openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0232-1 Rating: important References: #1245332 #1245544 Cross-References: CVE-2025-6554 CVE-2025-6555 CVE-2025-6556 CVE-2025-6557 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: this update for chromium 138.0.7204.96 (stable released 2025-06-30) (boo#1245544) fixes the following issues: * cve-2025-6554: type confusion in v8 * CVE-2025-6555: Use after free in Animation * CVE-2025-6556: Insufficient policy enforcement in Loader * CVE-2025-6557: Insufficient data validation in DevTools Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-232=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): gh-2.74.2-bp157.2.3.1 gh-debuginfo-2.74.2-bp157.2.3.1 gn-0.20250520-bp157.2.3.1 gn-debuginfo-0.20250520-bp157.2.3.1 gn-debugsource-0.20250520-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (aarch64 x86_64): chromedriver-138.0.7204.96-bp157.2.19.1 chromedriver-debuginfo-138.0.7204.96-bp157.2.19.1 chromium-138.0.7204.96-bp157.2.19.1 chromium-debuginfo-138.0.7204.96-bp157.2.19.1 - openSUSE Backports SLE-15-SP7 (noarch): gh-bash-completion-2.74.2-bp157.2.3.1 gh-fish-completion-2.74.2-bp157.2.3.1 gh-zsh-completion-2.74.2-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-6554.html https://www.suse.com/security/cve/CVE-2025-6555.html https://www.suse.com/security/cve/CVE-2025-6556.html https://www.suse.com/security/cve/CVE-2025-6557.html https://bugzilla.suse.com/1245332 https://bugzilla.suse.com/1245544