Detections
Analytics

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20727-1)

critical Nessus Plugin ID 315031

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20727-1 advisory.

 Changes in chromium:

 - Chromium 148.0.7778.167 (boo#1265159)

 - Chromium 148 (148.0.7778.96) promoted to stable (boo#1264175)
 * CVE-2026-7896: Integer overflow in Blink
 * CVE-2026-7897: Use after free in Mobile
 * CVE-2026-7898: Use after free in Chromoting
 * CVE-2026-7899: Out of bounds read and write in V8
 * CVE-2026-7900: Heap buffer overflow in ANGLE
 * CVE-2026-7901: Use after free in ANGLE
 * CVE-2026-7902: Out of bounds memory access in V8
 * CVE-2026-7903: Integer overflow in ANGLE
 * CVE-2026-7904: Out of bounds read in Fonts
 * CVE-2026-7905: Insufficient validation of untrusted input in Media
 * CVE-2026-7906: Use after free in SVG
 * CVE-2026-7907: Use after free in DOM
 * CVE-2026-7908: Use after free in Fullscreen
 * CVE-2026-7909: Inappropriate implementation in ServiceWorker
 * CVE-2026-7910: Use after free in Views
 * CVE-2026-7911: Use after free in Aura
 * CVE-2026-7912: Integer overflow in GPU
 * CVE-2026-7913: Insufficient policy enforcement in DevTools
 * CVE-2026-7914: Type Confusion in Accessibility
 * CVE-2026-7915: Insufficient data validation in DevTools
 * CVE-2026-7916: Insufficient data validation in InterestGroups
 * CVE-2026-7917: Use after free in Fullscreen
 * CVE-2026-7918: Use after free in GPU
 * CVE-2026-7919: Use after free in Aura
 * CVE-2026-7920: Use after free in Skia
 * CVE-2026-7921: Use after free in Passwords
 * CVE-2026-7922: Use after free in ServiceWorker
 * CVE-2026-7923: Out of bounds write in Skia
 * CVE-2026-7924: Uninitialized Use in Dawn
 * CVE-2026-7925: Use after free in Chromoting
 * CVE-2026-7926: Use after free in PresentationAPI
 * CVE-2026-7927: Type Confusion in Runtime
 * CVE-2026-7928: Use after free in WebRTC
 * CVE-2026-7929: Use after free in MediaRecording
 * CVE-2026-7930: Insufficient validation of untrusted input in Cookies
 * CVE-2026-7931: Insufficient validation of untrusted input in iOS
 * CVE-2026-7932: Insufficient policy enforcement in Downloads
 * CVE-2026-7933: Out of bounds read in WebCodecs
 * CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker
 * CVE-2026-7935: Inappropriate implementation in Speech
 * CVE-2026-7936: Object lifecycle issue in V8
 * CVE-2026-7937: Insufficient policy enforcement in DevTools
 * CVE-2026-7938: Use after free in CSS
 * CVE-2026-7939: Inappropriate implementation in SanitizerAPI
 * CVE-2026-7940: Use after free in V8
 * CVE-2026-7941: Insufficient validation of untrusted input in Mobile
 * CVE-2026-7942: Integer overflow in ANGLE
 * CVE-2026-7943: Insufficient validation of untrusted input in ANGLE
 * CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache
 * CVE-2026-7945: Insufficient validation of untrusted input in COOP
 * CVE-2026-7946: Insufficient policy enforcement in WebUI
 * CVE-2026-7947: Insufficient validation of untrusted input in Network
 * CVE-2026-7948: Race in Chromoting
 * CVE-2026-7949: Out of bounds read in Skia
 * CVE-2026-7950: Out of bounds read and write in GFX
 * CVE-2026-7951: Out of bounds write in WebRTC
 * CVE-2026-7952: Insufficient policy enforcement in Extensions
 * CVE-2026-7953: Insufficient validation of untrusted input in Omnibox
 * CVE-2026-7954: Race in Shared Storage
 * CVE-2026-7955: Uninitialized Use in GPU
 * CVE-2026-7956: Use after free in Navigation
 * CVE-2026-7957: Out of bounds write in Media
 * CVE-2026-7958: Inappropriate implementation in ServiceWorker
 * CVE-2026-7959: Inappropriate implementation in Navigation
