|
|
Log in / Subscribe / Register

SUSE alert openSUSE-SU-2026:20422-1 (chromium)



From:
              null@suse.de


To:
              security-announce@lists.opensuse.org


Subject:
              openSUSE-SU-2026:20422-1: important: Security update for chromium


Date:
              Sat, 28 Mar 2026 17:51:59 +0100


Message-ID:
              <20260328165159.5B451FD57@maintenance.suse.de>


Archive-link:
              Article


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20422-1
Rating: important
References:

  * bsc#1259964



Cross-References:

  * CVE-2026-4439
  * CVE-2026-4440
  * CVE-2026-4441
  * CVE-2026-4442
  * CVE-2026-4443
  * CVE-2026-4444
  * CVE-2026-4445
  * CVE-2026-4446
  * CVE-2026-4447
  * CVE-2026-4448
  * CVE-2026-4449
  * CVE-2026-4450
  * CVE-2026-4451
  * CVE-2026-4452
  * CVE-2026-4453
  * CVE-2026-4454
  * CVE-2026-4455
  * CVE-2026-4456
  * CVE-2026-4457
  * CVE-2026-4458
  * CVE-2026-4459
  * CVE-2026-4460
  * CVE-2026-4461
  * CVE-2026-4462
  * CVE-2026-4463
  * CVE-2026-4464



Affected Products:

         openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 26 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Changes in chromium:

- Chromium 146.0.7680.153 (boo#1259964):
  * CVE-2026-4439: Out of bounds memory access in WebGL
  * CVE-2026-4440: Out of bounds read and write in WebGL
  * CVE-2026-4441: Use after free in Base
  * CVE-2026-4442: Heap buffer overflow in CSS
  * CVE-2026-4443: Heap buffer overflow in WebAudio
  * CVE-2026-4444: Stack buffer overflow in WebRTC
  * CVE-2026-4445: Use after free in WebRTC
  * CVE-2026-4446: Use after free in WebRTC
  * CVE-2026-4447: Inappropriate implementation in V8
  * CVE-2026-4448: Heap buffer overflow in ANGLE
  * CVE-2026-4449: Use after free in Blink
  * CVE-2026-4450: Out of bounds write in V8
  * CVE-2026-4451: Insufficient validation of untrusted input in Navigation
  * CVE-2026-4452: Integer overflow in ANGLE
  * CVE-2026-4453: Integer overflow in Dawn
  * CVE-2026-4454: Use after free in Network
  * CVE-2026-4455: Heap buffer overflow in PDFium
  * CVE-2026-4456: Use after free in Digital Credentials API
  * CVE-2026-4457: Type Confusion in V8
  * CVE-2026-4458: Use after free in Extensions
  * CVE-2026-4459: Out of bounds read and write in WebAudio
  * CVE-2026-4460: Out of bounds read in Skia
  * CVE-2026-4461: Inappropriate implementation in V8
  * CVE-2026-4462: Out of bounds read in Blink
  * CVE-2026-4463: Heap buffer overflow in WebRTC
  * CVE-2026-4464: Integer overflow in ANGLE


Patch instructions:

   To install this openSUSE security update use the suse recommended installation methods
   like YaST online_update or "zypper patch".
   Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

   zypper in -t patch openSUSE-Leap-16.0-packagehub-174=1

Package List:

- openSUSE Leap 16.0:

  chromedriver-146.0.7680.153-bp160.1.1
  chromium-146.0.7680.153-bp160.1.1

References:

  * https://www.suse.com/security/cve/CVE-2026-4439.html
  * https://www.suse.com/security/cve/CVE-2026-4440.html
  * https://www.suse.com/security/cve/CVE-2026-4441.html
  * https://www.suse.com/security/cve/CVE-2026-4442.html
  * https://www.suse.com/security/cve/CVE-2026-4443.html
  * https://www.suse.com/security/cve/CVE-2026-4444.html
  * https://www.suse.com/security/cve/CVE-2026-4445.html
  * https://www.suse.com/security/cve/CVE-2026-4446.html
  * https://www.suse.com/security/cve/CVE-2026-4447.html
  * https://www.suse.com/security/cve/CVE-2026-4448.html
  * https://www.suse.com/security/cve/CVE-2026-4449.html
  * https://www.suse.com/security/cve/CVE-2026-4450.html
  * https://www.suse.com/security/cve/CVE-2026-4451.html
  * https://www.suse.com/security/cve/CVE-2026-4452.html
  * https://www.suse.com/security/cve/CVE-2026-4453.html
  * https://www.suse.com/security/cve/CVE-2026-4454.html
  * https://www.suse.com/security/cve/CVE-2026-4455.html
  * https://www.suse.com/security/cve/CVE-2026-4456.html
  * https://www.suse.com/security/cve/CVE-2026-4457.html
  * https://www.suse.com/security/cve/CVE-2026-4458.html
  * https://www.suse.com/security/cve/CVE-2026-4459.html
  * https://www.suse.com/security/cve/CVE-2026-4460.html
  * https://www.suse.com/security/cve/CVE-2026-4461.html
  * https://www.suse.com/security/cve/CVE-2026-4462.html
  * https://www.suse.com/security/cve/CVE-2026-4463.html
  * https://www.suse.com/security/cve/CVE-2026-4464.html
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds