openSUSE-SU-2025:0115-1: important: Security update for chromium, gn
openSUSE-SU-2025:0115-1: important: Security update for chromium, gn
openSUSE Security Update: Security update for chromium, gn
_______________________________
Announcement ID: openSUSE-SU-2025:0115-1
Rating: important
References: #1240555
Cross-References: CVE-2025-3066 CVE-2025-3067 CVE-2025-3068
CVE-2025-3069 CVE-2025-3070 CVE-2025-3071
CVE-2025-3072 CVE-2025-3073 CVE-2025-3074
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for chromium, gn fixes the following issues:
Changes in chromium:
- Chromium 135.0.7049.52 (stable release 2025-04-01) (boo#1240555)
* CVE-2025-3066: Use after free in Navigations
* CVE-2025-3067: Inappropriate implementation in Custom Tabs
* CVE-2025-3068: Inappropriate implementation in Intents
* CVE-2025-3069: Inappropriate implementation in Extensions
* CVE-2025-3070: Insufficient validation of untrusted input in Extensions
* CVE-2025-3071: Inappropriate implementation in Navigations
* CVE-2025-3072: Inappropriate implementation in Custom Tabs
* CVE-2025-3073: Inappropriate implementation in Autofill
* CVE-2025-3074: Inappropriate implementation in Downloads
Changes in gn:
- Update to version 0.20250306:
* Remove deps from rust executable to module's pcm files
* Update test for rust executable deps
* Add toolchain for cxx modules in TestWithScope
* Apply the latest clang-format
* Update reference for {rustdeps}
* Always generate a .toolchain file even if it is empty.
* Pass --with-lg-page=16 when building jemalloc for arm64.
* Remove obsolete debug checks.
* Make default vs ide version on Windows as 2022
* Reland "Adds a path_exists() function"
* Revert "Adds a path_exists() function"
* Adds a path_exists() function
* Revert "Speed-up GN with custom OutputStream interface."
* Speed-up GN with custom OutputStream interface.
* Add `exec_script_allowlist` to replace `exec_script_whitelist`.
* Retry ReplaceFile in case of failure
* Fix crash when NinjaBuildWriter::RunAndWriteFile fails
* fix include for escape.h
* fix exit code for gn gen failure
* misc: Use html.escape instead of cgi.escape
* Do not copy parent build_dependency_files_ in Scope constructors.
* Improve error message for duplicated items
* [rust-project] Always use forward slashes in sysroot paths
* Update all_dependent_configs docs.
* set 'no_stamp_files' by default
* fix a typo
* Stop using transitional LFS64 APIs
* do not use tool prefix for phony rule
* [rust] Add sysroot_src to rust-project.json
* Implement and enable 'no_stamp_files'
* Add Target::dependency_output_alias()
* Add "outputs" to generated_file documentation.
* Update bug database link.
* remove a trailing space after variable bindings
* fix tool name in error
* remove unused includes
* Markdown optimization (follow-up)
* Support link_output, depend_output in Rust linked tools.
* Properly verify runtime_outputs in rust tool definitions.
* BugFix: Syntax error in gen.py file
* generated_file: add output to input deps of stamp
* Markdown optimization:
* Revert "Rust: link_output, depend_output and runtime_outputs for
dylibs"
* hint using nogncheck on disallowed includes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-115=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
gn-0.20250306-bp156.2.6.1
gn-debuginfo-0.20250306-bp156.2.6.1
gn-debugsource-0.20250306-bp156.2.6.1
- openSUSE Backports SLE-15-SP6 (aarch64 x86_64):
chromedriver-135.0.7049.52-bp156.2.102.2
chromium-135.0.7049.52-bp156.2.102.2
References:
https://www.suse.com/security/cve/CVE-2025-3066.html
https://www.suse.com/security/cve/CVE-2025-3067.html
https://www.suse.com/security/cve/CVE-2025-3068.html
https://www.suse.com/security/cve/CVE-2025-3069.html
https://www.suse.com/security/cve/CVE-2025-3070.html
https://www.suse.com/security/cve/CVE-2025-3071.html
https://www.suse.com/security/cve/CVE-2025-3072.html
https://www.suse.com/security/cve/CVE-2025-3073.html
https://www.suse.com/security/cve/CVE-2025-3074.html
https://bugzilla.suse.com/1240555
