openSUSE-SU-2025:0018-1

Chromium 132.0.6834.83 (stable released 2024-01-14) (boo#1235892)
- CVE-2025-0434: Out of bounds memory access in V8
- CVE-2025-0435: Inappropriate implementation in Navigation
- CVE-2025-0436: Integer overflow in Skia
- CVE-2025-0437: Out of bounds read in Metrics
- CVE-2025-0438: Stack buffer overflow in Tracing
- CVE-2025-0439: Race in Frames
- CVE-2025-0440: Inappropriate implementation in Fullscreen
- CVE-2025-0441: Inappropriate implementation in Fenced Frames
- CVE-2025-0442: Inappropriate implementation in Payments
- CVE-2025-0443: Insufficient data validation in Extensions
- CVE-2025-0446: Inappropriate implementation in Extensions
- CVE-2025-0447: Inappropriate implementation in Navigation
- CVE-2025-0448: Inappropriate implementation in Compositing
update esbuild to 0.24.0
- drop old tarball
- use upstream release tarball for 0.24.0
- add vendor tarball for golang.org/x/sys
add to keeplibs: thirdparty/libtess2 thirdparty/devtools-frontend/src/node_modules/fast-glob

References

Affected packages

SUSE:Package Hub 15 SP6 / chromium

Package

Name: chromium
Purl: pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

132.0.6834.83-bp156.2.69.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "132.0.6834.83-bp156.2.69.1",
            "chromium": "132.0.6834.83-bp156.2.69.1"
        }
    ]
}

openSUSE:Leap 15.6 / chromium

Package

Name: chromium
Purl: pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

132.0.6834.83-bp156.2.69.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "132.0.6834.83-bp156.2.69.1",
            "chromium": "132.0.6834.83-bp156.2.69.1"
        }
    ]
}