chromedriver-132.0.6834.83-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15721 Final 1 1 2025-01-17T00:00:00Z current 2025-01-17T00:00:00Z 2025-01-17T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-132.0.6834.83-1.1 on GA media These are all security issues fixed in the chromedriver-132.0.6834.83-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15721 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-0434/ SUSE CVE CVE-2025-0434 page https://www.suse.com/security/cve/CVE-2025-0435/ SUSE CVE CVE-2025-0435 page https://www.suse.com/security/cve/CVE-2025-0436/ SUSE CVE CVE-2025-0436 page https://www.suse.com/security/cve/CVE-2025-0437/ SUSE CVE CVE-2025-0437 page https://www.suse.com/security/cve/CVE-2025-0438/ SUSE CVE CVE-2025-0438 page https://www.suse.com/security/cve/CVE-2025-0439/ SUSE CVE CVE-2025-0439 page https://www.suse.com/security/cve/CVE-2025-0440/ SUSE CVE CVE-2025-0440 page https://www.suse.com/security/cve/CVE-2025-0441/ SUSE CVE CVE-2025-0441 page https://www.suse.com/security/cve/CVE-2025-0442/ SUSE CVE CVE-2025-0442 page https://www.suse.com/security/cve/CVE-2025-0443/ SUSE CVE CVE-2025-0443 page https://www.suse.com/security/cve/CVE-2025-0446/ SUSE CVE CVE-2025-0446 page https://www.suse.com/security/cve/CVE-2025-0447/ SUSE CVE CVE-2025-0447 page https://www.suse.com/security/cve/CVE-2025-0448/ SUSE CVE CVE-2025-0448 page openSUSE Tumbleweed chromedriver-132.0.6834.83-1.1 chromium-132.0.6834.83-1.1 chromedriver-132.0.6834.83-1.1 as a component of openSUSE Tumbleweed chromium-132.0.6834.83-1.1 as a component of openSUSE Tumbleweed Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-0434 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0434.html CVE-2025-0434 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) CVE-2025-0435 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0435.html CVE-2025-0435 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-0436 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0436.html CVE-2025-0436 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-0437 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0437.html CVE-2025-0437 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-0438 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0438.html CVE-2025-0438 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-0439 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0439.html CVE-2025-0439 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-0440 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0440.html CVE-2025-0440 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-0441 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0441.html CVE-2025-0441 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-0442 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0442.html CVE-2025-0442 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-0443 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0443.html CVE-2025-0443 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) CVE-2025-0446 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0446.html CVE-2025-0446 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) CVE-2025-0447 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0447.html CVE-2025-0447 https://bugzilla.suse.com/1235892 SUSE Bug 1235892 Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2025-0448 openSUSE Tumbleweed:chromedriver-132.0.6834.83-1.1 openSUSE Tumbleweed:chromium-132.0.6834.83-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0448.html CVE-2025-0448 https://bugzilla.suse.com/1235892 SUSE Bug 1235892