Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:20178-1 Final 1 1 2025-12-19T15:36:02Z current 2025-12-19T15:36:02Z 2025-12-19T15:36:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Changes in chromium: Chromium 143.0.7499.146 (boo#1255115): * CVE-2025-14765: Use after free in WebGPU * CVE-2025-14766: Out of bounds read and write in V8 * CVE-2025-14174: Out of bounds memory access in ANGLE The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-60 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1255115 SUSE Bug 1255115 https://www.suse.com/security/cve/CVE-2025-14174/ SUSE CVE CVE-2025-14174 page https://www.suse.com/security/cve/CVE-2025-14765/ SUSE CVE CVE-2025-14765 page https://www.suse.com/security/cve/CVE-2025-14766/ SUSE CVE CVE-2025-14766 page openSUSE Leap 16.0 chromedriver-143.0.7499.109-bp160.1.1 chromium-143.0.7499.109-bp160.1.1 chromedriver-143.0.7499.109-bp160.1.1 as a component of openSUSE Leap 16.0 chromium-143.0.7499.109-bp160.1.1 as a component of openSUSE Leap 16.0 Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2025-14174 openSUSE Leap 16.0:chromedriver-143.0.7499.109-bp160.1.1 openSUSE Leap 16.0:chromium-143.0.7499.109-bp160.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14174.html CVE-2025-14174 https://bugzilla.suse.com/1254776 SUSE Bug 1254776 Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-14765 openSUSE Leap 16.0:chromedriver-143.0.7499.109-bp160.1.1 openSUSE Leap 16.0:chromium-143.0.7499.109-bp160.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14765.html CVE-2025-14765 https://bugzilla.suse.com/1255115 SUSE Bug 1255115 Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-14766 openSUSE Leap 16.0:chromedriver-143.0.7499.109-bp160.1.1 openSUSE Leap 16.0:chromium-143.0.7499.109-bp160.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14766.html CVE-2025-14766 https://bugzilla.suse.com/1255115 SUSE Bug 1255115