openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0145-1 Rating: important References: #1242153 Cross-References: CVE-2025-4050 CVE-2025-4051 CVE-2025-4052 CVE-2025-4096 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 136.0.7103.48 (stable release 2025-04-29) (boo#1242153) * CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 * CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 * CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-1 * CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 - bump esbuild from 0.24.0 to 0.25.1 * Fix incorrect paths in inline source maps (#4070, #4075, #4105) * Fix invalid generated source maps (#4080, #4082, #4104, #4107) * Fix a regression with non-file source map paths (#4078) * Update Go from 1.23.5 to 1.23.7 (#4076, #4077) - Chromium 135.0.7049.114 (stable release 2025-04-22) * stability fixes Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-145=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-136.0.7103.59-bp156.2.113.2 chromium-136.0.7103.59-bp156.2.113.2 References: https://www.suse.com/security/cve/CVE-2025-4050.html https://www.suse.com/security/cve/CVE-2025-4051.html https://www.suse.com/security/cve/CVE-2025-4052.html https://www.suse.com/security/cve/CVE-2025-4096.html https://bugzilla.suse.com/1242153