 * CVE-2026-7960: Race in Speech
 * CVE-2026-7961: Insufficient validation of untrusted input in Permissions
 * CVE-2026-7962: Insufficient policy enforcement in DirectSockets
 * CVE-2026-7963: Inappropriate implementation in ServiceWorker
 * CVE-2026-7964: Insufficient validation of untrusted input in FileSystem
 * CVE-2026-7965: Insufficient validation of untrusted input in DevTools
 * CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation
 * CVE-2026-7967: Insufficient validation of untrusted input in Navigation
 * CVE-2026-7968: Insufficient validation of untrusted input in CORS
 * CVE-2026-7969: Integer overflow in Network
 * CVE-2026-7970: Use after free in TopChrome
 * CVE-2026-7971: Inappropriate implementation in ORB
 * CVE-2026-7972: Uninitialized Use in GPU
 * CVE-2026-7973: Integer overflow in Dawn
 * CVE-2026-7974: Use after free in Blink
 * CVE-2026-7975: Use after free in DevTools
 * CVE-2026-7976: Use after free in Views
 * CVE-2026-7977: Inappropriate implementation in Canvas
 * CVE-2026-7978: Inappropriate implementation in Companion
 * CVE-2026-7979: Inappropriate implementation in Media
 * CVE-2026-7980: Use after free in WebAudio
 * CVE-2026-7981: Out of bounds read in Codecs
 * CVE-2026-7982: Uninitialized Use in WebCodecs
 * CVE-2026-7983: Out of bounds read in Dawn
 * CVE-2026-7984: Use after free in ReadingMode
 * CVE-2026-7985: Use after free in GPU
 * CVE-2026-7986: Insufficient policy enforcement in Autofill
 * CVE-2026-7987: Use after free in WebRTC
 * CVE-2026-7988: Type Confusion in WebRTC
 * CVE-2026-7989: Insufficient data validation in DataTransfer
 * CVE-2026-7990: Insufficient validation of untrusted input in Updater
 * CVE-2026-7991: Use after free in UI
 * CVE-2026-7992: Insufficient validation of untrusted input in UI
 * CVE-2026-7993: Insufficient validation of untrusted input in Payments
 * CVE-2026-7994: Inappropriate implementation in Chromoting
 * CVE-2026-7995: Out of bounds read in AdFilter
 * CVE-2026-7996: Insufficient validation of untrusted input in SSL
 * CVE-2026-7997: Insufficient validation of untrusted input in Updater
 * CVE-2026-7998: Insufficient validation of untrusted input in Dialog
 * CVE-2026-7999: Inappropriate implementation in V8
 * CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver
 * CVE-2026-8001: Use after free in Printing
 * CVE-2026-8002: Use after free in Audio
 * CVE-2026-8003: Insufficient validation of untrusted input in TabGroups
 * CVE-2026-8004: Insufficient policy enforcement in DevTools
 * CVE-2026-8005: Insufficient validation of untrusted input in Cast
 * CVE-2026-8006: Insufficient policy enforcement in DevTools
 * CVE-2026-8007: Insufficient validation of untrusted input in Cast
 * CVE-2026-8008: Inappropriate implementation in DevTools
 * CVE-2026-8009: Inappropriate implementation in Cast
 * CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation
 * CVE-2026-8011: Insufficient policy enforcement in Search
 * CVE-2026-8012: Inappropriate implementation in MHTML
 * CVE-2026-8013: Insufficient validation of untrusted input in FedCM
 * CVE-2026-8014: Inappropriate implementation in Preload
 * CVE-2026-8015: Inappropriate implementation in Media
 * CVE-2026-8016: Use after free in WebRTC
 * CVE-2026-8017: Side-channel information leakage in Media
 * CVE-2026-8018: Insufficient policy enforcement in DevTools
 * CVE-2026-8019: Insufficient policy enforcement in WebApp
 * CVE-2026-8020: Uninitialized Use in GPU
 * CVE-2026-8021: Script injection in UI
 * CVE-2026-8022: Inappropriate implementation in MHTML

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromedriver and / or chromium packages.

