|
|
Log in / Subscribe / Register

SUSE alert openSUSE-SU-2026:0161-1 (chromium)



From:
              maintenance@opensuse.org


To:
              security-announce@lists.opensuse.org


Subject:
              openSUSE-SU-2026:0161-1: critical: Security update for chromium


Date:
              Fri, 01 May 2026 12:05:56 +0200


Message-ID:
              <20260501100556.3955DFCCC@maintenance.suse.de>


Archive-link:
              Article



   openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2026:0161-1
Rating:             critical
References:         #1263158 
Cross-References:   CVE-2026-6919 CVE-2026-6920 CVE-2026-6921
                    CVE-2026-7333 CVE-2026-7334 CVE-2026-7335
                    CVE-2026-7336 CVE-2026-7337 CVE-2026-7338
                    CVE-2026-7339 CVE-2026-7340 CVE-2026-7341
                    CVE-2026-7342 CVE-2026-7343 CVE-2026-7344
                    CVE-2026-7345 CVE-2026-7346 CVE-2026-7347
                    CVE-2026-7348 CVE-2026-7349 CVE-2026-7350
                    CVE-2026-7351 CVE-2026-7352 CVE-2026-7353
                    CVE-2026-7354 CVE-2026-7355 CVE-2026-7356
                    CVE-2026-7357 CVE-2026-7358 CVE-2026-7359
                    CVE-2026-7360 CVE-2026-7361 CVE-2026-7363
                   
Affected Products:
                    openSUSE Backports SLE-15-SP6
                    openSUSE Backports SLE-15-SP7
______________________________________________________________________________

   An update that fixes 33 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   - Chromium 147.0.7727.137 (boo#1263158)
     * CVE-2026-7363: Use after free in Canvas
     * CVE-2026-7361: Use after free in iOS
     * CVE-2026-7344: Use after free in Accessibility
     * CVE-2026-7343: Use after free in Views
     * CVE-2026-7333: Use after free in GPU
     * CVE-2026-7360: Insufficient validation of untrusted input in
       Compositing
     * CVE-2026-7359: Use after free in ANGLE
     * CVE-2026-7358: Use after free in Animation
     * CVE-2026-7334: Use after free in Views
     * CVE-2026-7357: Use after free in GPU
     * CVE-2026-7356: Use after free in Navigation
     * CVE-2026-7354: Out of bounds read and write in Angle
     * CVE-2026-7353: Heap buffer overflow in Skia
     * CVE-2026-7352: Use after free in Media
     * CVE-2026-7351: Race in MHTML
     * CVE-2026-7350: Use after free in WebMIDI
     * CVE-2026-7349: Use after free in Cast
     * CVE-2026-7348: Use after free in Codecs
     * CVE-2026-7335: Use after free in media
     * CVE-2026-7336: Use after free in WebRTC
     * CVE-2026-7337: Type Confusion in V8
     * CVE-2026-7347: Use after free in Chromoting
     * CVE-2026-7346: Inappropriate implementation in Tint
     * CVE-2026-7345: Insufficient validation of untrusted input in Feedback
     * CVE-2026-7338: Use after free in Cast
     * CVE-2026-7342: Use after free in WebView
     * CVE-2026-7341: Use after free in WebRTC
     * CVE-2026-7339: Heap buffer overflow in WebRTC
     * CVE-2026-7340: Integer overflow in ANGLE
     * CVE-2026-7355: Use after free in Media


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP7:

      zypper in -t patch openSUSE-2026-161=1

   - openSUSE Backports SLE-15-SP6:

      zypper in -t patch openSUSE-2026-161=1



Package List:

   - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

      chromedriver-147.0.7727.137-bp157.2.154.1
      chromium-147.0.7727.137-bp157.2.154.1

   - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

      chromedriver-147.0.7727.137-bp156.2.269.1
      chromium-147.0.7727.137-bp156.2.269.1


References:

   https://www.suse.com/security/cve/CVE-2026-6919.html
   https://www.suse.com/security/cve/CVE-2026-6920.html
   https://www.suse.com/security/cve/CVE-2026-6921.html
   https://www.suse.com/security/cve/CVE-2026-7333.html
   https://www.suse.com/security/cve/CVE-2026-7334.html
   https://www.suse.com/security/cve/CVE-2026-7335.html
   https://www.suse.com/security/cve/CVE-2026-7336.html
   https://www.suse.com/security/cve/CVE-2026-7337.html
   https://www.suse.com/security/cve/CVE-2026-7338.html
   https://www.suse.com/security/cve/CVE-2026-7339.html
   https://www.suse.com/security/cve/CVE-2026-7340.html
   https://www.suse.com/security/cve/CVE-2026-7341.html
   https://www.suse.com/security/cve/CVE-2026-7342.html
   https://www.suse.com/security/cve/CVE-2026-7343.html
   https://www.suse.com/security/cve/CVE-2026-7344.html
   https://www.suse.com/security/cve/CVE-2026-7345.html
   https://www.suse.com/security/cve/CVE-2026-7346.html
   https://www.suse.com/security/cve/CVE-2026-7347.html
   https://www.suse.com/security/cve/CVE-2026-7348.html
   https://www.suse.com/security/cve/CVE-2026-7349.html
   https://www.suse.com/security/cve/CVE-2026-7350.html
   https://www.suse.com/security/cve/CVE-2026-7351.html
   https://www.suse.com/security/cve/CVE-2026-7352.html
   https://www.suse.com/security/cve/CVE-2026-7353.html
   https://www.suse.com/security/cve/CVE-2026-7354.html
   https://www.suse.com/security/cve/CVE-2026-7355.html
   https://www.suse.com/security/cve/CVE-2026-7356.html
   https://www.suse.com/security/cve/CVE-2026-7357.html
   https://www.suse.com/security/cve/CVE-2026-7358.html
   https://www.suse.com/security/cve/CVE-2026-7359.html
   https://www.suse.com/security/cve/CVE-2026-7360.html
   https://www.suse.com/security/cve/CVE-2026-7361.html
   https://www.suse.com/security/cve/CVE-2026-7363.html
   https://bugzilla.suse.com/1263158
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds