Описание
Security update for chromium
Chromium was updated to 134.0.6998.35 (stable release 2025-03-04) (boo#1238575):
- CVE-2025-1914: Out of bounds read in V8
- CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools
- CVE-2025-1916: Use after free in Profiles
- CVE-2025-1917: Inappropriate Implementation in Browser UI
- CVE-2025-1918: Out of bounds read in PDFium
- CVE-2025-1919: Out of bounds read in Media
- CVE-2025-1921: Inappropriate Implementation in Media Stream
- CVE-2025-1922: Inappropriate Implementation in Selection
- CVE-2025-1923: Inappropriate Implementation in Permission Prompts
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2025:0084-1
- SUSE Security Ratings
- SUSE Bug 1238575
- SUSE CVE CVE-2025-1914 page
- SUSE CVE CVE-2025-1915 page
- SUSE CVE CVE-2025-1916 page
- SUSE CVE CVE-2025-1917 page
- SUSE CVE CVE-2025-1918 page
- SUSE CVE CVE-2025-1919 page
- SUSE CVE CVE-2025-1921 page
- SUSE CVE CVE-2025-1922 page
- SUSE CVE CVE-2025-1923 page
Описание
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2025-1914
- SUSE Bug 1238575
Описание
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-1915
- SUSE Bug 1238575
Описание
Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-1916
- SUSE Bug 1238575
Описание
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-1917
- SUSE Bug 1238575
Описание
Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-1918
- SUSE Bug 1238575
Описание
Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-1919
- SUSE Bug 1238575
Описание
Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2025-1921
- SUSE Bug 1238575
Описание
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2025-1922
- SUSE Bug 1238575
Описание
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2025-1923
- SUSE Bug 1238575