openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2025:0292-1
Rating:             important
References:         #1247661 #1247664 
Cross-References:   CVE-2025-54874 CVE-2025-8576 CVE-2025-8577
                    CVE-2025-8578 CVE-2025-8579 CVE-2025-8580
                    CVE-2025-8581 CVE-2025-8582 CVE-2025-8583
                   
CVSS scores:
                    CVE-2025-54874 (SUSE): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:
                    openSUSE Backports SLE-15-SP6
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   Chromium was updated to fix:

   - CVE-2025-54874 fix missing error check in openjpeg  (bsc#1247661)

   Chromium 139.0.7258.66 (boo#1247664):

     * CVE-2025-8576: Use after free in Extensions
     * CVE-2025-8577: Inappropriate implementation in Picture In Picture
     * CVE-2025-8578: Use after free in Cast
     * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
     * CVE-2025-8580: Inappropriate implementation in Filesystems
     * CVE-2025-8581: Inappropriate implementation in Extensions
     * CVE-2025-8582: Insufficient validation of untrusted input in DOM
     * CVE-2025-8583: Inappropriate implementation in Permissions

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP6:

      zypper in -t patch openSUSE-2025-292=1

Package List:

   - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

      chromedriver-139.0.7258.66-bp156.2.152.1
      chromedriver-debuginfo-139.0.7258.66-bp156.2.152.1
      chromium-139.0.7258.66-bp156.2.152.1
      chromium-debuginfo-139.0.7258.66-bp156.2.152.1

References:

   https://www.suse.com/security/cve/CVE-2025-54874.html
   https://www.suse.com/security/cve/CVE-2025-8576.html
   https://www.suse.com/security/cve/CVE-2025-8577.html
   https://www.suse.com/security/cve/CVE-2025-8578.html
   https://www.suse.com/security/cve/CVE-2025-8579.html
   https://www.suse.com/security/cve/CVE-2025-8580.html
   https://www.suse.com/security/cve/CVE-2025-8581.html
   https://www.suse.com/security/cve/CVE-2025-8582.html
   https://www.suse.com/security/cve/CVE-2025-8583.html
   https://bugzilla.suse.com/1247661
   https://bugzilla.suse.com/1247664