SUSE alert openSUSE-SU-2026:20460-1 (chromium)
| From: | null@suse.de | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:20460-1: important: Security update for chromium | |
| Date: | Sat, 04 Apr 2026 17:52:00 +0200 | |
| Message-ID: | <20260404155200.244F1FD57@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20460-1 Rating: important References: * bsc#1261249 Cross-References: * CVE-2026-5272 * CVE-2026-5273 * CVE-2026-5274 * CVE-2026-5275 * CVE-2026-5276 * CVE-2026-5277 * CVE-2026-5278 * CVE-2026-5279 * CVE-2026-5280 * CVE-2026-5281 * CVE-2026-5282 * CVE-2026-5283 * CVE-2026-5284 * CVE-2026-5285 * CVE-2026-5286 * CVE-2026-5287 * CVE-2026-5288 * CVE-2026-5289 * CVE-2026-5290 * CVE-2026-5291 * CVE-2026-5292 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 21 vulnerabilities and has one bug fix can now be installed. Description: This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.177 (boo#1261249) * CVE-2026-5273: Use after free in CSS * CVE-2026-5272: Heap buffer overflow in GPU * CVE-2026-5274: Integer overflow in Codecs * CVE-2026-5275: Heap buffer overflow in ANGLE * CVE-2026-5276: Insufficient policy enforcement in WebUSB * CVE-2026-5277: Integer overflow in ANGLE * CVE-2026-5278: Use after free in Web MIDI * CVE-2026-5279: Object corruption in V8 * CVE-2026-5280: Use after free in WebCodecs * CVE-2026-5281: Use after free in Dawn * CVE-2026-5282: Out of bounds read in WebCodecs * CVE-2026-5283: Inappropriate implementation in ANGLE * CVE-2026-5284: Use after free in Dawn * CVE-2026-5285: Use after free in WebGL * CVE-2026-5286: Use after free in Dawn * CVE-2026-5287: Use after free in PDF * CVE-2026-5288: Use after free in WebView * CVE-2026-5289: Use after free in Navigation * CVE-2026-5290: Use after free in Compositing * CVE-2026-5291: Inappropriate implementation in WebGL * CVE-2026-5292: Out of bounds read in WebCodecs Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-186=1 Package List: - openSUSE Leap 16.0: chromedriver-146.0.7680.177-bp160.1.1 chromium-146.0.7680.177-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-5272.html * https://www.suse.com/security/cve/CVE-2026-5273.html * https://www.suse.com/security/cve/CVE-2026-5274.html * https://www.suse.com/security/cve/CVE-2026-5275.html * https://www.suse.com/security/cve/CVE-2026-5276.html * https://www.suse.com/security/cve/CVE-2026-5277.html * https://www.suse.com/security/cve/CVE-2026-5278.html * https://www.suse.com/security/cve/CVE-2026-5279.html * https://www.suse.com/security/cve/CVE-2026-5280.html * https://www.suse.com/security/cve/CVE-2026-5281.html * https://www.suse.com/security/cve/CVE-2026-5282.html * https://www.suse.com/security/cve/CVE-2026-5283.html * https://www.suse.com/security/cve/CVE-2026-5284.html * https://www.suse.com/security/cve/CVE-2026-5285.html * https://www.suse.com/security/cve/CVE-2026-5286.html * https://www.suse.com/security/cve/CVE-2026-5287.html * https://www.suse.com/security/cve/CVE-2026-5288.html * https://www.suse.com/security/cve/CVE-2026-5289.html * https://www.suse.com/security/cve/CVE-2026-5290.html * https://www.suse.com/security/cve/CVE-2026-5291.html * https://www.suse.com/security/cve/CVE-2026-5292.html