openSUSE Security Update: Security update for chromium, gn ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0115-1 Rating: important References: #1240555 Cross-References: CVE-2025-3066 CVE-2025-3067 CVE-2025-3068 CVE-2025-3069 CVE-2025-3070 CVE-2025-3071 CVE-2025-3072 CVE-2025-3073 CVE-2025-3074 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for chromium, gn fixes the following issues: Changes in chromium: - Chromium 135.0.7049.52 (stable release 2025-04-01) (boo#1240555) * CVE-2025-3066: Use after free in Navigations * CVE-2025-3067: Inappropriate implementation in Custom Tabs * CVE-2025-3068: Inappropriate implementation in Intents * CVE-2025-3069: Inappropriate implementation in Extensions * CVE-2025-3070: Insufficient validation of untrusted input in Extensions * CVE-2025-3071: Inappropriate implementation in Navigations * CVE-2025-3072: Inappropriate implementation in Custom Tabs * CVE-2025-3073: Inappropriate implementation in Autofill * CVE-2025-3074: Inappropriate implementation in Downloads Changes in gn: - Update to version 0.20250306: * Remove deps from rust executable to module's pcm files * Update test for rust executable deps * Add toolchain for cxx modules in TestWithScope * Apply the latest clang-format * Update reference for {rustdeps} * Always generate a .toolchain file even if it is empty. * Pass --with-lg-page=16 when building jemalloc for arm64. * Remove obsolete debug checks. * Make default vs ide version on Windows as 2022 * Reland "Adds a path_exists() function" * Revert "Adds a path_exists() function" * Adds a path_exists() function * Revert "Speed-up GN with custom OutputStream interface." * Speed-up GN with custom OutputStream interface. * Add `exec_script_allowlist` to replace `exec_script_whitelist`. * Retry ReplaceFile in case of failure * Fix crash when NinjaBuildWriter::RunAndWriteFile fails * fix include for escape.h * fix exit code for gn gen failure * misc: Use html.escape instead of cgi.escape * Do not copy parent build_dependency_files_ in Scope constructors. * Improve error message for duplicated items * [rust-project] Always use forward slashes in sysroot paths * Update all_dependent_configs docs. * set 'no_stamp_files' by default * fix a typo * Stop using transitional LFS64 APIs * do not use tool prefix for phony rule * [rust] Add sysroot_src to rust-project.json * Implement and enable 'no_stamp_files' * Add Target::dependency_output_alias() * Add "outputs" to generated_file documentation. * Update bug database link. * remove a trailing space after variable bindings * fix tool name in error * remove unused includes * Markdown optimization (follow-up) * Support link_output, depend_output in Rust linked tools. * Properly verify runtime_outputs in rust tool definitions. * BugFix: Syntax error in gen.py file * generated_file: add output to input deps of stamp * Markdown optimization: * Revert "Rust: link_output, depend_output and runtime_outputs for dylibs" * hint using nogncheck on disallowed includes Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-115=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gn-0.20250306-bp156.2.6.1 gn-debuginfo-0.20250306-bp156.2.6.1 gn-debugsource-0.20250306-bp156.2.6.1 - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-135.0.7049.52-bp156.2.102.2 chromium-135.0.7049.52-bp156.2.102.2 References: https://www.suse.com/security/cve/CVE-2025-3066.html https://www.suse.com/security/cve/CVE-2025-3067.html https://www.suse.com/security/cve/CVE-2025-3068.html https://www.suse.com/security/cve/CVE-2025-3069.html https://www.suse.com/security/cve/CVE-2025-3070.html https://www.suse.com/security/cve/CVE-2025-3071.html https://www.suse.com/security/cve/CVE-2025-3072.html https://www.suse.com/security/cve/CVE-2025-3073.html https://www.suse.com/security/cve/CVE-2025-3074.html https://bugzilla.suse.com/1240555