See Also

https://www.suse.com/security/cve/CVE-2026-7994

https://www.suse.com/security/cve/CVE-2026-7995

https://www.suse.com/security/cve/CVE-2026-7996

https://www.suse.com/security/cve/CVE-2026-7997

https://www.suse.com/security/cve/CVE-2026-7998

https://www.suse.com/security/cve/CVE-2026-7999

https://www.suse.com/security/cve/CVE-2026-8000

https://www.suse.com/security/cve/CVE-2026-8001

https://www.suse.com/security/cve/CVE-2026-8002

https://www.suse.com/security/cve/CVE-2026-8003

https://www.suse.com/security/cve/CVE-2026-8004

https://www.suse.com/security/cve/CVE-2026-8005

https://www.suse.com/security/cve/CVE-2026-8006

https://www.suse.com/security/cve/CVE-2026-8007

https://www.suse.com/security/cve/CVE-2026-8008

https://www.suse.com/security/cve/CVE-2026-8009

https://www.suse.com/security/cve/CVE-2026-8010

https://www.suse.com/security/cve/CVE-2026-8011

https://www.suse.com/security/cve/CVE-2026-8012

https://www.suse.com/security/cve/CVE-2026-8013

https://www.suse.com/security/cve/CVE-2026-8014

https://www.suse.com/security/cve/CVE-2026-8015

https://www.suse.com/security/cve/CVE-2026-8016

https://www.suse.com/security/cve/CVE-2026-8017

https://www.suse.com/security/cve/CVE-2026-8018

https://www.suse.com/security/cve/CVE-2026-8019

https://www.suse.com/security/cve/CVE-2026-8020

https://www.suse.com/security/cve/CVE-2026-8021

https://www.suse.com/security/cve/CVE-2026-8022

https://bugzilla.suse.com/1264175

https://bugzilla.suse.com/1265159

https://www.suse.com/security/cve/CVE-2026-7896

https://www.suse.com/security/cve/CVE-2026-7897

https://www.suse.com/security/cve/CVE-2026-7898

https://www.suse.com/security/cve/CVE-2026-7899

https://www.suse.com/security/cve/CVE-2026-7900

https://www.suse.com/security/cve/CVE-2026-7901

https://www.suse.com/security/cve/CVE-2026-7902

https://www.suse.com/security/cve/CVE-2026-7903

https://www.suse.com/security/cve/CVE-2026-7904

https://www.suse.com/security/cve/CVE-2026-7905

https://www.suse.com/security/cve/CVE-2026-7906

https://www.suse.com/security/cve/CVE-2026-7907

https://www.suse.com/security/cve/CVE-2026-7908

https://www.suse.com/security/cve/CVE-2026-7909

https://www.suse.com/security/cve/CVE-2026-7910

https://www.suse.com/security/cve/CVE-2026-7911

https://www.suse.com/security/cve/CVE-2026-7912

https://www.suse.com/security/cve/CVE-2026-7913

https://www.suse.com/security/cve/CVE-2026-7914

https://www.suse.com/security/cve/CVE-2026-7915

https://www.suse.com/security/cve/CVE-2026-7916

https://www.suse.com/security/cve/CVE-2026-7917

https://www.suse.com/security/cve/CVE-2026-7918

https://www.suse.com/security/cve/CVE-2026-7919

https://www.suse.com/security/cve/CVE-2026-7920

https://www.suse.com/security/cve/CVE-2026-7921

https://www.suse.com/security/cve/CVE-2026-7922

https://www.suse.com/security/cve/CVE-2026-7923

https://www.suse.com/security/cve/CVE-2026-7924

https://www.suse.com/security/cve/CVE-2026-7925

https://www.suse.com/security/cve/CVE-2026-7926

https://www.suse.com/security/cve/CVE-2026-7927

https://www.suse.com/security/cve/CVE-2026-7928

https://www.suse.com/security/cve/CVE-2026-7929

https://www.suse.com/security/cve/CVE-2026-7930

