Update Info

openSUSE-2026-173

Security update for chromium

Type: security
Severity: important
Issued: 2026-05-20
Description:
This update for chromium fixes the following issues:

- Chromium 148.0.7778.167 (boo#1265159)
  * CVE-2026-8509: Heap buffer overflow in WebML
  * CVE-2026-8510: Integer overflow in Skia
  * CVE-2026-8511: Use after free in UI
  * CVE-2026-8512: Use after free in FileSystem
  * CVE-2026-8513: Use after free in Input
  * CVE-2026-8514: Use after free in Aura
  * CVE-2026-8515: Use after free in HID
  * CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
  * CVE-2026-8517: Object lifecycle issue in WebShare
  * CVE-2026-8518: Use after free in Blink
  * CVE-2026-8519: Integer overflow in ANGLE
  * CVE-2026-8520: Race in Payments
  * CVE-2026-8521: Use after free in Tab Groups
  * CVE-2026-8522: Use after free in Downloads
  * CVE-2026-8523: Use after free in Mojo
  * CVE-2026-8558: Out of bounds write in Fonts
  * CVE-2026-8524: Out of bounds write in WebAudio
  * CVE-2026-8525: Heap buffer overflow in ANGLE
  * CVE-2026-8526: Out of bounds write in WebRTC
  * CVE-2026-8527: Insufficient validation of untrusted input in Downloads
  * CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
  * CVE-2026-8529: Heap buffer overflow in Codecs
  * CVE-2026-8530: Use after free in Network
  * CVE-2026-8531: Heap buffer overflow in WebML
  * CVE-2026-8532: Integer overflow in XML
  * CVE-2026-8533: Use after free in Accessibility
  * CVE-2026-8534: Integer overflow in GPU
  * CVE-2026-8535: Out of bounds read in Media
  * CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
  * CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
  * CVE-2026-8538: Insufficient validation of untrusted input in GPU
  * CVE-2026-8539: Script injection in SanitizerAPI
  * CVE-2026-8540: Type Confusion in V8
  * CVE-2026-8541: Out of bounds read in UI
  * CVE-2026-8542: Use after free in Core
  * CVE-2026-8543: Out of bounds read in FileSystem
  * CVE-2026-8544: Use after free in Media
  * CVE-2026-8545: Object corruption in Compositing
  * CVE-2026-8546: Out of bounds read in GPU
  * CVE-2026-8547: Insufficient policy enforcement in Passwords
  * CVE-2026-8548: Out of bounds write in Media
  * CVE-2026-8549: Use after free in Media
  * CVE-2026-8550: Use after free in Google Lens
  * CVE-2026-8551: Use after free in Downloads
  * CVE-2026-8552: Heap buffer overflow in GPU
  * CVE-2026-8553: Use after free in GPU
  * CVE-2026-8554: Type Confusion in ANGLE
  * CVE-2026-8555: Use after free in GTK
  * CVE-2026-8556: Inappropriate implementation in ANGLE
  * CVE-2026-8557: Use after free in Accessibility
  * CVE-2026-8559: Integer overflow in Internationalization
  * CVE-2026-8560: Heap buffer overflow in SwiftShader
  * CVE-2026-8561: Incorrect security UI in Fullscreen
  * CVE-2026-8562: Side-channel information leakage in Navigation
  * CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
  * CVE-2026-8564: Incorrect security UI in Downloads
  * CVE-2026-8565: Inappropriate implementation in Downloads
  * CVE-2026-8566: Insufficient policy enforcement in Payments
  * CVE-2026-8567: Integer overflow in ANGLE
  * CVE-2026-8568: Insufficient policy enforcement in AI
  * CVE-2026-8569: Out of bounds write in Codecs
  * CVE-2026-8570: Type Confusion in V8
  * CVE-2026-8571: Insufficient policy enforcement in GPU
  * CVE-2026-8572: Insufficient policy enforcement in Network
  * CVE-2026-8573: Integer overflow in Codecs
  * CVE-2026-8574: Use after free in Core
  * CVE-2026-8575: Use after free in UI
  * CVE-2026-8576: Inappropriate implementation in CORS
  * CVE-2026-8577: Integer overflow in Fonts
  * CVE-2026-8578: Out of bounds read in GPU
  * CVE-2026-8579: Insufficient validation of untrusted input in Skia
  * CVE-2026-8580: Use after free in Mojo
  * CVE-2026-8581: Use after free in GPU
  * CVE-2026-8582: Object lifecycle issue in Dawn
  * CVE-2026-8583: Insufficient policy enforcement in WebXR
  * CVE-2026-8584: Inappropriate implementation in Views
  * CVE-2026-8585: Inappropriate implementation in Media
  * CVE-2026-8586: Inappropriate implementation in Chromoting
  * CVE-2026-8587: Use after free in Extensions

