Описание
Security update for chromium
This update for chromium fixes the following issues:
Changes in chromium:
- Chromium 146.0.7680.177 (boo#1261249)
- CVE-2026-5273: Use after free in CSS
- CVE-2026-5272: Heap buffer overflow in GPU
- CVE-2026-5274: Integer overflow in Codecs
- CVE-2026-5275: Heap buffer overflow in ANGLE
- CVE-2026-5276: Insufficient policy enforcement in WebUSB
- CVE-2026-5277: Integer overflow in ANGLE
- CVE-2026-5278: Use after free in Web MIDI
- CVE-2026-5279: Object corruption in V8
- CVE-2026-5280: Use after free in WebCodecs
- CVE-2026-5281: Use after free in Dawn
- CVE-2026-5282: Out of bounds read in WebCodecs
- CVE-2026-5283: Inappropriate implementation in ANGLE
- CVE-2026-5284: Use after free in Dawn
- CVE-2026-5285: Use after free in WebGL
- CVE-2026-5286: Use after free in Dawn
- CVE-2026-5287: Use after free in PDF
- CVE-2026-5288: Use after free in WebView
- CVE-2026-5289: Use after free in Navigation
- CVE-2026-5290: Use after free in Compositing
- CVE-2026-5291: Inappropriate implementation in WebGL
- CVE-2026-5292: Out of bounds read in WebCodecs
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1261249
- SUSE CVE CVE-2026-5272 page
- SUSE CVE CVE-2026-5273 page
- SUSE CVE CVE-2026-5274 page
- SUSE CVE CVE-2026-5275 page
- SUSE CVE CVE-2026-5276 page
- SUSE CVE CVE-2026-5277 page
- SUSE CVE CVE-2026-5278 page
- SUSE CVE CVE-2026-5279 page
- SUSE CVE CVE-2026-5280 page
- SUSE CVE CVE-2026-5281 page
- SUSE CVE CVE-2026-5282 page
- SUSE CVE CVE-2026-5283 page
- SUSE CVE CVE-2026-5284 page
- SUSE CVE CVE-2026-5285 page
- SUSE CVE CVE-2026-5286 page
- SUSE CVE CVE-2026-5287 page
- SUSE CVE CVE-2026-5288 page
- SUSE CVE CVE-2026-5289 page
Описание
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5272
- SUSE Bug 1261249
Описание
Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5273
- SUSE Bug 1261249
Описание
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5274
- SUSE Bug 1261249
Описание
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5275
- SUSE Bug 1261249
Описание
Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5276
- SUSE Bug 1261249
Описание
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5277
- SUSE Bug 1261249
Описание
Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5278
- SUSE Bug 1261249
Описание
Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5279
- SUSE Bug 1261249
Описание
Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5280
- SUSE Bug 1261249
Описание
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5281
- SUSE Bug 1261249
Описание
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5282
- SUSE Bug 1261249
Описание
Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5283
- SUSE Bug 1261249
Описание
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5284
- SUSE Bug 1261249
Описание
Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5285
- SUSE Bug 1261249
Описание
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5286
- SUSE Bug 1261249
Описание
Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5287
- SUSE Bug 1261249
Описание
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5288
- SUSE Bug 1261249
Описание
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5289
- SUSE Bug 1261249
Описание
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-5290
- SUSE Bug 1261249
Описание
Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-5291
- SUSE Bug 1261249
Описание
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-5292
- SUSE Bug 1261249