Описание
Security update for chromium
This update for chromium fixes the following issues:
Changes in chromium:
- Chromium 146.0.7680.164 (boo#1260376)
- CVE-2026-4673: Heap buffer overflow in WebAudio
- CVE-2026-4674: Out of bounds read in CSS
- CVE-2026-4675: Heap buffer overflow in WebGL
- CVE-2026-4676: Use after free in Dawn
- CVE-2026-4677: Out of bounds read in WebAudio
- CVE-2026-4678: Use after free in WebGPU
- CVE-2026-4679: Integer overflow in Fonts
- CVE-2026-4680: Use after free in FedCM
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1260376
- SUSE CVE CVE-2026-4673 page
- SUSE CVE CVE-2026-4674 page
- SUSE CVE CVE-2026-4675 page
- SUSE CVE CVE-2026-4676 page
- SUSE CVE CVE-2026-4677 page
- SUSE CVE CVE-2026-4678 page
- SUSE CVE CVE-2026-4679 page
- SUSE CVE CVE-2026-4680 page
Описание
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4673
- SUSE Bug 1260376
Описание
Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4674
- SUSE Bug 1260376
Описание
Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4675
- SUSE Bug 1260376
Описание
Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4676
- SUSE Bug 1260376
Описание
Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4677
- SUSE Bug 1260376
Описание
Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4678
- SUSE Bug 1260376
Описание
Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4679
- SUSE Bug 1260376
Описание
Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-4680
- SUSE Bug 1260376