SUSE alert openSUSE-SU-2026:0112-1 (chromium)
| From: | maintenance@opensuse.org | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:0112-1: important: Security update for chromium | |
| Date: | Thu, 02 Apr 2026 15:05:25 +0200 | |
| Message-ID: | <20260402130525.091D6FD1A@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0112-1 Rating: important References: #1261249 Cross-References: CVE-2026-5272 CVE-2026-5273 CVE-2026-5274 CVE-2026-5275 CVE-2026-5276 CVE-2026-5277 CVE-2026-5278 CVE-2026-5279 CVE-2026-5280 CVE-2026-5281 CVE-2026-5282 CVE-2026-5283 CVE-2026-5284 CVE-2026-5285 CVE-2026-5286 CVE-2026-5287 CVE-2026-5288 CVE-2026-5289 CVE-2026-5290 CVE-2026-5291 CVE-2026-5292 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 146.0.7680.177 (boo#1261249): * CVE-2026-5273: Use after free in CSS * CVE-2026-5272: Heap buffer overflow in GPU * CVE-2026-5274: Integer overflow in Codecs * CVE-2026-5275: Heap buffer overflow in ANGLE * CVE-2026-5276: Insufficient policy enforcement in WebUSB * CVE-2026-5277: Integer overflow in ANGLE * CVE-2026-5278: Use after free in Web MIDI * CVE-2026-5279: Object corruption in V8 * CVE-2026-5280: Use after free in WebCodecs * CVE-2026-5281: Use after free in Dawn * CVE-2026-5282: Out of bounds read in WebCodecs * CVE-2026-5283: Inappropriate implementation in ANGLE * CVE-2026-5284: Use after free in Dawn * CVE-2026-5285: Use after free in WebGL * CVE-2026-5286: Use after free in Dawn * CVE-2026-5287: Use after free in PDF * CVE-2026-5288: Use after free in WebView * CVE-2026-5289: Use after free in Navigation * CVE-2026-5290: Use after free in Compositing * CVE-2026-5291: Inappropriate implementation in WebGL * CVE-2026-5292: Out of bounds read in WebCodecs Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-112=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64): chromedriver-146.0.7680.177-bp156.2.257.1 chromium-146.0.7680.177-bp156.2.257.1 References: https://www.suse.com/security/cve/CVE-2026-5272.html https://www.suse.com/security/cve/CVE-2026-5273.html https://www.suse.com/security/cve/CVE-2026-5274.html https://www.suse.com/security/cve/CVE-2026-5275.html https://www.suse.com/security/cve/CVE-2026-5276.html https://www.suse.com/security/cve/CVE-2026-5277.html https://www.suse.com/security/cve/CVE-2026-5278.html https://www.suse.com/security/cve/CVE-2026-5279.html https://www.suse.com/security/cve/CVE-2026-5280.html https://www.suse.com/security/cve/CVE-2026-5281.html https://www.suse.com/security/cve/CVE-2026-5282.html https://www.suse.com/security/cve/CVE-2026-5283.html https://www.suse.com/security/cve/CVE-2026-5284.html https://www.suse.com/security/cve/CVE-2026-5285.html https://www.suse.com/security/cve/CVE-2026-5286.html https://www.suse.com/security/cve/CVE-2026-5287.html https://www.suse.com/security/cve/CVE-2026-5288.html https://www.suse.com/security/cve/CVE-2026-5289.html https://www.suse.com/security/cve/CVE-2026-5290.html https://www.suse.com/security/cve/CVE-2026-5291.html https://www.suse.com/security/cve/CVE-2026-5292.html https://bugzilla.suse.com/1261249