Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20277-1 Final 1 1 2026-02-26T11:50:46Z current 2026-02-26T11:50:46Z 2026-02-26T11:50:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-142 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1258733 SUSE Bug 1258733 https://www.suse.com/security/cve/CVE-2025-3063/ SUSE CVE CVE-2025-3063 page https://www.suse.com/security/cve/CVE-2026-3061/ SUSE CVE CVE-2026-3061 page https://www.suse.com/security/cve/CVE-2026-3062/ SUSE CVE CVE-2026-3062 page openSUSE Leap 16.0 chromedriver-145.0.7632.116-bp160.1.1 chromium-145.0.7632.116-bp160.1.1 chromedriver-145.0.7632.116-bp160.1.1 as a component of openSUSE Leap 16.0 chromium-145.0.7632.116-bp160.1.1 as a component of openSUSE Leap 16.0 The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. CVE-2025-3063 openSUSE Leap 16.0:chromedriver-145.0.7632.116-bp160.1.1 openSUSE Leap 16.0:chromium-145.0.7632.116-bp160.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3063.html CVE-2025-3063 Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) CVE-2026-3061 openSUSE Leap 16.0:chromedriver-145.0.7632.116-bp160.1.1 openSUSE Leap 16.0:chromium-145.0.7632.116-bp160.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3061.html CVE-2026-3061 https://bugzilla.suse.com/1258733 SUSE Bug 1258733 Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2026-3062 openSUSE Leap 16.0:chromedriver-145.0.7632.116-bp160.1.1 openSUSE Leap 16.0:chromium-145.0.7632.116-bp160.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3062.html CVE-2026-3062 https://bugzilla.suse.com/1258733 SUSE Bug 1258733