SUSE alert openSUSE-SU-2025-20008-1 (chromium)
| From: | meissner@suse.com | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2025-20008-1: important: Security update for chromium | |
| Date: | Mon, 10 Nov 2025 17:30:12 +0100 | |
| Message-ID: | <20251110163012.2B95FFBA0@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20008-1 Rating: important References: * bsc#1252881 Cross-References: * CVE-2025-12428 * CVE-2025-12429 * CVE-2025-12430 * CVE-2025-12431 * CVE-2025-12432 * CVE-2025-12433 * CVE-2025-12434 * CVE-2025-12435 * CVE-2025-12436 * CVE-2025-12437 * CVE-2025-12438 * CVE-2025-12439 * CVE-2025-12440 * CVE-2025-12441 * CVE-2025-12443 * CVE-2025-12444 * CVE-2025-12445 * CVE-2025-12446 * CVE-2025-12447 * CVE-2025-54874 CVSS scores: * CVE-2025-54874 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-54874 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 20 vulnerabilities and has one bug fix can now be installed. Description: This update for chromium fixes the following issues: Chromium 142.0.7444.59, the stable channel promotion of 142. Security fixes (boo#1252881): * CVE-2025-12428: Type Confusion in V8 * CVE-2025-12429: Inappropriate implementation in V8 * CVE-2025-12430: Object lifecycle issue in Media * CVE-2025-12431: Inappropriate implementation in Extensions * CVE-2025-12432: Race in V8 * CVE-2025-12433: Inappropriate implementation in V8 * CVE-2025-12434: Race in Storage * CVE-2025-12435: Incorrect security UI in Omnibox * CVE-2025-12436: Policy bypass in Extensions * CVE-2025-12437: Use after free in PageInfo * CVE-2025-12438: Use after free in Ozone * CVE-2025-12439: Inappropriate implementation in App-Bound Encryption * CVE-2025-12440: Inappropriate implementation in Autofill * CVE-2025-12441: Out of bounds read in V8 * CVE-2025-12443: Out of bounds read in WebXR * CVE-2025-12444: Incorrect security UI in Fullscreen UI * CVE-2025-12445: Policy bypass in Extensions * CVE-2025-12446: Incorrect security UI in SplitView * CVE-2025-12447: Incorrect security UI in Omnibox Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-12=1 Package List: - openSUSE Leap 16.0: chromedriver-142.0.7444.59-bp160.1.1 chromium-142.0.7444.59-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2025-12428.html * https://www.suse.com/security/cve/CVE-2025-12429.html * https://www.suse.com/security/cve/CVE-2025-12430.html * https://www.suse.com/security/cve/CVE-2025-12431.html * https://www.suse.com/security/cve/CVE-2025-12432.html * https://www.suse.com/security/cve/CVE-2025-12433.html * https://www.suse.com/security/cve/CVE-2025-12434.html * https://www.suse.com/security/cve/CVE-2025-12435.html * https://www.suse.com/security/cve/CVE-2025-12436.html * https://www.suse.com/security/cve/CVE-2025-12437.html * https://www.suse.com/security/cve/CVE-2025-12438.html * https://www.suse.com/security/cve/CVE-2025-12439.html * https://www.suse.com/security/cve/CVE-2025-12440.html * https://www.suse.com/security/cve/CVE-2025-12441.html * https://www.suse.com/security/cve/CVE-2025-12443.html * https://www.suse.com/security/cve/CVE-2025-12444.html * https://www.suse.com/security/cve/CVE-2025-12445.html * https://www.suse.com/security/cve/CVE-2025-12446.html * https://www.suse.com/security/cve/CVE-2025-12447.html * https://www.suse.com/security/cve/CVE-2025-54874.html