- Chromium 148 (148.0.7778.96) promoted to stable (boo#1264175)
  * CVE-2026-7896: Integer overflow in Blink
  * CVE-2026-7897: Use after free in Mobile
  * CVE-2026-7898: Use after free in Chromoting
  * CVE-2026-7899: Out of bounds read and write in V8
  * CVE-2026-7900: Heap buffer overflow in ANGLE
  * CVE-2026-7901: Use after free in ANGLE
  * CVE-2026-7902: Out of bounds memory access in V8
  * CVE-2026-7903: Integer overflow in ANGLE
  * CVE-2026-7904: Out of bounds read in Fonts
  * CVE-2026-7905: Insufficient validation of untrusted input in Media
  * CVE-2026-7906: Use after free in SVG
  * CVE-2026-7907: Use after free in DOM
  * CVE-2026-7908: Use after free in Fullscreen
  * CVE-2026-7909: Inappropriate implementation in ServiceWorker
  * CVE-2026-7910: Use after free in Views
  * CVE-2026-7911: Use after free in Aura
  * CVE-2026-7912: Integer overflow in GPU
  * CVE-2026-7913: Insufficient policy enforcement in DevTools
  * CVE-2026-7914: Type Confusion in Accessibility
  * CVE-2026-7915: Insufficient data validation in DevTools
  * CVE-2026-7916: Insufficient data validation in InterestGroups
  * CVE-2026-7917: Use after free in Fullscreen
  * CVE-2026-7918: Use after free in GPU
  * CVE-2026-7919: Use after free in Aura
  * CVE-2026-7920: Use after free in Skia
  * CVE-2026-7921: Use after free in Passwords
  * CVE-2026-7922: Use after free in ServiceWorker
  * CVE-2026-7923: Out of bounds write in Skia
  * CVE-2026-7924: Uninitialized Use in Dawn
  * CVE-2026-7925: Use after free in Chromoting
  * CVE-2026-7926: Use after free in PresentationAPI
  * CVE-2026-7927: Type Confusion in Runtime
  * CVE-2026-7928: Use after free in WebRTC
  * CVE-2026-7929: Use after free in MediaRecording
  * CVE-2026-7930: Insufficient validation of untrusted input in Cookies
  * CVE-2026-7931: Insufficient validation of untrusted input in iOS
  * CVE-2026-7932: Insufficient policy enforcement in Downloads
  * CVE-2026-7933: Out of bounds read in WebCodecs
  * CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker
  * CVE-2026-7935: Inappropriate implementation in Speech
  * CVE-2026-7936: Object lifecycle issue in V8
  * CVE-2026-7937: Insufficient policy enforcement in DevTools
  * CVE-2026-7938: Use after free in CSS
  * CVE-2026-7939: Inappropriate implementation in SanitizerAPI
  * CVE-2026-7940: Use after free in V8
  * CVE-2026-7941: Insufficient validation of untrusted input in Mobile
  * CVE-2026-7942: Integer overflow in ANGLE
  * CVE-2026-7943: Insufficient validation of untrusted input in ANGLE
  * CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache
  * CVE-2026-7945: Insufficient validation of untrusted input in COOP
  * CVE-2026-7946: Insufficient policy enforcement in WebUI
  * CVE-2026-7947: Insufficient validation of untrusted input in Network
  * CVE-2026-7948: Race in Chromoting
  * CVE-2026-7949: Out of bounds read in Skia
  * CVE-2026-7950: Out of bounds read and write in GFX
  * CVE-2026-7951: Out of bounds write in WebRTC
  * CVE-2026-7952: Insufficient policy enforcement in Extensions
  * CVE-2026-7953: Insufficient validation of untrusted input in Omnibox
  * CVE-2026-7954: Race in Shared Storage
  * CVE-2026-7955: Uninitialized Use in GPU
  * CVE-2026-7956: Use after free in Navigation
  * CVE-2026-7957: Out of bounds write in Media
  * CVE-2026-7958: Inappropriate implementation in ServiceWorker
  * CVE-2026-7959: Inappropriate implementation in Navigation
  * CVE-2026-7960: Race in Speech
  * CVE-2026-7961: Insufficient validation of untrusted input in Permissions
