Описание
Security update for chromium
This update for chromium fixes the following issues:
Changes in chromium:
- Chromium 145.0.7632.116 (boo#1258733):
- CVE-2026-3061: Out of bounds read in Media
- CVE-2026-3062: Out of bounds read and write in Tint
- CVE-2025-3063: Inappropriate implementation in DevTools
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1258733
- SUSE CVE CVE-2025-3063 page
- SUSE CVE CVE-2026-3061 page
- SUSE CVE CVE-2026-3062 page
Описание
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Затронутые продукты
Ссылки
- CVE-2025-3063
Описание
Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3061
- SUSE Bug 1258733
Описание
Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3062
- SUSE Bug 1258733