Описание
Security update for chromium
This update for chromium fixes the following issues:
Changes in chromium:
- Chromium 148.0.7778.215 (boo#1266471):
- CVE-2026-9872: Out of bounds write in GPU
- CVE-2026-9873: Use after free in Network
- CVE-2026-9874: Use after free in Dawn
- CVE-2026-9875: Out of bounds read in WebGL
- CVE-2026-9876: Use after free in WebGL
- CVE-2026-9877: Use after free in ANGLE
- CVE-2026-9878: Use after free in ANGLE
- CVE-2026-9879: Out of bounds write in ANGLE
- CVE-2026-9880: Insufficient validation of untrusted input in WebGL
- CVE-2026-9881: Use after free in Bluetooth
- CVE-2026-9882: Integer overflow in ANGLE
- CVE-2026-9883: Use after free in Base
- CVE-2026-9884: Use after free in Browser
- CVE-2026-9885: Insufficient validation of untrusted input in UI
- CVE-2026-9886: Use after free in Base
- CVE-2026-9887: Use after free in Proxy
- CVE-2026-9888: Use after free in WebView
- CVE-2026-9889: Out of bounds read and write in Dawn
- CVE-2026-9890: Use after free in XR
- CVE-2026-9891: Use after free in Extensions
- CVE-2026-9892: Inappropriate implementation in Skia
- CVE-2026-9893: Use after free in Skia
- CVE-2026-9894: Use after free in GPU
- CVE-2026-9895: Out of bounds read in GPU
- CVE-2026-9896: Out of bounds write in V8
- CVE-2026-9897: Use after free in DOM
- CVE-2026-9898: Insufficient validation of untrusted input in GPU
- CVE-2026-9899: Use after free in ANGLE
- CVE-2026-9900: Out of bounds write in ANGLE
- CVE-2026-9901: Use after free in ANGLE
- CVE-2026-9902: Use after free in Accessibility
- CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
- CVE-2026-9904: Use after free in ANGLE
- CVE-2026-9905: Use after free in Accessibility
- CVE-2026-9906: Out of bounds write in GPU
- CVE-2026-9907: Out of bounds read in Dawn
- CVE-2026-9908: Out of bounds read in ANGLE
- CVE-2026-9909: Integer overflow in Skia
- CVE-2026-9910: Out of bounds memory access in ANGLE
- CVE-2026-9911: Integer overflow in ANGLE
- CVE-2026-9912: Inappropriate implementation in GPU
- CVE-2026-9913: Inappropriate implementation in ANGLE
- CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
- CVE-2026-9915: Heap buffer overflow in ANGLE
- CVE-2026-9916: Out of bounds write in ANGLE
- CVE-2026-9917: Uninitialized Use in WebGL
- CVE-2026-9918: Inappropriate implementation in Tint
- CVE-2026-9919: Out of bounds read in WebGL
- CVE-2026-9920: Uninitialized Use in GPU
- CVE-2026-9921: Uninitialized Use in WebGL
- CVE-2026-9922: Use after free in GPU
- CVE-2026-9923: Use after free in Skia
- CVE-2026-9924: Heap buffer overflow in ANGLE
- CVE-2026-9925: Use after free in ANGLE
- CVE-2026-9926: Heap buffer overflow in ANGLE
- CVE-2026-9927: Use after free in ANGLE
- CVE-2026-9928: Out of bounds read in ANGLE
- CVE-2026-9929: Inappropriate implementation in WebGL
- CVE-2026-9930: Out of bounds write in Dawn
- CVE-2026-9931: Use after free in GPU
- CVE-2026-9932: Use after free in ANGLE
- CVE-2026-9933: Use after free in Input
- CVE-2026-9934: Use after free in Aura
- CVE-2026-9935: Uninitialized Use in ANGLE
- CVE-2026-9936: Use after free in GFX
- CVE-2026-9937: Use after free in UI
- CVE-2026-9938: Inappropriate implementation in V8
- CVE-2026-9939: Heap buffer overflow in WebCodecs
- CVE-2026-9940: Heap buffer overflow in ANGLE
- CVE-2026-9941: Use after free in ANGLE
- CVE-2026-9942: Uninitialized Use in ANGLE
- CVE-2026-9943: Out of bounds read in WebGL
- CVE-2026-9944: Uninitialized Use in ANGLE
- CVE-2026-9945: Use after free in Media
- CVE-2026-9946: Use after free in ANGLE
- CVE-2026-9947: Use after free in XML
- CVE-2026-9948: Use after free in Views
- CVE-2026-9949: Use after free in Core
- CVE-2026-9950: Insufficient validation of untrusted input in iOS
- CVE-2026-9951: Use after free in UI
- CVE-2026-9952: Use after free in WebAudio
- CVE-2026-9953: Out of bounds read in ANGLE
- CVE-2026-9954: Use after free in TabStrip
- CVE-2026-9955: Inappropriate implementation in iOS
- CVE-2026-9956: Use after free in iOS
- CVE-2026-9957: Use after free in PDF
- CVE-2026-9958: Use after free in PDFium
- CVE-2026-9959: Race in WebRTC
- CVE-2026-9960: Integer overflow in PDFium
- CVE-2026-9961: Use after free in SurfaceCapture
- CVE-2026-9962: Use after free in WebRTC
- CVE-2026-9963: Uninitialized Use in iOS
- CVE-2026-9964: Use after free in Bluetooth
- CVE-2026-9965: Out of bounds write in ANGLE
- CVE-2026-9966: Integer overflow in XML
- CVE-2026-9967: Out of bounds write in GPU
- CVE-2026-9968: Integer overflow in V8
- CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
- CVE-2026-9970: Use after free in WebGL
- CVE-2026-9971: Inappropriate implementation in iOS
- CVE-2026-9972: Uninitialized Use in Gamepad
- CVE-2026-9973: Out of bounds write in V8
- CVE-2026-9974: Out of bounds write in GPU
- CVE-2026-9975: Out of bounds read and write in ANGLE
- CVE-2026-9976: Inappropriate implementation in USB
- CVE-2026-9977: Insufficient validation of untrusted input in WebShare
- CVE-2026-9978: Use after free in Glic
