Описание
Security update for chromium
This update for chromium fixes the following issues:
Changes in chromium:
- Chromium 146.0.7680.153 (boo#1259964):
- CVE-2026-4439: Out of bounds memory access in WebGL
- CVE-2026-4440: Out of bounds read and write in WebGL
- CVE-2026-4441: Use after free in Base
- CVE-2026-4442: Heap buffer overflow in CSS
- CVE-2026-4443: Heap buffer overflow in WebAudio
- CVE-2026-4444: Stack buffer overflow in WebRTC
- CVE-2026-4445: Use after free in WebRTC
- CVE-2026-4446: Use after free in WebRTC
- CVE-2026-4447: Inappropriate implementation in V8
- CVE-2026-4448: Heap buffer overflow in ANGLE
- CVE-2026-4449: Use after free in Blink
- CVE-2026-4450: Out of bounds write in V8
- CVE-2026-4451: Insufficient validation of untrusted input in Navigation
- CVE-2026-4452: Integer overflow in ANGLE
- CVE-2026-4453: Integer overflow in Dawn
- CVE-2026-4454: Use after free in Network
- CVE-2026-4455: Heap buffer overflow in PDFium
- CVE-2026-4456: Use after free in Digital Credentials API
- CVE-2026-4457: Type Confusion in V8
- CVE-2026-4458: Use after free in Extensions
- CVE-2026-4459: Out of bounds read and write in WebAudio
- CVE-2026-4460: Out of bounds read in Skia
- CVE-2026-4461: Inappropriate implementation in V8
- CVE-2026-4462: Out of bounds read in Blink
- CVE-2026-4463: Heap buffer overflow in WebRTC
- CVE-2026-4464: Integer overflow in ANGLE
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1259964
- SUSE CVE CVE-2026-4439 page
- SUSE CVE CVE-2026-4440 page
- SUSE CVE CVE-2026-4441 page
- SUSE CVE CVE-2026-4442 page
- SUSE CVE CVE-2026-4443 page
- SUSE CVE CVE-2026-4444 page
- SUSE CVE CVE-2026-4445 page
- SUSE CVE CVE-2026-4446 page
- SUSE CVE CVE-2026-4447 page
- SUSE CVE CVE-2026-4448 page
- SUSE CVE CVE-2026-4449 page
- SUSE CVE CVE-2026-4450 page
- SUSE CVE CVE-2026-4451 page
- SUSE CVE CVE-2026-4452 page
- SUSE CVE CVE-2026-4453 page
- SUSE CVE CVE-2026-4454 page
- SUSE CVE CVE-2026-4455 page
- SUSE CVE CVE-2026-4456 page
Описание
Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-4439
- SUSE Bug 1259964
Описание
Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-4440
- SUSE Bug 1259964
Описание
Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-4441
- SUSE Bug 1259964
Описание
Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4442
- SUSE Bug 1259964
Описание
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4443
- SUSE Bug 1259964
Описание
Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4444
- SUSE Bug 1259964
Описание
Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4445
- SUSE Bug 1259964
Описание
Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4446
- SUSE Bug 1259964
Описание
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4447
- SUSE Bug 1259964
Описание
Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4448
- SUSE Bug 1259964
Описание
Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4449
- SUSE Bug 1259964
Описание
Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4450
- SUSE Bug 1259964
Описание
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4451
- SUSE Bug 1259964
Описание
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4452
- SUSE Bug 1259964
Описание
Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4453
- SUSE Bug 1259964
Описание
Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4454
- SUSE Bug 1259964
Описание
Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4455
- SUSE Bug 1259964
Описание
Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4456
- SUSE Bug 1259964
Описание
Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4457
- SUSE Bug 1259964
Описание
Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4458
- SUSE Bug 1259964
Описание
Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4459
- SUSE Bug 1259964
Описание
Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4460
- SUSE Bug 1259964
Описание
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4461
- SUSE Bug 1259964
Описание
Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4462
- SUSE Bug 1259964
Описание
Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4463
- SUSE Bug 1259964
Описание
Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-4464
- SUSE Bug 1259964