SUSE alert openSUSE-SU-2026:0175-1 (chromium)
| From: | maintenance@opensuse.org | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:0175-1: critical: Security update for chromium | |
| Date: | Fri, 22 May 2026 15:04:45 +0200 | |
| Message-ID: | <20260522130445.DB063FCE7@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0175-1 Rating: critical References: #1265848 Cross-References: CVE-2026-9110 CVE-2026-9111 CVE-2026-9112 CVE-2026-9113 CVE-2026-9114 CVE-2026-9115 CVE-2026-9116 CVE-2026-9117 CVE-2026-9118 CVE-2026-9119 CVE-2026-9120 CVE-2026-9121 CVE-2026-9122 CVE-2026-9123 CVE-2026-9124 CVE-2026-9126 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 148.0.7778.178 (boo#1265848) * CVE-2026-9111: Use after free in WebRTC * CVE-2026-9110: Inappropriate implementation in UI * CVE-2026-9112: Use after free in GPU * CVE-2026-9113: Out of bounds read in GPU * CVE-2026-9114: Use after free in QUIC * CVE-2026-9115: Insufficient policy enforcement in Service Worker * CVE-2026-9116: Insufficient policy enforcement in ServiceWorker * CVE-2026-9117: Type Confusion in GFX * CVE-2026-9118: Use after free in XR * CVE-2026-9119: Heap buffer overflow in WebRTC * CVE-2026-9120: Use after free in WebRTC * CVE-2026-9126: Use after free in DOM * CVE-2026-9121: Out of bounds read in GPU * CVE-2026-9122: Out of bounds read in GPU * CVE-2026-9123: Heap buffer overflow in Chromecast * CVE-2026-9124: Insufficient validation of untrusted input in Input - add system-wide chromium.conf as in fedora package enable several features by default and disable ai features allow to override via setting CHROMIUM_USER_FLAGS Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-175=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64): chromedriver-148.0.7778.178-bp157.2.160.1 chromium-148.0.7778.178-bp157.2.160.1 References: https://www.suse.com/security/cve/CVE-2026-9110.html https://www.suse.com/security/cve/CVE-2026-9111.html https://www.suse.com/security/cve/CVE-2026-9112.html https://www.suse.com/security/cve/CVE-2026-9113.html https://www.suse.com/security/cve/CVE-2026-9114.html https://www.suse.com/security/cve/CVE-2026-9115.html https://www.suse.com/security/cve/CVE-2026-9116.html https://www.suse.com/security/cve/CVE-2026-9117.html https://www.suse.com/security/cve/CVE-2026-9118.html https://www.suse.com/security/cve/CVE-2026-9119.html https://www.suse.com/security/cve/CVE-2026-9120.html https://www.suse.com/security/cve/CVE-2026-9121.html https://www.suse.com/security/cve/CVE-2026-9122.html https://www.suse.com/security/cve/CVE-2026-9123.html https://www.suse.com/security/cve/CVE-2026-9124.html https://www.suse.com/security/cve/CVE-2026-9126.html https://bugzilla.suse.com/1265848