- CVE-2026-9979: Insufficient validation of untrusted input in Input
- CVE-2026-9980: Insufficient validation of untrusted input in Printing
- CVE-2026-9981: Inappropriate implementation in Skia
- CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
- CVE-2026-9983: Type Confusion in Skia
- CVE-2026-9984: Use after free in UI
- CVE-2026-9985: Insufficient validation of untrusted input in Media
- CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
- CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
- CVE-2026-9988: Use after free in WebRTC
- CVE-2026-9989: Inappropriate implementation in Media
- CVE-2026-9990: Use after free in WebAppInstalls
- CVE-2026-9991: Inappropriate implementation in Media
- CVE-2026-9992: Use after free in Network
- CVE-2026-9993: Use after free in Views
- CVE-2026-9994: Use after free in Core
- CVE-2026-9995: Use after free in WebXR
- CVE-2026-9996: Out of bounds read in WebRTC
- CVE-2026-9997: Use after free in Input
- CVE-2026-9998: Integer overflow in Skia
- CVE-2026-9999: Inappropriate implementation in ANGLE
- CVE-2026-10000: Use after free in Passwords
- CVE-2026-10001: Use after free in PerformanceManager
- CVE-2026-10002: Use after free in PDFium
- CVE-2026-10003: Use after free in Views
- CVE-2026-10004: Insufficient validation of untrusted input in Passwords
- CVE-2026-10005: Use after free in WebAppInstalls
- CVE-2026-10006: Race in WebAudio
- CVE-2026-10007: Use after free in SVG
- CVE-2026-10008: Uninitialized Use in GPU
- CVE-2026-10009: Integer overflow in Skia
- CVE-2026-10010: Inappropriate implementation in Input
- CVE-2026-10011: Inappropriate implementation in Skia
- CVE-2026-10012: Use after free in Skia
- CVE-2026-10013: Use after free in WebCodecs
- CVE-2026-10014: Use after free in WebMIDI
- CVE-2026-10015: Integer overflow in WTF
- CVE-2026-10016: Use after free in DOM
- CVE-2026-10017: Out of bounds read in Headless
- CVE-2026-10018: Integer overflow in ANGLE
- CVE-2026-10019: Integer overflow in ANGLE
- CVE-2026-10020: Insufficient validation of untrusted input in Skia
- CVE-2026-10021: Insufficient validation of untrusted input in USB
- CVE-2026-10022: Type Confusion in V8
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1266471
- SUSE CVE CVE-2026-10000 page
- SUSE CVE CVE-2026-10001 page
- SUSE CVE CVE-2026-10002 page
- SUSE CVE CVE-2026-10003 page
- SUSE CVE CVE-2026-10004 page
- SUSE CVE CVE-2026-10005 page
- SUSE CVE CVE-2026-10006 page
- SUSE CVE CVE-2026-10007 page
- SUSE CVE CVE-2026-10008 page
- SUSE CVE CVE-2026-10009 page
- SUSE CVE CVE-2026-10010 page
- SUSE CVE CVE-2026-10011 page
- SUSE CVE CVE-2026-10012 page
- SUSE CVE CVE-2026-10013 page
- SUSE CVE CVE-2026-10014 page
- SUSE CVE CVE-2026-10015 page
- SUSE CVE CVE-2026-10016 page
- SUSE CVE CVE-2026-10017 page
Описание
Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10000
- SUSE Bug 1266471
Описание
Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10001
- SUSE Bug 1266471
Описание
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10002
- SUSE Bug 1266471
Описание
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10003
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10004
- SUSE Bug 1266471
Описание
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10005
- SUSE Bug 1266471
Описание
Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10006
- SUSE Bug 1266471
Описание
Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10007
- SUSE Bug 1266471
Описание
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10008
- SUSE Bug 1266471
Описание
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10009
- SUSE Bug 1266471
Описание
Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10010
- SUSE Bug 1266471
Описание
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10011
- SUSE Bug 1266471
Описание
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10012
- SUSE Bug 1266471
Описание
Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10013
- SUSE Bug 1266471
Описание
Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10014
- SUSE Bug 1266471
Описание
Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10015
- SUSE Bug 1266471
Описание
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-10016
- SUSE Bug 1266471
Описание
Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-10017
- SUSE Bug 1266471
Описание
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-10018
- SUSE Bug 1266471
Описание
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-10019
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-10020
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-10021
- SUSE Bug 1266471
Описание
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2026-10022
- SUSE Bug 1266471
Описание
Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9872
- SUSE Bug 1266471
Описание
Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9873
- SUSE Bug 1266471
Описание
Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9874
- SUSE Bug 1266471
Описание
Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9875
- SUSE Bug 1266471
