Описание
Security update for chromium
This update for chromium fixes the following issues:
- Chromium 132.0.6834.83
(stable released 2024-01-14) (boo#1235892)
- CVE-2025-0434: Out of bounds memory access in V8
- CVE-2025-0435: Inappropriate implementation in Navigation
- CVE-2025-0436: Integer overflow in Skia
- CVE-2025-0437: Out of bounds read in Metrics
- CVE-2025-0438: Stack buffer overflow in Tracing
- CVE-2025-0439: Race in Frames
- CVE-2025-0440: Inappropriate implementation in Fullscreen
- CVE-2025-0441: Inappropriate implementation in Fenced Frames
- CVE-2025-0442: Inappropriate implementation in Payments
- CVE-2025-0443: Insufficient data validation in Extensions
- CVE-2025-0446: Inappropriate implementation in Extensions
- CVE-2025-0447: Inappropriate implementation in Navigation
- CVE-2025-0448: Inappropriate implementation in Compositing
- update esbuild to 0.24.0
- drop old tarball
- use upstream release tarball for 0.24.0
- add vendor tarball for golang.org/x/sys
- add to keeplibs: third_party/libtess2 third_party/devtools-frontend/src/node_modules/fast-glob
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2025:0018-1
- SUSE Security Ratings
- SUSE Bug 1235892
- SUSE CVE CVE-2025-0434 page
- SUSE CVE CVE-2025-0435 page
- SUSE CVE CVE-2025-0436 page
- SUSE CVE CVE-2025-0437 page
- SUSE CVE CVE-2025-0438 page
- SUSE CVE CVE-2025-0439 page
- SUSE CVE CVE-2025-0440 page
- SUSE CVE CVE-2025-0441 page
- SUSE CVE CVE-2025-0442 page
- SUSE CVE CVE-2025-0443 page
- SUSE CVE CVE-2025-0446 page
- SUSE CVE CVE-2025-0447 page
- SUSE CVE CVE-2025-0448 page
Описание
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2025-0434
- SUSE Bug 1235892
Описание
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2025-0435
- SUSE Bug 1235892
Описание
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2025-0436
- SUSE Bug 1235892
Описание
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2025-0437
- SUSE Bug 1235892
Описание
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2025-0438
- SUSE Bug 1235892
Описание
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-0439
- SUSE Bug 1235892
Описание
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-0440
- SUSE Bug 1235892
Описание
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-0441
- SUSE Bug 1235892
Описание
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-0442
- SUSE Bug 1235892
Описание
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-0443
- SUSE Bug 1235892
Описание
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2025-0446
- SUSE Bug 1235892
Описание
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2025-0447
- SUSE Bug 1235892
Описание
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2025-0448
- SUSE Bug 1235892