Описание
Security update for chromium
This update for chromium fixes the following issues:
Changes in chromium:
-
more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script (boo#1258199)
-
also copy rollup into third_party/node/node_modules
-
stay on llvm-10 for swiftshader but bring a similar patch
-
drop use of rollup binaries and use rollup-3.x which does not use prebuilt binaries (that fail at least on older ppc64le) follow the approach of the debian packaging
-
update/resync ppc64le patches from fedora
-
fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199)
-
Chromium 145.0.7632.75:
- CVE-2026-2441: Use after free in CSS (boo#1258185)
-
Chromium 145.0.7632.67:
- Revert a change in url_fixer that may have caused crashes
-
Chromium 145.0.7632.45 (boo#1258116)
- jpeg-xl support has been readded
- CVE-2026-2313: Use after free in CSS
- CVE-2026-2314: Heap buffer overflow in Codecs
- CVE-2026-2315: Inappropriate implementation in WebGPU
- CVE-2026-2316: Insufficient policy enforcement in Frames
- CVE-2026-2317: Inappropriate implementation in Animation
- CVE-2026-2318: Inappropriate implementation in PictureInPicture
- CVE-2026-2319: Race in DevTools
- CVE-2026-2320: Inappropriate implementation in File input
- CVE-2026-2321: Use after free in Ozone
- CVE-2026-2322: Inappropriate implementation in File input
- CVE-2026-2323: Inappropriate implementation in Downloads
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1258116
- SUSE Bug 1258185
- SUSE Bug 1258199
- SUSE CVE CVE-2026-2313 page
- SUSE CVE CVE-2026-2314 page
- SUSE CVE CVE-2026-2315 page
- SUSE CVE CVE-2026-2316 page
- SUSE CVE CVE-2026-2317 page
- SUSE CVE CVE-2026-2318 page
- SUSE CVE CVE-2026-2319 page
- SUSE CVE CVE-2026-2320 page
- SUSE CVE CVE-2026-2321 page
- SUSE CVE CVE-2026-2322 page
- SUSE CVE CVE-2026-2323 page
- SUSE CVE CVE-2026-2441 page
Описание
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-2313
- SUSE Bug 1258116
Описание
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-2314
- SUSE Bug 1258116
Описание
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-2315
- SUSE Bug 1258116
Описание
Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-2316
- SUSE Bug 1258116
Описание
Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-2317
- SUSE Bug 1258116
Описание
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-2318
- SUSE Bug 1258116
Описание
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-2319
- SUSE Bug 1258116
Описание
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-2320
- SUSE Bug 1258116
Описание
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-2321
- SUSE Bug 1258116
Описание
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-2322
- SUSE Bug 1258116
Описание
Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-2323
- SUSE Bug 1258116
Описание
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-2441
- SUSE Bug 1258185