Описание
Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9876
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9877
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9878
- SUSE Bug 1266471
Описание
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9879
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9880
- SUSE Bug 1266471
Описание
Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9881
- SUSE Bug 1266471
Описание
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9882
- SUSE Bug 1266471
Описание
Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9883
- SUSE Bug 1266471
Описание
Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9884
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9885
- SUSE Bug 1266471
Описание
Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9886
- SUSE Bug 1266471
Описание
Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9887
- SUSE Bug 1266471
Описание
Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9888
- SUSE Bug 1266471
Описание
Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9889
- SUSE Bug 1266471
Описание
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9890
- SUSE Bug 1266471
Описание
Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9891
- SUSE Bug 1266471
Описание
Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9892
- SUSE Bug 1266471
Описание
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2026-9893
- SUSE Bug 1266471
Описание
Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9894
- SUSE Bug 1266471
Описание
Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9895
- SUSE Bug 1266471
Описание
Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9896
- SUSE Bug 1266471
Описание
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9897
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9898
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9899
- SUSE Bug 1266471
Описание
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9900
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9901
- SUSE Bug 1266471
Описание
Use after free in Accessibility in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9902
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9903
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9904
- SUSE Bug 1266471
Описание
Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9905
- SUSE Bug 1266471
Описание
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9906
- SUSE Bug 1266471
Описание
Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9907
- SUSE Bug 1266471
Описание
Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9908
- SUSE Bug 1266471
Описание
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9909
- SUSE Bug 1266471
Описание
Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9910
- SUSE Bug 1266471
Описание
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9911
- SUSE Bug 1266471
Описание
Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9912
- SUSE Bug 1266471
Описание
Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9913
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9914
- SUSE Bug 1266471
Описание
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9915
- SUSE Bug 1266471
Описание
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9916
- SUSE Bug 1266471
Описание
Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9917
- SUSE Bug 1266471
Описание
Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9918
- SUSE Bug 1266471
Описание
Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9919
- SUSE Bug 1266471
Описание
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9920
- SUSE Bug 1266471
Описание
Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9921
- SUSE Bug 1266471
Описание
Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9922
- SUSE Bug 1266471
Описание
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9923
- SUSE Bug 1266471
Описание
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9924
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9925
- SUSE Bug 1266471
Описание
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9926
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9927
- SUSE Bug 1266471
Описание
Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9928
- SUSE Bug 1266471
Описание
Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9929
- SUSE Bug 1266471
Описание
Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9930
- SUSE Bug 1266471
Описание
Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9931
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9932
- SUSE Bug 1266471
Описание
Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9933
- SUSE Bug 1266471
Описание
Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9934
- SUSE Bug 1266471
Описание
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9935
- SUSE Bug 1266471
Описание
Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9936
- SUSE Bug 1266471
Описание
Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9937
- SUSE Bug 1266471
Описание
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9938
