Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0129

NIXPKGS-2026-0129
published on
Permalink CVE-2026-1861
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    28 packages
    • chromedriver
    • netflix
    • mkchromecast
    • chrome-export
    • go-chromecast
    • xf86videoopenchrome
    • chrome-token-signing
    • chrome-pak-customizer
    • curl-impersonate-chrome
    • electron-chromedriver_33
    • electron-chromedriver_34
    • electron-chromedriver_35
    • electron-chromedriver_36
    • electron-chromedriver_37
    • electron-chromedriver_38
    • electron-chromedriver_39
    • electron-chromedriver_40
    • xorg.xf86videoopenchrome
    • ocamlPackages.chrome-trace
    • noto-fonts-monochrome-emoji
    • python312Packages.pychromecast
    • python313Packages.pychromecast
    • python314Packages.pychromecast
    • ocamlPackages_latest.chrome-trace
    • python312Packages.undetected-chromedriver
    • python313Packages.undetected-chromedriver
    • python314Packages.undetected-chromedriver
    • grafanaPlugins.ventura-psychrometric-panel
    2 months, 1 week ago
  • @LeSuisse accepted 2 months, 1 week ago
  • @LeSuisse published on GitHub 2 months, 1 week ago
Heap buffer overflow in libvpx in Google Chrome prior to …

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected products

Chrome
  • <144.0.7559.132

Matching in nixpkgs

Ignored packages (28)

pkgs.netflix

Open Netflix in Google Chrome app mode

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin

pkgs.chrome-export

Scripts to save Google Chrome's bookmarks and history as HTML bookmarks files

  • nixos-unstable 2.0.2
    • nixpkgs-unstable 2.0.2
    • nixos-unstable-small 2.0.2
  • nixos-25.11 -
    • nixos-25.11-small 2.0.2
    • nixpkgs-25.11-darwin 2.0.2

pkgs.go-chromecast

CLI for Google Chromecast, Home devices and Cast Groups

  • nixos-unstable 0.3.4
    • nixpkgs-unstable 0.3.4
    • nixos-unstable-small 0.3.4
  • nixos-25.11 -
    • nixos-25.11-small 0.3.4
    • nixpkgs-25.11-darwin 0.3.4

pkgs.xf86videoopenchrome

VIA Technologies UniChrome and Chrome9 IGP video driver for the Xorg X server

  • nixos-unstable -

pkgs.chrome-token-signing

Chrome and Firefox extension for signing with your eID on the web

  • nixos-unstable 1.1.5
    • nixpkgs-unstable 1.1.5
    • nixos-unstable-small 1.1.5
  • nixos-25.11 -
    • nixos-25.11-small 1.1.5
    • nixpkgs-25.11-darwin 1.1.5

Package maintainers

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html