Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:0084-1 Final 1 1 2025-03-07T10:03:34Z current 2025-03-07T10:03:34Z 2025-03-07T10:03:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium Chromium was updated to 134.0.6998.35 (stable release 2025-03-04) (boo#1238575): * CVE-2025-1914: Out of bounds read in V8 * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools * CVE-2025-1916: Use after free in Profiles * CVE-2025-1917: Inappropriate Implementation in Browser UI * CVE-2025-1918: Out of bounds read in PDFium * CVE-2025-1919: Out of bounds read in Media * CVE-2025-1921: Inappropriate Implementation in Media Stream * CVE-2025-1922: Inappropriate Implementation in Selection * CVE-2025-1923: Inappropriate Implementation in Permission Prompts The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2025-84 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ E-Mail link for openSUSE-SU-2025:0084-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1238575 SUSE Bug 1238575 https://www.suse.com/security/cve/CVE-2025-1914/ SUSE CVE CVE-2025-1914 page https://www.suse.com/security/cve/CVE-2025-1915/ SUSE CVE CVE-2025-1915 page https://www.suse.com/security/cve/CVE-2025-1916/ SUSE CVE CVE-2025-1916 page https://www.suse.com/security/cve/CVE-2025-1917/ SUSE CVE CVE-2025-1917 page https://www.suse.com/security/cve/CVE-2025-1918/ SUSE CVE CVE-2025-1918 page https://www.suse.com/security/cve/CVE-2025-1919/ SUSE CVE CVE-2025-1919 page https://www.suse.com/security/cve/CVE-2025-1921/ SUSE CVE CVE-2025-1921 page https://www.suse.com/security/cve/CVE-2025-1922/ SUSE CVE CVE-2025-1922 page https://www.suse.com/security/cve/CVE-2025-1923/ SUSE CVE CVE-2025-1923 page SUSE Package Hub 15 SP6 openSUSE Leap 15.6 chromedriver-134.0.6998.35-bp156.2.90.1 chromium-134.0.6998.35-bp156.2.90.1 chromedriver-134.0.6998.35-bp156.2.90.1 as a component of SUSE Package Hub 15 SP6 chromium-134.0.6998.35-bp156.2.90.1 as a component of SUSE Package Hub 15 SP6 chromedriver-134.0.6998.35-bp156.2.90.1 as a component of openSUSE Leap 15.6 chromium-134.0.6998.35-bp156.2.90.1 as a component of openSUSE Leap 15.6 Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2025-1914 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1914.html CVE-2025-1914 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2025-1915 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1915.html CVE-2025-1915 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-1916 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1916.html CVE-2025-1916 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-1917 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1917.html CVE-2025-1917 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) CVE-2025-1918 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1918.html CVE-2025-1918 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-1919 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1919.html CVE-2025-1919 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-1921 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1921.html CVE-2025-1921 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2025-1922 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1922.html CVE-2025-1922 https://bugzilla.suse.com/1238575 SUSE Bug 1238575 Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) CVE-2025-1923 SUSE Package Hub 15 SP6:chromedriver-134.0.6998.35-bp156.2.90.1 SUSE Package Hub 15 SP6:chromium-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromedriver-134.0.6998.35-bp156.2.90.1 openSUSE Leap 15.6:chromium-134.0.6998.35-bp156.2.90.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXNDPKOASMYM2SMWNDENDFTKUIT4CM4A/ https://www.suse.com/security/cve/CVE-2025-1923.html CVE-2025-1923 https://bugzilla.suse.com/1238575 SUSE Bug 1238575