- SUSE Bug 1266471
Описание
Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9939
- SUSE Bug 1266471
Описание
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9940
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9941
- SUSE Bug 1266471
Описание
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9942
- SUSE Bug 1266471
Описание
Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9943
- SUSE Bug 1266471
Описание
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9944
- SUSE Bug 1266471
Описание
Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9945
- SUSE Bug 1266471
Описание
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9946
- SUSE Bug 1266471
Описание
Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9947
- SUSE Bug 1266471
Описание
Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9948
- SUSE Bug 1266471
Описание
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9949
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9950
- SUSE Bug 1266471
Описание
Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9951
- SUSE Bug 1266471
Описание
Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9952
- SUSE Bug 1266471
Описание
Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9953
- SUSE Bug 1266471
Описание
Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9954
- SUSE Bug 1266471
Описание
Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9955
- SUSE Bug 1266471
Описание
Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9956
- SUSE Bug 1266471
Описание
Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9957
- SUSE Bug 1266471
Описание
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9958
- SUSE Bug 1266471
Описание
Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9959
- SUSE Bug 1266471
Описание
Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9960
- SUSE Bug 1266471
Описание
Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9961
- SUSE Bug 1266471
Описание
Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9962
- SUSE Bug 1266471
Описание
Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9963
- SUSE Bug 1266471
Описание
Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9964
- SUSE Bug 1266471
Описание
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9965
- SUSE Bug 1266471
Описание
Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9966
- SUSE Bug 1266471
Описание
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9967
- SUSE Bug 1266471
Описание
Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9968
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9969
- SUSE Bug 1266471
Описание
Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9970
- SUSE Bug 1266471
Описание
Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9971
- SUSE Bug 1266471
Описание
Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9972
- SUSE Bug 1266471
Описание
Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9973
- SUSE Bug 1266471
Описание
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9974
- SUSE Bug 1266471
Описание
Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9975
- SUSE Bug 1266471
Описание
Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9976
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9977
- SUSE Bug 1266471
Описание
Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9978
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9979
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9980
- SUSE Bug 1266471
Описание
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9981
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9982
- SUSE Bug 1266471
Описание
Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9983
- SUSE Bug 1266471
Описание
Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9984
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9985
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9986
- SUSE Bug 1266471
Описание
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9987
- SUSE Bug 1266471
Описание
Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9988
- SUSE Bug 1266471
Описание
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9989
- SUSE Bug 1266471
Описание
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9990
- SUSE Bug 1266471
Описание
Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9991
- SUSE Bug 1266471
Описание
Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9992
- SUSE Bug 1266471
Описание
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9993
- SUSE Bug 1266471
Описание
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9994
- SUSE Bug 1266471
Описание
Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9995
- SUSE Bug 1266471
Описание
Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9996
- SUSE Bug 1266471
Описание
Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9997
- SUSE Bug 1266471
Описание
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9998
- SUSE Bug 1266471
Описание
Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2026-9999
- SUSE Bug 1266471