Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20372-1 Final 1 1 2026-03-17T10:11:02Z current 2026-03-17T10:11:02Z 2026-03-17T10:11:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659) - Chromium 146.0.7680.75 (released 2026-03-12) (boo#1259648) * CVE-2026-3910: Inappropriate implementation in V8. - Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530) * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-165 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1259530 SUSE Bug 1259530 https://bugzilla.suse.com/1259648 SUSE Bug 1259648 https://bugzilla.suse.com/1259659 SUSE Bug 1259659 https://www.suse.com/security/cve/CVE-2026-3909/ SUSE CVE CVE-2026-3909 page https://www.suse.com/security/cve/CVE-2026-3910/ SUSE CVE CVE-2026-3910 page https://www.suse.com/security/cve/CVE-2026-3913/ SUSE CVE CVE-2026-3913 page https://www.suse.com/security/cve/CVE-2026-3914/ SUSE CVE CVE-2026-3914 page https://www.suse.com/security/cve/CVE-2026-3915/ SUSE CVE CVE-2026-3915 page https://www.suse.com/security/cve/CVE-2026-3916/ SUSE CVE CVE-2026-3916 page https://www.suse.com/security/cve/CVE-2026-3917/ SUSE CVE CVE-2026-3917 page https://www.suse.com/security/cve/CVE-2026-3918/ SUSE CVE CVE-2026-3918 page https://www.suse.com/security/cve/CVE-2026-3919/ SUSE CVE CVE-2026-3919 page https://www.suse.com/security/cve/CVE-2026-3920/ SUSE CVE CVE-2026-3920 page https://www.suse.com/security/cve/CVE-2026-3921/ SUSE CVE CVE-2026-3921 page https://www.suse.com/security/cve/CVE-2026-3922/ SUSE CVE CVE-2026-3922 page https://www.suse.com/security/cve/CVE-2026-3923/ SUSE CVE CVE-2026-3923 page https://www.suse.com/security/cve/CVE-2026-3924/ SUSE CVE CVE-2026-3924 page https://www.suse.com/security/cve/CVE-2026-3925/ SUSE CVE CVE-2026-3925 page https://www.suse.com/security/cve/CVE-2026-3926/ SUSE CVE CVE-2026-3926 page https://www.suse.com/security/cve/CVE-2026-3927/ SUSE CVE CVE-2026-3927 page https://www.suse.com/security/cve/CVE-2026-3928/ SUSE CVE CVE-2026-3928 page https://www.suse.com/security/cve/CVE-2026-3929/ SUSE CVE CVE-2026-3929 page https://www.suse.com/security/cve/CVE-2026-3930/ SUSE CVE CVE-2026-3930 page https://www.suse.com/security/cve/CVE-2026-3931/ SUSE CVE CVE-2026-3931 page https://www.suse.com/security/cve/CVE-2026-3932/ SUSE CVE CVE-2026-3932 page https://www.suse.com/security/cve/CVE-2026-3934/ SUSE CVE CVE-2026-3934 page https://www.suse.com/security/cve/CVE-2026-3935/ SUSE CVE CVE-2026-3935 page https://www.suse.com/security/cve/CVE-2026-3936/ SUSE CVE CVE-2026-3936 page https://www.suse.com/security/cve/CVE-2026-3937/ SUSE CVE CVE-2026-3937 page https://www.suse.com/security/cve/CVE-2026-3938/ SUSE CVE CVE-2026-3938 page https://www.suse.com/security/cve/CVE-2026-3939/ SUSE CVE CVE-2026-3939 page https://www.suse.com/security/cve/CVE-2026-3940/ SUSE CVE CVE-2026-3940 page https://www.suse.com/security/cve/CVE-2026-3941/ SUSE CVE CVE-2026-3941 page https://www.suse.com/security/cve/CVE-2026-3942/ SUSE CVE CVE-2026-3942 page openSUSE Leap 16.0 chromedriver-146.0.7680.80-bp160.1.1 chromium-146.0.7680.80-bp160.1.1 chromedriver-146.0.7680.80-bp160.1.1 as a component of openSUSE Leap 16.0 chromium-146.0.7680.80-bp160.1.1 as a component of openSUSE Leap 16.0 Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2026-3909 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3909.html CVE-2026-3909 https://bugzilla.suse.com/1259648 SUSE Bug 1259648 Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVE-2026-3910 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3910.html CVE-2026-3910 https://bugzilla.suse.com/1259648 SUSE Bug 1259648 Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVE-2026-3913 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3913.html CVE-2026-3913 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3914 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3914.html CVE-2026-3914 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) CVE-2026-3915 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3915.html CVE-2026-3915 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVE-2026-3916 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3916.html CVE-2026-3916 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3917 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3917.html CVE-2026-3917 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3918 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3918.html CVE-2026-3918 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3919 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3919.html CVE-2026-3919 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3920 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3920.html CVE-2026-3920 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3921 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3921.html CVE-2026-3921 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3922 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3922.html CVE-2026-3922 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2026-3923 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3923.html CVE-2026-3923 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVE-2026-3924 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3924.html CVE-2026-3924 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3925 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3925.html CVE-2026-3925 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3926 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3926.html CVE-2026-3926 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3927 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3927.html CVE-2026-3927 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2026-3928 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3928.html CVE-2026-3928 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3929 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3929.html CVE-2026-3929 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3930 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3930.html CVE-2026-3930 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3931 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3931.html CVE-2026-3931 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3932 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3932.html CVE-2026-3932 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3934 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3934.html CVE-2026-3934 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3935 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3935.html CVE-2026-3935 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2026-3936 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3936.html CVE-2026-3936 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3937 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3937.html CVE-2026-3937 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3938 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3938.html CVE-2026-3938 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) CVE-2026-3939 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3939.html CVE-2026-3939 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3940 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3940.html CVE-2026-3940 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3941 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3941.html CVE-2026-3941 https://bugzilla.suse.com/1259530 SUSE Bug 1259530 Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2026-3942 openSUSE Leap 16.0:chromedriver-146.0.7680.80-bp160.1.1 openSUSE Leap 16.0:chromium-146.0.7680.80-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-3942.html CVE-2026-3942 https://bugzilla.suse.com/1259530 SUSE Bug 1259530