|
|
Log in / Subscribe / Register

SUSE alert openSUSE-SU-2026:20775-1 (chromium)



From:
              null@suse.de


To:
              security-announce@lists.opensuse.org


Subject:
              openSUSE-SU-2026:20775-1: critical: Security update for chromium


Date:
              Sat, 23 May 2026 17:50:56 +0200


Message-ID:
              <20260523155056.7F097FCE7@maintenance.suse.de>


Archive-link:
              Article


openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20775-1
Rating: critical
References:

  * bsc#1265848



Cross-References:

  * CVE-2026-8509
  * CVE-2026-8510
  * CVE-2026-8511
  * CVE-2026-8512
  * CVE-2026-8513
  * CVE-2026-8514
  * CVE-2026-8515
  * CVE-2026-8516
  * CVE-2026-8517
  * CVE-2026-8518
  * CVE-2026-8519
  * CVE-2026-8520
  * CVE-2026-8521
  * CVE-2026-8522
  * CVE-2026-8523
  * CVE-2026-8524
  * CVE-2026-8525
  * CVE-2026-8526
  * CVE-2026-8527
  * CVE-2026-8528
  * CVE-2026-8529
  * CVE-2026-8530
  * CVE-2026-8531
  * CVE-2026-8532
  * CVE-2026-8533
  * CVE-2026-8534
  * CVE-2026-8535
  * CVE-2026-8536
  * CVE-2026-8537
  * CVE-2026-8538
  * CVE-2026-8539
  * CVE-2026-8540
  * CVE-2026-8541
  * CVE-2026-8542
  * CVE-2026-8543
  * CVE-2026-8544
  * CVE-2026-8545
  * CVE-2026-8546
  * CVE-2026-8547
  * CVE-2026-8548
  * CVE-2026-8549
  * CVE-2026-8550
  * CVE-2026-8551
  * CVE-2026-8552
  * CVE-2026-8553
  * CVE-2026-8554
  * CVE-2026-8555
  * CVE-2026-8556
  * CVE-2026-8557
  * CVE-2026-8558
  * CVE-2026-8559
  * CVE-2026-8560
  * CVE-2026-8561
  * CVE-2026-8562
  * CVE-2026-8563
  * CVE-2026-8564
  * CVE-2026-8565
  * CVE-2026-8566
  * CVE-2026-8567
  * CVE-2026-8568
  * CVE-2026-8569
  * CVE-2026-8570
  * CVE-2026-8571
  * CVE-2026-8572
  * CVE-2026-8573
  * CVE-2026-8574
  * CVE-2026-8575
  * CVE-2026-8576
  * CVE-2026-8577
  * CVE-2026-8578
  * CVE-2026-8579
  * CVE-2026-8580
  * CVE-2026-8581
  * CVE-2026-8582
  * CVE-2026-8583
  * CVE-2026-8584
  * CVE-2026-8585
  * CVE-2026-8586
  * CVE-2026-8587
  * CVE-2026-9110
  * CVE-2026-9111
  * CVE-2026-9112
  * CVE-2026-9113
  * CVE-2026-9114
  * CVE-2026-9115
  * CVE-2026-9116
  * CVE-2026-9117
  * CVE-2026-9118
  * CVE-2026-9119
  * CVE-2026-9120
  * CVE-2026-9121
  * CVE-2026-9122
  * CVE-2026-9123
  * CVE-2026-9124
  * CVE-2026-9126



Affected Products:

         openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 95 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Changes in chromium:

