chromedriver-135.0.7049.52-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:14967-1 Final 1 1 2025-04-04T00:00:00Z current 2025-04-04T00:00:00Z 2025-04-04T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-135.0.7049.52-2.1 on GA media These are all security issues fixed in the chromedriver-135.0.7049.52-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-14967 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-3066/ SUSE CVE CVE-2025-3066 page https://www.suse.com/security/cve/CVE-2025-3067/ SUSE CVE CVE-2025-3067 page https://www.suse.com/security/cve/CVE-2025-3068/ SUSE CVE CVE-2025-3068 page https://www.suse.com/security/cve/CVE-2025-3069/ SUSE CVE CVE-2025-3069 page https://www.suse.com/security/cve/CVE-2025-3070/ SUSE CVE CVE-2025-3070 page https://www.suse.com/security/cve/CVE-2025-3071/ SUSE CVE CVE-2025-3071 page https://www.suse.com/security/cve/CVE-2025-3072/ SUSE CVE CVE-2025-3072 page https://www.suse.com/security/cve/CVE-2025-3073/ SUSE CVE CVE-2025-3073 page https://www.suse.com/security/cve/CVE-2025-3074/ SUSE CVE CVE-2025-3074 page openSUSE Tumbleweed chromedriver-135.0.7049.52-2.1 chromium-135.0.7049.52-2.1 chromedriver-135.0.7049.52-2.1 as a component of openSUSE Tumbleweed chromium-135.0.7049.52-2.1 as a component of openSUSE Tumbleweed Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-3066 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3066.html CVE-2025-3066 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) CVE-2025-3067 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3067.html CVE-2025-3067 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-3068 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3068.html CVE-2025-3068 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-3069 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3069.html CVE-2025-3069 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-3070 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3070.html CVE-2025-3070 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) CVE-2025-3071 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3071.html CVE-2025-3071 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2025-3072 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3072.html CVE-2025-3072 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2025-3073 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3073.html CVE-2025-3073 https://bugzilla.suse.com/1240555 SUSE Bug 1240555 Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2025-3074 openSUSE Tumbleweed:chromedriver-135.0.7049.52-2.1 openSUSE Tumbleweed:chromium-135.0.7049.52-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-3074.html CVE-2025-3074 https://bugzilla.suse.com/1240555 SUSE Bug 1240555