chromedriver-146.0.7680.80-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10376-1 Final 1 1 2026-03-16T00:00:00Z current 2026-03-16T00:00:00Z 2026-03-16T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-146.0.7680.80-1.1 on GA media These are all security issues fixed in the chromedriver-146.0.7680.80-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10376 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-3909/ SUSE CVE CVE-2026-3909 page https://www.suse.com/security/cve/CVE-2026-3910/ SUSE CVE CVE-2026-3910 page https://www.suse.com/security/cve/CVE-2026-3913/ SUSE CVE CVE-2026-3913 page https://www.suse.com/security/cve/CVE-2026-3914/ SUSE CVE CVE-2026-3914 page https://www.suse.com/security/cve/CVE-2026-3915/ SUSE CVE CVE-2026-3915 page https://www.suse.com/security/cve/CVE-2026-3916/ SUSE CVE CVE-2026-3916 page https://www.suse.com/security/cve/CVE-2026-3917/ SUSE CVE CVE-2026-3917 page https://www.suse.com/security/cve/CVE-2026-3918/ SUSE CVE CVE-2026-3918 page https://www.suse.com/security/cve/CVE-2026-3919/ SUSE CVE CVE-2026-3919 page https://www.suse.com/security/cve/CVE-2026-3920/ SUSE CVE CVE-2026-3920 page https://www.suse.com/security/cve/CVE-2026-3921/ SUSE CVE CVE-2026-3921 page https://www.suse.com/security/cve/CVE-2026-3922/ SUSE CVE CVE-2026-3922 page https://www.suse.com/security/cve/CVE-2026-3923/ SUSE CVE CVE-2026-3923 page https://www.suse.com/security/cve/CVE-2026-3924/ SUSE CVE CVE-2026-3924 page https://www.suse.com/security/cve/CVE-2026-3925/ SUSE CVE CVE-2026-3925 page https://www.suse.com/security/cve/CVE-2026-3926/ SUSE CVE CVE-2026-3926 page https://www.suse.com/security/cve/CVE-2026-3927/ SUSE CVE CVE-2026-3927 page https://www.suse.com/security/cve/CVE-2026-3928/ SUSE CVE CVE-2026-3928 page https://www.suse.com/security/cve/CVE-2026-3929/ SUSE CVE CVE-2026-3929 page https://www.suse.com/security/cve/CVE-2026-3930/ SUSE CVE CVE-2026-3930 page https://www.suse.com/security/cve/CVE-2026-3931/ SUSE CVE CVE-2026-3931 page https://www.suse.com/security/cve/CVE-2026-3932/ SUSE CVE CVE-2026-3932 page https://www.suse.com/security/cve/CVE-2026-3934/ SUSE CVE CVE-2026-3934 page https://www.suse.com/security/cve/CVE-2026-3935/ SUSE CVE CVE-2026-3935 page https://www.suse.com/security/cve/CVE-2026-3936/ SUSE CVE CVE-2026-3936 page https://www.suse.com/security/cve/CVE-2026-3937/ SUSE CVE CVE-2026-3937 page https://www.suse.com/security/cve/CVE-2026-3938/ SUSE CVE CVE-2026-3938 page https://www.suse.com/security/cve/CVE-2026-3939/ SUSE CVE CVE-2026-3939 page https://www.suse.com/security/cve/CVE-2026-3940/ SUSE CVE CVE-2026-3940 page https://www.suse.com/security/cve/CVE-2026-3941/ SUSE CVE CVE-2026-3941 page https://www.suse.com/security/cve/CVE-2026-3942/ SUSE CVE CVE-2026-3942 page openSUSE Tumbleweed chromedriver-146.0.7680.80-1.1 chromium-146.0.7680.80-1.1 chromedriver-146.0.7680.80-1.1 as a component of openSUSE Tumbleweed chromium-146.0.7680.80-1.1 as a component of openSUSE Tumbleweed Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2026-3909 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3909.html CVE-2026-3909 https://bugzilla.suse.com/1259648 SUSE Bug 1259648 Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVE-2026-3910 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3910.html CVE-2026-3910 https://bugzilla.suse.com/1259648 SUSE Bug 1259648 Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVE-2026-3913 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3913.html CVE-2026-3913 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3914 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3914.html CVE-2026-3914 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) CVE-2026-3915 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3915.html CVE-2026-3915 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVE-2026-3916 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3916.html CVE-2026-3916 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3917 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3917.html CVE-2026-3917 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3918 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3918.html CVE-2026-3918 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3919 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3919.html CVE-2026-3919 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3920 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3920.html CVE-2026-3920 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3921 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3921.html CVE-2026-3921 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3922 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3922.html CVE-2026-3922 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3923 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3923.html CVE-2026-3923 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVE-2026-3924 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3924.html CVE-2026-3924 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3925 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3925.html CVE-2026-3925 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3926 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3926.html CVE-2026-3926 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3927 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3927.html CVE-2026-3927 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2026-3928 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3928.html CVE-2026-3928 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3929 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3929.html CVE-2026-3929 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3930 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3930.html CVE-2026-3930 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3931 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3931.html CVE-2026-3931 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3932 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3932.html CVE-2026-3932 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3934 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3934.html CVE-2026-3934 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3935 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3935.html CVE-2026-3935 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3936 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3936.html CVE-2026-3936 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3937 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3937.html CVE-2026-3937 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3938 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3938.html CVE-2026-3938 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) CVE-2026-3939 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3939.html CVE-2026-3939 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3940 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3940.html CVE-2026-3940 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3941 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3941.html CVE-2026-3941 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3942 openSUSE Tumbleweed:chromedriver-146.0.7680.80-1.1 openSUSE Tumbleweed:chromium-146.0.7680.80-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3942.html CVE-2026-3942 https://bugzilla.suse.com/1259530 SUSE Bug 1259530