Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2025:20020-1

Опубликовано: 15 окт. 2025
Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium fixes the following issues:

Chromium 141.0.7390.76:

  • Do not send URLs as AIM input. This is to resolve a privacy concern, around passing urls to AI Mode.

Chromium 141.0.7390.65 (boo#1251334):

  • CVE-2025-11458: Heap buffer overflow in Sync
  • CVE-2025-11460: Use after free in Storage
  • CVE-2025-11211: Out of bounds read in WebCodecs

Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)

  • CVE-2025-11205: Heap buffer overflow in WebGPU
  • CVE-2025-11206: Heap buffer overflow in Video
  • CVE-2025-11207: Side-channel information leakage in Storage
  • CVE-2025-11208: Inappropriate implementation in Media
  • CVE-2025-11209: Inappropriate implementation in Omnibox
  • CVE-2025-11210: Side-channel information leakage in Tab
  • CVE-2025-11211: Out of bounds read in Media
  • CVE-2025-11212: Inappropriate implementation in Media
  • CVE-2025-11213: Inappropriate implementation in Omnibox
  • CVE-2025-11215: Off by one error in V8
  • CVE-2025-11216: Inappropriate implementation in Storage
  • CVE-2025-11219: Use after free in V8
  • Various fixes from internal audits, fuzzing and other initiatives

Chromium 141.0.7390.37 (beta released 2025-09-24)

Chromium 140.0.7339.207 (boo#1250472)

  • CVE-2025-10890: Side-channel information leakage in V8
  • CVE-2025-10891: Integer overflow in V8
  • CVE-2025-10892: Integer overflow in V8

Список пакетов

openSUSE Leap 16.0
chromedriver-141.0.7390.76-bp160.1.1
chromium-141.0.7390.76-bp160.1.1

Ссылки

Описание

Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки

Описание

Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)

Затронутые продукты
openSUSE Leap 16.0:chromedriver-141.0.7390.76-bp160.1.1
openSUSE Leap 16.0:chromium-141.0.7390.76-bp160.1.1
Ссылки
Уязвимость openSUSE-SU-2025:20020-1