https://www.suse.com/security/cve/CVE-2026-7931

https://www.suse.com/security/cve/CVE-2026-7932

https://www.suse.com/security/cve/CVE-2026-7933

https://www.suse.com/security/cve/CVE-2026-7934

https://www.suse.com/security/cve/CVE-2026-7935

https://www.suse.com/security/cve/CVE-2026-7936

https://www.suse.com/security/cve/CVE-2026-7937

https://www.suse.com/security/cve/CVE-2026-7938

https://www.suse.com/security/cve/CVE-2026-7939

https://www.suse.com/security/cve/CVE-2026-7940

https://www.suse.com/security/cve/CVE-2026-7941

https://www.suse.com/security/cve/CVE-2026-7942

https://www.suse.com/security/cve/CVE-2026-7943

https://www.suse.com/security/cve/CVE-2026-7944

https://www.suse.com/security/cve/CVE-2026-7945

https://www.suse.com/security/cve/CVE-2026-7946

https://www.suse.com/security/cve/CVE-2026-7947

https://www.suse.com/security/cve/CVE-2026-7948

https://www.suse.com/security/cve/CVE-2026-7949

https://www.suse.com/security/cve/CVE-2026-7950

https://www.suse.com/security/cve/CVE-2026-7951

https://www.suse.com/security/cve/CVE-2026-7952

https://www.suse.com/security/cve/CVE-2026-7953

https://www.suse.com/security/cve/CVE-2026-7954

https://www.suse.com/security/cve/CVE-2026-7955

https://www.suse.com/security/cve/CVE-2026-7956

https://www.suse.com/security/cve/CVE-2026-7957

https://www.suse.com/security/cve/CVE-2026-7958

https://www.suse.com/security/cve/CVE-2026-7959

https://www.suse.com/security/cve/CVE-2026-7960

https://www.suse.com/security/cve/CVE-2026-7961

https://www.suse.com/security/cve/CVE-2026-7962

https://www.suse.com/security/cve/CVE-2026-7963

https://www.suse.com/security/cve/CVE-2026-7964

https://www.suse.com/security/cve/CVE-2026-7965

https://www.suse.com/security/cve/CVE-2026-7966

https://www.suse.com/security/cve/CVE-2026-7967

https://www.suse.com/security/cve/CVE-2026-7968

https://www.suse.com/security/cve/CVE-2026-7969

https://www.suse.com/security/cve/CVE-2026-7970

https://www.suse.com/security/cve/CVE-2026-7971

https://www.suse.com/security/cve/CVE-2026-7972

https://www.suse.com/security/cve/CVE-2026-7973

https://www.suse.com/security/cve/CVE-2026-7974

https://www.suse.com/security/cve/CVE-2026-7975

https://www.suse.com/security/cve/CVE-2026-7976

https://www.suse.com/security/cve/CVE-2026-7977

https://www.suse.com/security/cve/CVE-2026-7978

https://www.suse.com/security/cve/CVE-2026-7979

https://www.suse.com/security/cve/CVE-2026-7980

https://www.suse.com/security/cve/CVE-2026-7981

https://www.suse.com/security/cve/CVE-2026-7982

https://www.suse.com/security/cve/CVE-2026-7983

https://www.suse.com/security/cve/CVE-2026-7984

https://www.suse.com/security/cve/CVE-2026-7985

https://www.suse.com/security/cve/CVE-2026-7986

https://www.suse.com/security/cve/CVE-2026-7987

https://www.suse.com/security/cve/CVE-2026-7988

https://www.suse.com/security/cve/CVE-2026-7989

https://www.suse.com/security/cve/CVE-2026-7990

https://www.suse.com/security/cve/CVE-2026-7991

https://www.suse.com/security/cve/CVE-2026-7992

https://www.suse.com/security/cve/CVE-2026-7993

Plugin Details

Severity: Critical

ID: 315031

File Name: openSUSE-2026-20727-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 5/16/2026

