Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:0145-1 Final 1 1 2025-05-06T06:05:59Z current 2025-05-06T06:05:59Z 2025-05-06T06:05:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: - Chromium 136.0.7103.48 (stable release 2025-04-29) (boo#1242153) * CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 * CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 * CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-1 * CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 - bump esbuild from 0.24.0 to 0.25.1 * Fix incorrect paths in inline source maps (#4070, #4075, #4105) * Fix invalid generated source maps (#4080, #4082, #4104, #4107) * Fix a regression with non-file source map paths (#4078) * Update Go from 1.23.5 to 1.23.7 (#4076, #4077) - Chromium 135.0.7049.114 (stable release 2025-04-22) * stability fixes The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2025-145 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IHE6M4AT6OVVDTRDDU6SOI4R4QJUUUFP/ E-Mail link for openSUSE-SU-2025:0145-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1242153 SUSE Bug 1242153 https://www.suse.com/security/cve/CVE-2025-4050/ SUSE CVE CVE-2025-4050 page https://www.suse.com/security/cve/CVE-2025-4051/ SUSE CVE CVE-2025-4051 page https://www.suse.com/security/cve/CVE-2025-4052/ SUSE CVE CVE-2025-4052 page https://www.suse.com/security/cve/CVE-2025-4096/ SUSE CVE CVE-2025-4096 page SUSE Package Hub 15 SP6 openSUSE Leap 15.6 chromedriver-136.0.7103.59-bp156.2.113.2 chromium-136.0.7103.59-bp156.2.113.2 chromedriver-136.0.7103.59-bp156.2.113.2 as a component of SUSE Package Hub 15 SP6 chromium-136.0.7103.59-bp156.2.113.2 as a component of SUSE Package Hub 15 SP6 chromedriver-136.0.7103.59-bp156.2.113.2 as a component of openSUSE Leap 15.6 chromium-136.0.7103.59-bp156.2.113.2 as a component of openSUSE Leap 15.6 Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-4050 SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2 SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IHE6M4AT6OVVDTRDDU6SOI4R4QJUUUFP/ https://www.suse.com/security/cve/CVE-2025-4050.html CVE-2025-4050 https://bugzilla.suse.com/1242153 SUSE Bug 1242153 Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-4051 SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2 SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IHE6M4AT6OVVDTRDDU6SOI4R4QJUUUFP/ https://www.suse.com/security/cve/CVE-2025-4051.html CVE-2025-4051 https://bugzilla.suse.com/1242153 SUSE Bug 1242153 Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) CVE-2025-4052 SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2 SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IHE6M4AT6OVVDTRDDU6SOI4R4QJUUUFP/ https://www.suse.com/security/cve/CVE-2025-4052.html CVE-2025-4052 https://bugzilla.suse.com/1242153 SUSE Bug 1242153 Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-4096 SUSE Package Hub 15 SP6:chromedriver-136.0.7103.59-bp156.2.113.2 SUSE Package Hub 15 SP6:chromium-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromedriver-136.0.7103.59-bp156.2.113.2 openSUSE Leap 15.6:chromium-136.0.7103.59-bp156.2.113.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IHE6M4AT6OVVDTRDDU6SOI4R4QJUUUFP/ https://www.suse.com/security/cve/CVE-2025-4096.html CVE-2025-4096 https://bugzilla.suse.com/1242153 SUSE Bug 1242153