  * CVE-2026-7962: Insufficient policy enforcement in DirectSockets
  * CVE-2026-7963: Inappropriate implementation in ServiceWorker
  * CVE-2026-7964: Insufficient validation of untrusted input in FileSystem
  * CVE-2026-7965: Insufficient validation of untrusted input in DevTools
  * CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation
  * CVE-2026-7967: Insufficient validation of untrusted input in Navigation
  * CVE-2026-7968: Insufficient validation of untrusted input in CORS
  * CVE-2026-7969: Integer overflow in Network
  * CVE-2026-7970: Use after free in TopChrome
  * CVE-2026-7971: Inappropriate implementation in ORB
  * CVE-2026-7972: Uninitialized Use in GPU
  * CVE-2026-7973: Integer overflow in Dawn
  * CVE-2026-7974: Use after free in Blink
  * CVE-2026-7975: Use after free in DevTools
  * CVE-2026-7976: Use after free in Views
  * CVE-2026-7977: Inappropriate implementation in Canvas
  * CVE-2026-7978: Inappropriate implementation in Companion
  * CVE-2026-7979: Inappropriate implementation in Media
  * CVE-2026-7980: Use after free in WebAudio
  * CVE-2026-7981: Out of bounds read in Codecs
  * CVE-2026-7982: Uninitialized Use in WebCodecs
  * CVE-2026-7983: Out of bounds read in Dawn
  * CVE-2026-7984: Use after free in ReadingMode
  * CVE-2026-7985: Use after free in GPU
  * CVE-2026-7986: Insufficient policy enforcement in Autofill
  * CVE-2026-7987: Use after free in WebRTC
  * CVE-2026-7988: Type Confusion in WebRTC
  * CVE-2026-7989: Insufficient data validation in DataTransfer
  * CVE-2026-7990: Insufficient validation of untrusted input in Updater
  * CVE-2026-7991: Use after free in UI
  * CVE-2026-7992: Insufficient validation of untrusted input in UI
  * CVE-2026-7993: Insufficient validation of untrusted input in Payments
  * CVE-2026-7994: Inappropriate implementation in Chromoting
  * CVE-2026-7995: Out of bounds read in AdFilter
  * CVE-2026-7996: Insufficient validation of untrusted input in SSL
  * CVE-2026-7997: Insufficient validation of untrusted input in Updater
  * CVE-2026-7998: Insufficient validation of untrusted input in Dialog
  * CVE-2026-7999: Inappropriate implementation in V8
  * CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver
  * CVE-2026-8001: Use after free in Printing
  * CVE-2026-8002: Use after free in Audio
  * CVE-2026-8003: Insufficient validation of untrusted input in TabGroups
  * CVE-2026-8004: Insufficient policy enforcement in DevTools
  * CVE-2026-8005: Insufficient validation of untrusted input in Cast
  * CVE-2026-8006: Insufficient policy enforcement in DevTools
  * CVE-2026-8007: Insufficient validation of untrusted input in Cast
  * CVE-2026-8008: Inappropriate implementation in DevTools
  * CVE-2026-8009: Inappropriate implementation in Cast
  * CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation
  * CVE-2026-8011: Insufficient policy enforcement in Search
  * CVE-2026-8012: Inappropriate implementation in MHTML
  * CVE-2026-8013: Insufficient validation of untrusted input in FedCM
  * CVE-2026-8014: Inappropriate implementation in Preload
  * CVE-2026-8015: Inappropriate implementation in Media
  * CVE-2026-8016: Use after free in WebRTC
  * CVE-2026-8017: Side-channel information leakage in Media
  * CVE-2026-8018: Insufficient policy enforcement in DevTools
  * CVE-2026-8019: Insufficient policy enforcement in WebApp
  * CVE-2026-8020: Uninitialized Use in GPU
  * CVE-2026-8021: Script injection in UI
  * CVE-2026-8022: Inappropriate implementation in MHTML

References

Packages