Two important updates for Chromium have been released, addressing vulnerabilities identified as CVE-2025-10200 and CVE-2025-10201, which affect openSUSE Backports SLE-15-SP6 and SLE-15-SP7. These vulnerabilities involve a use-after-free issue in Serviceworker and an inappropriate implementation in Mojo. Users are advised to apply these updates promptly using SUSE's recommended installation methods, such as YaST online_update or "zypper patch".
Similarly, ChromeDriver has also received an update to fix the same vulnerabilities on the GA media of openSUSE Tumbleweed. The update includes the package version chromedriver-140.0.7339.127-1.1, which incorporates the necessary security fixes.
In addition, a separate security update has been issued for Kubo on openSUSE Backports SLE-15-SP7, addressing a vulnerability (CVE-2025-22872) related to DOM construction errors caused by incorrectly interpreted HTML tags. Users should also ensure they install this update to maintain the integrity of their systems.
Extended Information:
To install the updates for Chromium and ChromeDriver, users can execute specific commands tailored to their product versions:- For openSUSE Backports SLE-15-SP6: `zypper in -t patch openSUSE-2025-344=1`
- For openSUSE Backports SLE-15-SP7: `zypper in -t patch openSUSE-2025-343=1`
- For openSUSE Tumbleweed: `zypper in -t patch openSUSE-2025-15548=1`
- For Kubo: `zypper in -t patch openSUSE-2025-347=1`
These vulnerabilities can potentially affect a wide range of devices and applications, emphasizing the need for users to remain vigilant and up-to-date with the latest security patches. The updates not only protect users from known vulnerabilities but also enhance overall system stability and performance.
For further details on the vulnerabilities and updates, users can refer to the official SUSE security pages linked within the announcements. Regularly checking for security updates is crucial for maintaining a secure computing environment
Chromium, ChromeDriver, Kubo updates for SUSE
Two security updates have been released for Chromium, addressing two vulnerabilities (CVE-2025-10200 and CVE-2025-10201) that affect openSUSE Backports SLE-15-SP6 and SLE-15-SP7. Additionally, an update has been released for ChromeDriver on GA media of openSUSE Tumbleweed to fix the same vulnerabilities. A separate security update has also been released for Kubo on openSUSE Backports SLE-15-SP7, addressing a vulnerability (CVE-2025-22872) that can cause incorrect DOM construction.
openSUSE-SU-2025:0344-1: important: Security update for chromium
openSUSE-SU-2025:0343-1: important: Security update for chromium
openSUSE-SU-2025:15548-1: moderate: chromedriver-140.0.7339.127-1.1 on GA media
openSUSE-SU-2025:0347-1: moderate: Security update for kuboChromium, ChromeDriver, Kubo updates for SUSE @ Linux Compatible