- Chromium 148.0.7778.178 (boo#1265848)
  * CVE-2026-9111: Use after free in WebRTC
  * CVE-2026-9110: Inappropriate implementation in UI
  * CVE-2026-9112: Use after free in GPU
  * CVE-2026-9113: Out of bounds read in GPU
  * CVE-2026-9114: Use after free in QUIC
  * CVE-2026-9115: Insufficient policy enforcement in Service Worker
  * CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
  * CVE-2026-9117: Type Confusion in GFX
  * CVE-2026-9118: Use after free in XR
  * CVE-2026-9119: Heap buffer overflow in WebRTC
  * CVE-2026-9120: Use after free in WebRTC
  * CVE-2026-9126: Use after free in DOM
  * CVE-2026-9121: Out of bounds read in GPU
  * CVE-2026-9122: Out of bounds read in GPU
  * CVE-2026-9123: Heap buffer overflow in Chromecast
  * CVE-2026-9124: Insufficient validation of untrusted input in Input

- add system-wide chromium.conf as in fedora package
  enable several features by default and disable ai features
  allow to override via setting CHROMIUM_USER_FLAGS


Patch instructions:

   To install this openSUSE security update use the suse recommended installation methods
   like YaST online_update or "zypper patch".
   Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

   zypper in -t patch openSUSE-Leap-16.0-packagehub-266=1

Package List:

- openSUSE Leap 16.0:

  chromedriver-148.0.7778.178-bp160.1.1
  chromium-148.0.7778.178-bp160.1.1

References:

