openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0018-1 Rating: important References: #1235892 Cross-References: CVE-2025-0434 CVE-2025-0435 CVE-2025-0436 CVE-2025-0437 CVE-2025-0438 CVE-2025-0439 CVE-2025-0440 CVE-2025-0441 CVE-2025-0442 CVE-2025-0443 CVE-2025-0446 CVE-2025-0447 CVE-2025-0448 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 132.0.6834.83 (stable released 2024-01-14) (boo#1235892) * CVE-2025-0434: Out of bounds memory access in V8 * CVE-2025-0435: Inappropriate implementation in Navigation * CVE-2025-0436: Integer overflow in Skia * CVE-2025-0437: Out of bounds read in Metrics * CVE-2025-0438: Stack buffer overflow in Tracing * CVE-2025-0439: Race in Frames * CVE-2025-0440: Inappropriate implementation in Fullscreen * CVE-2025-0441: Inappropriate implementation in Fenced Frames * CVE-2025-0442: Inappropriate implementation in Payments * CVE-2025-0443: Insufficient data validation in Extensions * CVE-2025-0446: Inappropriate implementation in Extensions * CVE-2025-0447: Inappropriate implementation in Navigation * CVE-2025-0448: Inappropriate implementation in Compositing - update esbuild to 0.24.0 - drop old tarball - use upstream release tarball for 0.24.0 - add vendor tarball for golang.org/x/sys - add to keeplibs: third_party/libtess2 third_party/devtools-frontend/src/node_modules/fast-glob Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-18=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-132.0.6834.83-bp156.2.69.1 chromium-132.0.6834.83-bp156.2.69.1 References: https://www.suse.com/security/cve/CVE-2025-0434.html https://www.suse.com/security/cve/CVE-2025-0435.html https://www.suse.com/security/cve/CVE-2025-0436.html https://www.suse.com/security/cve/CVE-2025-0437.html https://www.suse.com/security/cve/CVE-2025-0438.html https://www.suse.com/security/cve/CVE-2025-0439.html https://www.suse.com/security/cve/CVE-2025-0440.html https://www.suse.com/security/cve/CVE-2025-0441.html https://www.suse.com/security/cve/CVE-2025-0442.html https://www.suse.com/security/cve/CVE-2025-0443.html https://www.suse.com/security/cve/CVE-2025-0446.html https://www.suse.com/security/cve/CVE-2025-0447.html https://www.suse.com/security/cve/CVE-2025-0448.html https://bugzilla.suse.com/1235892