chromedriver-138.0.7204.96-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16272 Final 1 1 2025-07-03T00:00:00Z current 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-138.0.7204.96-1.1 on GA media These are all security issues fixed in the chromedriver-138.0.7204.96-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16272 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-5063/ SUSE CVE CVE-2025-5063 page https://www.suse.com/security/cve/CVE-2025-5064/ SUSE CVE CVE-2025-5064 page https://www.suse.com/security/cve/CVE-2025-5065/ SUSE CVE CVE-2025-5065 page https://www.suse.com/security/cve/CVE-2025-5066/ SUSE CVE CVE-2025-5066 page https://www.suse.com/security/cve/CVE-2025-5067/ SUSE CVE CVE-2025-5067 page https://www.suse.com/security/cve/CVE-2025-5068/ SUSE CVE CVE-2025-5068 page https://www.suse.com/security/cve/CVE-2025-5280/ SUSE CVE CVE-2025-5280 page https://www.suse.com/security/cve/CVE-2025-5281/ SUSE CVE CVE-2025-5281 page https://www.suse.com/security/cve/CVE-2025-5283/ SUSE CVE CVE-2025-5283 page https://www.suse.com/security/cve/CVE-2025-5419/ SUSE CVE CVE-2025-5419 page https://www.suse.com/security/cve/CVE-2025-5958/ SUSE CVE CVE-2025-5958 page https://www.suse.com/security/cve/CVE-2025-5959/ SUSE CVE CVE-2025-5959 page https://www.suse.com/security/cve/CVE-2025-6191/ SUSE CVE CVE-2025-6191 page https://www.suse.com/security/cve/CVE-2025-6192/ SUSE CVE CVE-2025-6192 page https://www.suse.com/security/cve/CVE-2025-6554/ SUSE CVE CVE-2025-6554 page https://www.suse.com/security/cve/CVE-2025-6555/ SUSE CVE CVE-2025-6555 page https://www.suse.com/security/cve/CVE-2025-6556/ SUSE CVE CVE-2025-6556 page https://www.suse.com/security/cve/CVE-2025-6557/ SUSE CVE CVE-2025-6557 page openSUSE Tumbleweed chromedriver-138.0.7204.96-1.1 chromium-138.0.7204.96-1.1 chromedriver-138.0.7204.96-1.1 as a component of openSUSE Tumbleweed chromium-138.0.7204.96-1.1 as a component of openSUSE Tumbleweed Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-5063 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5063.html CVE-2025-5063 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-5064 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5064.html CVE-2025-5064 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-5065 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5065.html CVE-2025-5065 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-5066 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5066.html CVE-2025-5066 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2025-5067 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5067.html CVE-2025-5067 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-5068 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5068.html CVE-2025-5068 https://bugzilla.suse.com/1244020 SUSE Bug 1244020 Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-5280 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5280.html CVE-2025-5280 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-5281 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5281.html CVE-2025-5281 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-5283 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5283.html CVE-2025-5283 https://bugzilla.suse.com/1243741 SUSE Bug 1243741 Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-5419 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5419.html CVE-2025-5419 https://bugzilla.suse.com/1244020 SUSE Bug 1244020 Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-5958 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5958.html CVE-2025-5958 https://bugzilla.suse.com/1244452 SUSE Bug 1244452 Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVE-2025-5959 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-5959.html CVE-2025-5959 https://bugzilla.suse.com/1244452 SUSE Bug 1244452 Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2025-6191 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6191.html CVE-2025-6191 https://bugzilla.suse.com/1244711 SUSE Bug 1244711 Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-6192 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6192.html CVE-2025-6192 https://bugzilla.suse.com/1244711 SUSE Bug 1244711 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) CVE-2025-6554 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6554.html CVE-2025-6554 https://bugzilla.suse.com/1245544 SUSE Bug 1245544 Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2025-6555 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6555.html CVE-2025-6555 https://bugzilla.suse.com/1245332 SUSE Bug 1245332 Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) CVE-2025-6556 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6556.html CVE-2025-6556 https://bugzilla.suse.com/1245332 SUSE Bug 1245332 Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) CVE-2025-6557 openSUSE Tumbleweed:chromedriver-138.0.7204.96-1.1 openSUSE Tumbleweed:chromium-138.0.7204.96-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6557.html CVE-2025-6557 https://bugzilla.suse.com/1245332 SUSE Bug 1245332