Описание
Security update for chromium
This update for chromium fixes the following issues:
Changes in chromium:
-
Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659)
-
Chromium 146.0.7680.75 (released 2026-03-12) (boo#1259648)
- CVE-2026-3910: Inappropriate implementation in V8.
-
Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530)
- CVE-2026-3913: Heap buffer overflow in WebML
- CVE-2026-3914: Integer overflow in WebML
- CVE-2026-3915: Heap buffer overflow in WebML
- CVE-2026-3916: Out of bounds read in Web Speech
- CVE-2026-3917: Use after free in Agents
- CVE-2026-3918: Use after free in WebMCP
- CVE-2026-3919: Use after free in Extensions
- CVE-2026-3920: Out of bounds memory access in WebML
- CVE-2026-3921: Use after free in TextEncoding
- CVE-2026-3922: Use after free in MediaStream
- CVE-2026-3923: Use after free in WebMIDI
- CVE-2026-3924: Use after free in WindowDialog
- CVE-2026-3925: Incorrect security UI in LookalikeChecks
- CVE-2026-3926: Out of bounds read in V8
- CVE-2026-3927: Incorrect security UI in PictureInPicture
- CVE-2026-3928: Insufficient policy enforcement in Extensions
- CVE-2026-3929: Side-channel information leakage in ResourceTiming
- CVE-2026-3930: Unsafe navigation in Navigation
- CVE-2026-3931: Heap buffer overflow in Skia
- CVE-2026-3932: Insufficient policy enforcement in PDF
- CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
- CVE-2026-3935: Incorrect security UI in WebAppInstalls
- CVE-2026-3936: Use after free in WebView
- CVE-2026-3937: Incorrect security UI in Downloads
- CVE-2026-3938: Insufficient policy enforcement in Clipboard
- CVE-2026-3939: Insufficient policy enforcement in PDF
- CVE-2026-3940: Insufficient policy enforcement in DevTools
- CVE-2026-3941: Insufficient policy enforcement in DevTools
- CVE-2026-3942: Incorrect security UI in PictureInPicture
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1259530
- SUSE Bug 1259648
- SUSE Bug 1259659
- SUSE CVE CVE-2026-3909 page
- SUSE CVE CVE-2026-3910 page
- SUSE CVE CVE-2026-3913 page
- SUSE CVE CVE-2026-3914 page
- SUSE CVE CVE-2026-3915 page
- SUSE CVE CVE-2026-3916 page
- SUSE CVE CVE-2026-3917 page
- SUSE CVE CVE-2026-3918 page
- SUSE CVE CVE-2026-3919 page
- SUSE CVE CVE-2026-3920 page
- SUSE CVE CVE-2026-3921 page
- SUSE CVE CVE-2026-3922 page
- SUSE CVE CVE-2026-3923 page
- SUSE CVE CVE-2026-3924 page
- SUSE CVE CVE-2026-3925 page
- SUSE CVE CVE-2026-3926 page
Описание
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3909
- SUSE Bug 1259648
Описание
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3910
- SUSE Bug 1259648
Описание
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-3913
- SUSE Bug 1259530
Описание
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3914
- SUSE Bug 1259530
Описание
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3915
- SUSE Bug 1259530
Описание
Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3916
- SUSE Bug 1259530
Описание
Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3917
- SUSE Bug 1259530
Описание
Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3918
- SUSE Bug 1259530
Описание
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3919
- SUSE Bug 1259530
Описание
Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3920
- SUSE Bug 1259530
Описание
Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3921
- SUSE Bug 1259530
Описание
Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3922
- SUSE Bug 1259530
Описание
Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3923
- SUSE Bug 1259530
Описание
use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-3924
- SUSE Bug 1259530
Описание
Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3925
- SUSE Bug 1259530
Описание
Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3926
- SUSE Bug 1259530
Описание
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3927
- SUSE Bug 1259530
Описание
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3928
- SUSE Bug 1259530
Описание
Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3929
- SUSE Bug 1259530
Описание
Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3930
- SUSE Bug 1259530
Описание
Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3931
- SUSE Bug 1259530
Описание
Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3932
- SUSE Bug 1259530
Описание
Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3934
- SUSE Bug 1259530
Описание
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3935
- SUSE Bug 1259530
Описание
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-3936
- SUSE Bug 1259530
Описание
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-3937
- SUSE Bug 1259530
Описание
Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-3938
- SUSE Bug 1259530
Описание
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-3939
- SUSE Bug 1259530
Описание
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-3940
- SUSE Bug 1259530
Описание
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-3941
- SUSE Bug 1259530
Описание
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2026-3942
- SUSE Bug 1259530