openSUSE Addresses Critical Vulnerabilities in Chromium and Chromedriver
Severity: High (Score: 70.5)
Sources: Linuxsecurity
Published: · Updated:
Keywords: opensuse, security, chromium, patch, chromedriver, issues, fixed
Severity indicators: vulnerabilities, issue
Summary
On June 8, 2026, openSUSE released security updates for critical vulnerabilities in the Chromium and Chromedriver packages, specifically version 149.0.7827.53. The updates address important vulnerabilities categorized under CVE-2026-0194 and moderate security issues in CVE-2026-10958. The affected systems include openSUSE Backports SLE-15-SP7 and openSUSE Tumbleweed. Users are advised to apply the patches immediately using recommended installation methods like 'zypper patch' or 'YaST online_update'. The vulnerabilities could potentially allow attackers to exploit the affected software, leading to unauthorized access or data breaches. The updates are crucial for maintaining the security of systems running these packages. Administrators are encouraged to stay informed about the latest security advisories. Key Points: • Critical vulnerabilities in Chromium and Chromedriver require immediate patching. • Affected versions include 149.0.7827.53 in openSUSE Backports and Tumbleweed. • Users should utilize 'zypper patch' or 'YaST online_update' to apply the updates.
Detailed Analysis
**Impact** Users of openSUSE distributions, specifically those running Chromium and Chromedriver versions prior to 149.0.7827.53, are affected. This includes deployments on openSUSE Tumbleweed and Backports SLE-15-SP7 across multiple architectures (aarch64, ppc64le, x86_64). Potential impacts include compromised browser security that could affect any sector relying on these components for web access or automation, with no specific geographic limitations noted. **Technical Details** The vulnerabilities addressed are within Chromium and Chromedriver packages version 149.0.7827.53. No specific CVEs or attack vectors are detailed in the sources. The updates fix multiple security issues in chromedriver-149.0.7827.53-2.1 and chromium-149.0.7827.53-2.1 packages, but no indicators of compromise (IOCs), malware, or TTPs are provided. **Recommended Response** Apply the security patches immediately using openSUSE’s recommended methods such as YaST online_update or the command `zypper patch` for Backports SLE-15-SP7 and Tumbleweed. Ensure chromium and chromedriver packages are updated to version 149.0.7827.53 or later. Monitor for unusual browser or automation tool behavior but no specific detection signatures are available from the sources.
Source articles (2)
- openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958 — Linuxsecurity · 2026-06-08
These are all security issues fixed in the chromedriver-149.0.7827.53-2.1 package on the GA media of openSUSE Tumbleweed. * openSUSE Tumbleweed: * chromedriver 149.0.7827.53-2.1 * chromium 149.0.7827.… - openSUSE Chromium Important Vulnerabilities Patch 2026-0194 — Linuxsecurity · 2026-06-08
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openS…
Timeline
- 2026-06-08 — openSUSE releases security updates: Security updates for Chromium and Chromedriver vulnerabilities were published, addressing CVE-2026-0194 and CVE-2026-10958.
- 2026-06-08 — Users advised to apply patches: openSUSE recommends using 'zypper patch' or 'YaST online_update' to mitigate the vulnerabilities.
Related entities
- Chromedriver (Tool)
- Chromium (Platform)
- Linux (Platform)
- OpenSUSE (Company)