-cve-2026-5870-chrome-update

Conversation

@kilo-code-bot
Copy link
Copy Markdown
Contributor

@kilo-code-bot kilo-code-bot Bot commented Apr 13, 2026

Summary

  • Pin Google Chrome Fleet-maintained apps to patched versions to address CVE-2026-5870 (Integer Overflow in Skia — High severity, remote code execution via crafted HTML page)
  • macOS (google-chrome/darwin): pinned to version 147.0.7727.56
  • Windows (google-chrome/windows): pinned to version 147.0.7727.55

Vulnerability Details

CVE-2026-5870 is a high-severity integer overflow vulnerability in Google Chrome's Skia graphics engine. An attacker can exploit this via a crafted HTML page to achieve remote code execution. The fix is to update Chrome to version 147.0.7727.55 (Linux/Windows) or 147.0.7727.56 (Mac).

Changes

Only it-and-security/fleets/workstations.yml was modified. A version field was added to each Google Chrome fleet_maintained_apps entry to pin the specific patched version. No other changes were made.

Built for Dhruv Majumdar by Kilo for Slack

@kilo-code-bot
Update Google Chrome to patch CVE-2026-5870
849331b 
Pin Google Chrome Fleet-maintained apps to patched versions:
- macOS (google-chrome/darwin): 147.0.7727.56
- Windows (google-chrome/windows): 147.0.7727.55

CVE-2026-5870 is a high-severity integer overflow in Skia that enables
remote code execution via a crafted HTML page.
@kilo-code-bot kilo-code-bot Bot requested a review from allenhouchins as a code owner April 13, 2026 16:21
claude[bot]
claude Bot reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.91%. Comparing base (98e08ad) to head (849331b).
⚠️ Report is 9 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff            @@
##             main   #43465    +/-   ##
========================================
  Coverage   66.91%   66.91%            
========================================
  Files        2596     2596            
  Lines      208103   208103            
  Branches     9321     9171   -150     
========================================
+ Hits       139248   139250     +2     
+ Misses      56199    56198     -1     
+ Partials    12656    12655     -1
Flag Coverage Δ
fleetd-chrome 73.69% <ø> (ø)
frontend 54.78% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@allenhouchins allenhouchins Awaiting requested review from allenhouchins allenhouchins is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@allenhouchins