openSUSE-SU-2025:20037-1

Опубликовано: 10 нояб. 2025

Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium fixes the following issues:

Chromium 142.0.7444.134 (boo#1253089):

CVE-2025-12725: Out of bounds write in WebGPU
CVE-2025-12726: Inappropriate implementation in Views
CVE-2025-12727: Inappropriate implementation in V8
CVE-2025-12728: Inappropriate implementation in Omnibox
CVE-2025-12729: Inappropriate implementation in Omnibox

Список пакетов

openSUSE Leap 16.0

chromedriver-142.0.7444.59-bp160.1.1

chromium-142.0.7444.59-bp160.1.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1253089
SUSE Bug 1253089
https://www.suse.com/security/cve/CVE-2025-12725/
SUSE CVE CVE-2025-12725 page
https://www.suse.com/security/cve/CVE-2025-12726/
SUSE CVE CVE-2025-12726 page
https://www.suse.com/security/cve/CVE-2025-12727/
SUSE CVE CVE-2025-12727 page
https://www.suse.com/security/cve/CVE-2025-12728/
SUSE CVE CVE-2025-12728 page
https://www.suse.com/security/cve/CVE-2025-12729/
SUSE CVE CVE-2025-12729 page

Описание

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1

openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-12725.html
CVE-2025-12725
https://bugzilla.suse.com/1253089
SUSE Bug 1253089

Описание

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1

openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-12726.html
CVE-2025-12726
https://bugzilla.suse.com/1253089
SUSE Bug 1253089

Описание

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1

openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-12727.html
CVE-2025-12727
https://bugzilla.suse.com/1253089
SUSE Bug 1253089

Описание

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты

openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1

openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-12728.html
CVE-2025-12728
https://bugzilla.suse.com/1253089
SUSE Bug 1253089

Описание

Затронутые продукты

openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1

openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-12729.html
CVE-2025-12729
https://bugzilla.suse.com/1253089
SUSE Bug 1253089

openSUSE-SU-2025:20037-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2025-12725

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-12726

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-12727

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-12728

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-12729

Описание

Затронутые продукты

Ссылки