  * https://www.suse.com/security/cve/CVE-2026-8509.html
  * https://www.suse.com/security/cve/CVE-2026-8510.html
  * https://www.suse.com/security/cve/CVE-2026-8511.html
  * https://www.suse.com/security/cve/CVE-2026-8512.html
  * https://www.suse.com/security/cve/CVE-2026-8513.html
  * https://www.suse.com/security/cve/CVE-2026-8514.html
  * https://www.suse.com/security/cve/CVE-2026-8515.html
  * https://www.suse.com/security/cve/CVE-2026-8516.html
  * https://www.suse.com/security/cve/CVE-2026-8517.html
  * https://www.suse.com/security/cve/CVE-2026-8518.html
  * https://www.suse.com/security/cve/CVE-2026-8519.html
  * https://www.suse.com/security/cve/CVE-2026-8520.html
  * https://www.suse.com/security/cve/CVE-2026-8521.html
  * https://www.suse.com/security/cve/CVE-2026-8522.html
  * https://www.suse.com/security/cve/CVE-2026-8523.html
  * https://www.suse.com/security/cve/CVE-2026-8524.html
  * https://www.suse.com/security/cve/CVE-2026-8525.html
  * https://www.suse.com/security/cve/CVE-2026-8526.html
  * https://www.suse.com/security/cve/CVE-2026-8527.html
  * https://www.suse.com/security/cve/CVE-2026-8528.html
  * https://www.suse.com/security/cve/CVE-2026-8529.html
  * https://www.suse.com/security/cve/CVE-2026-8530.html
  * https://www.suse.com/security/cve/CVE-2026-8531.html
  * https://www.suse.com/security/cve/CVE-2026-8532.html
  * https://www.suse.com/security/cve/CVE-2026-8533.html
  * https://www.suse.com/security/cve/CVE-2026-8534.html
  * https://www.suse.com/security/cve/CVE-2026-8535.html
  * https://www.suse.com/security/cve/CVE-2026-8536.html
  * https://www.suse.com/security/cve/CVE-2026-8537.html
  * https://www.suse.com/security/cve/CVE-2026-8538.html
  * https://www.suse.com/security/cve/CVE-2026-8539.html
  * https://www.suse.com/security/cve/CVE-2026-8540.html
  * https://www.suse.com/security/cve/CVE-2026-8541.html
  * https://www.suse.com/security/cve/CVE-2026-8542.html
  * https://www.suse.com/security/cve/CVE-2026-8543.html
  * https://www.suse.com/security/cve/CVE-2026-8544.html
  * https://www.suse.com/security/cve/CVE-2026-8545.html
  * https://www.suse.com/security/cve/CVE-2026-8546.html
  * https://www.suse.com/security/cve/CVE-2026-8547.html
  * https://www.suse.com/security/cve/CVE-2026-8548.html
  * https://www.suse.com/security/cve/CVE-2026-8549.html
  * https://www.suse.com/security/cve/CVE-2026-8550.html
  * https://www.suse.com/security/cve/CVE-2026-8551.html
  * https://www.suse.com/security/cve/CVE-2026-8552.html
  * https://www.suse.com/security/cve/CVE-2026-8553.html
  * https://www.suse.com/security/cve/CVE-2026-8554.html
  * https://www.suse.com/security/cve/CVE-2026-8555.html
  * https://www.suse.com/security/cve/CVE-2026-8556.html
  * https://www.suse.com/security/cve/CVE-2026-8557.html
  * https://www.suse.com/security/cve/CVE-2026-8558.html
  * https://www.suse.com/security/cve/CVE-2026-8559.html
  * https://www.suse.com/security/cve/CVE-2026-8560.html
  * https://www.suse.com/security/cve/CVE-2026-8561.html
  * https://www.suse.com/security/cve/CVE-2026-8562.html
  * https://www.suse.com/security/cve/CVE-2026-8563.html
  * https://www.suse.com/security/cve/CVE-2026-8564.html
  * https://www.suse.com/security/cve/CVE-2026-8565.html
  * https://www.suse.com/security/cve/CVE-2026-8566.html
  * https://www.suse.com/security/cve/CVE-2026-8567.html
  * https://www.suse.com/security/cve/CVE-2026-8568.html
  * https://www.suse.com/security/cve/CVE-2026-8569.html
  * https://www.suse.com/security/cve/CVE-2026-8570.html
  * https://www.suse.com/security/cve/CVE-2026-8571.html
  * https://www.suse.com/security/cve/CVE-2026-8572.html
  * https://www.suse.com/security/cve/CVE-2026-8573.html
  * https://www.suse.com/security/cve/CVE-2026-8574.html
  * https://www.suse.com/security/cve/CVE-2026-8575.html
  * https://www.suse.com/security/cve/CVE-2026-8576.html
  * https://www.suse.com/security/cve/CVE-2026-8577.html
  * https://www.suse.com/security/cve/CVE-2026-8578.html
  * https://www.suse.com/security/cve/CVE-2026-8579.html
  * https://www.suse.com/security/cve/CVE-2026-8580.html
  * https://www.suse.com/security/cve/CVE-2026-8581.html
  * https://www.suse.com/security/cve/CVE-2026-8582.html
  * https://www.suse.com/security/cve/CVE-2026-8583.html
  * https://www.suse.com/security/cve/CVE-2026-8584.html
  * https://www.suse.com/security/cve/CVE-2026-8585.html
  * https://www.suse.com/security/cve/CVE-2026-8586.html
  * https://www.suse.com/security/cve/CVE-2026-8587.html
  * https://www.suse.com/security/cve/CVE-2026-9110.html
  * https://www.suse.com/security/cve/CVE-2026-9111.html
  * https://www.suse.com/security/cve/CVE-2026-9112.html
  * https://www.suse.com/security/cve/CVE-2026-9113.html
  * https://www.suse.com/security/cve/CVE-2026-9114.html
  * https://www.suse.com/security/cve/CVE-2026-9115.html
  * https://www.suse.com/security/cve/CVE-2026-9116.html
  * https://www.suse.com/security/cve/CVE-2026-9117.html
  * https://www.suse.com/security/cve/CVE-2026-9118.html
  * https://www.suse.com/security/cve/CVE-2026-9119.html
  * https://www.suse.com/security/cve/CVE-2026-9120.html
  * https://www.suse.com/security/cve/CVE-2026-9121.html
  * https://www.suse.com/security/cve/CVE-2026-9122.html
  * https://www.suse.com/security/cve/CVE-2026-9123.html
  * https://www.suse.com/security/cve/CVE-2026-9124.html
  * https://www.suse.com/security/cve/CVE-2026-9126.html
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds