Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2025:0145-1

Опубликовано: 06 мая 2025
Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium fixes the following issues:

  • Chromium 136.0.7103.48 (stable release 2025-04-29) (boo#1242153)

    • CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11
    • CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09
    • CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-1
    • CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10

  • bump esbuild from 0.24.0 to 0.25.1

    • Fix incorrect paths in inline source maps (#4070, #4075, #4105)
    • Fix invalid generated source maps (#4080, #4082, #4104, #4107)
    • Fix a regression with non-file source map paths (#4078)
    • Update Go from 1.23.5 to 1.23.7 (#4076, #4077)

  • Chromium 135.0.7049.114 (stable release 2025-04-22)

    • stability fixes

Список пакетов

SUSE Package Hub 15 SP6
chromedriver-136.0.7103.59-bp156.2.113.2
chromium-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6
chromedriver-136.0.7103.59-bp156.2.113.2
chromium-136.0.7103.59-bp156.2.113.2

Ссылки

Описание

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2
SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2
Ссылки

Описание

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2
SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2
Ссылки

Описание

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Затронутые продукты
SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2
SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2
Ссылки

Описание

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2
SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2
openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2
Ссылки
Уязвимость openSUSE-SU-2025:0145-1 - exploitDog