Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0094-1 Rating: important References: 1259964 Cross-References: CVE-2026-4439 CVE-2026-4440 CVE-2026-4441 CVE-2026-4442 CVE-2026-4443 CVE-2026-4444 CVE-2026-4445 CVE-2026-4446 CVE-2026-4447 CVE-2026-4448...

SUSE CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2019-25577

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

CVE-2026-4442

A heap buffer overflow flaw was found in the CSS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484751092...

DEBIAN-CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-4442

CVE-2026-4442 describes a heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is associated with Chromium components and is rated high severity. The description ...

CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-13451

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google Chrome < 146.0.7680.153 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.153. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop18 advisory. - Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allow...

Google Chrome < 146.0.7680.153 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 146.0.7680.153. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop18 advisory. - Use after free in Extensions in Google Chrome prior to 146.0.7680.153...

PT-2026-29979

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.13 Description An issue exists in Roundcube Webmail where insufficient Cascading Style Sheets CSS sanitization in HTML email messages could lead to Server-Side Request Forgery SSRF or Information...

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

PT-2026-29451

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A use-after-free issue in the CSS engine of Google Chrome prior to version 146.0.7680.178 could allow a remote attacker to execute arbitrary code within a sandbox environment through a...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...

Malicious code in vue-scoped-css (npm)

The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

MAL-2026-1538 Malicious code in vue-scoped-css (npm)

The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

CVE-2026-22209 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1 in the custom CSS setting to execute arbitrary JavaScript i...