Updated: 5/16/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-7927

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-7910

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromedriver, cpe:/o:novell:opensuse:16.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2026

Vulnerability Publication Date: 5/5/2026

Reference Information

CVE: CVE-2026-7896, CVE-2026-7897, CVE-2026-7898, CVE-2026-7899, CVE-2026-7900, CVE-2026-7901, CVE-2026-7902, CVE-2026-7903, CVE-2026-7904, CVE-2026-7905, CVE-2026-7906, CVE-2026-7907, CVE-2026-7908, CVE-2026-7909, CVE-2026-7910, CVE-2026-7911, CVE-2026-7912, CVE-2026-7913, CVE-2026-7914, CVE-2026-7915, CVE-2026-7916, CVE-2026-7917, CVE-2026-7918, CVE-2026-7919, CVE-2026-7920, CVE-2026-7921, CVE-2026-7922, CVE-2026-7923, CVE-2026-7924, CVE-2026-7925, CVE-2026-7926, CVE-2026-7927, CVE-2026-7928, CVE-2026-7929, CVE-2026-7930, CVE-2026-7931, CVE-2026-7932, CVE-2026-7933, CVE-2026-7934, CVE-2026-7935, CVE-2026-7936, CVE-2026-7937, CVE-2026-7938, CVE-2026-7939, CVE-2026-7940, CVE-2026-7941, CVE-2026-7942, CVE-2026-7943, CVE-2026-7944, CVE-2026-7945, CVE-2026-7946, CVE-2026-7947, CVE-2026-7948, CVE-2026-7949, CVE-2026-7950, CVE-2026-7951, CVE-2026-7952, CVE-2026-7953, CVE-2026-7954, CVE-2026-7955, CVE-2026-7956, CVE-2026-7957, CVE-2026-7958, CVE-2026-7959, CVE-2026-7960, CVE-2026-7961, CVE-2026-7962, CVE-2026-7963, CVE-2026-7964, CVE-2026-7965, CVE-2026-7966, CVE-2026-7967, CVE-2026-7968, CVE-2026-7969, CVE-2026-7970, CVE-2026-7971, CVE-2026-7972, CVE-2026-7973, CVE-2026-7974, CVE-2026-7975, CVE-2026-7976, CVE-2026-7977, CVE-2026-7978, CVE-2026-7979, CVE-2026-7980, CVE-2026-7981, CVE-2026-7982, CVE-2026-7983, CVE-2026-7984, CVE-2026-7985, CVE-2026-7986, CVE-2026-7987, CVE-2026-7988, CVE-2026-7989, CVE-2026-7990, CVE-2026-7991, CVE-2026-7992, CVE-2026-7993, CVE-2026-7994, CVE-2026-7995, CVE-2026-7996, CVE-2026-7997, CVE-2026-7998, CVE-2026-7999, CVE-2026-8000, CVE-2026-8001, CVE-2026-8002, CVE-2026-8003, CVE-2026-8004, CVE-2026-8005, CVE-2026-8006, CVE-2026-8007, CVE-2026-8008, CVE-2026-8009, CVE-2026-8010, CVE-2026-8011, CVE-2026-8012, CVE-2026-8013, CVE-2026-8014, CVE-2026-8015, CVE-2026-8016, CVE-2026-8017, CVE-2026-8018, CVE-2026-8019, CVE-2026-8020, CVE-2026-8021, CVE-2026-8022