Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-1920 (GCVE-0-2025-1920)
Vulnerability from cvelistv5
Published
2025-03-10 20:39
Modified
2025-03-12 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Type Confusion
Summary
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:38.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "134.0.6998.88",
"status": "affected",
"version": "134.0.6998.88",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T20:39:16.505Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html"
},
{
"url": "https://issues.chromium.org/issues/398065918"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-1920",
"datePublished": "2025-03-10T20:39:16.505Z",
"dateReserved": "2025-03-04T01:05:43.465Z",
"dateUpdated": "2025-03-12T04:00:38.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-1920\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2025-03-10T21:15:40.280\",\"lastModified\":\"2025-04-07T18:54:46.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 134.0.6998.88 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"chrome-cve-admin@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"134.0.6998.88\",\"matchCriteriaId\":\"71424862-226B-44F2-9AD1-01ACF6021C9D\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/398065918\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1920\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-11T02:24:02.856900Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-11T02:24:33.785Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"134.0.6998.88\", \"lessThan\": \"134.0.6998.88\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html\"}, {\"url\": \"https://issues.chromium.org/issues/398065918\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-843\", \"description\": \"Type Confusion\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2025-03-10T20:39:16.505Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-1920\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T02:24:45.466Z\", \"dateReserved\": \"2025-03-04T01:05:43.465Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2025-03-10T20:39:16.505Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
opensuse-su-2025:14888-1
Vulnerability from csaf_opensuse
Published
2025-03-13 00:00
Modified
2025-03-13 00:00
Summary
chromedriver-134.0.6998.88-1.1 on GA media
Notes
Title of the patch
chromedriver-134.0.6998.88-1.1 on GA media
Description of the patch
These are all security issues fixed in the chromedriver-134.0.6998.88-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14888
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "chromedriver-134.0.6998.88-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the chromedriver-134.0.6998.88-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14888",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14888-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14888-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RWBUVBTHRK27VE353OCMA3QUHYKSCJOM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14888-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RWBUVBTHRK27VE353OCMA3QUHYKSCJOM/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2137 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2137/"
}
],
"title": "chromedriver-134.0.6998.88-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-13T00:00:00Z",
"generator": {
"date": "2025-03-13T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14888-1",
"initial_release_date": "2025-03-13T00:00:00Z",
"revision_history": [
{
"date": "2025-03-13T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-134.0.6998.88-1.1.aarch64",
"product": {
"name": "chromedriver-134.0.6998.88-1.1.aarch64",
"product_id": "chromedriver-134.0.6998.88-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-134.0.6998.88-1.1.aarch64",
"product": {
"name": "chromium-134.0.6998.88-1.1.aarch64",
"product_id": "chromium-134.0.6998.88-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-134.0.6998.88-1.1.ppc64le",
"product": {
"name": "chromedriver-134.0.6998.88-1.1.ppc64le",
"product_id": "chromedriver-134.0.6998.88-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chromium-134.0.6998.88-1.1.ppc64le",
"product": {
"name": "chromium-134.0.6998.88-1.1.ppc64le",
"product_id": "chromium-134.0.6998.88-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-134.0.6998.88-1.1.s390x",
"product": {
"name": "chromedriver-134.0.6998.88-1.1.s390x",
"product_id": "chromedriver-134.0.6998.88-1.1.s390x"
}
},
{
"category": "product_version",
"name": "chromium-134.0.6998.88-1.1.s390x",
"product": {
"name": "chromium-134.0.6998.88-1.1.s390x",
"product_id": "chromium-134.0.6998.88-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-134.0.6998.88-1.1.x86_64",
"product": {
"name": "chromedriver-134.0.6998.88-1.1.x86_64",
"product_id": "chromedriver-134.0.6998.88-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-134.0.6998.88-1.1.x86_64",
"product": {
"name": "chromium-134.0.6998.88-1.1.x86_64",
"product_id": "chromium-134.0.6998.88-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64"
},
"product_reference": "chromedriver-134.0.6998.88-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le"
},
"product_reference": "chromedriver-134.0.6998.88-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x"
},
"product_reference": "chromedriver-134.0.6998.88-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64"
},
"product_reference": "chromedriver-134.0.6998.88-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64"
},
"product_reference": "chromium-134.0.6998.88-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le"
},
"product_reference": "chromium-134.0.6998.88-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x"
},
"product_reference": "chromium-134.0.6998.88-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
},
"product_reference": "chromium-134.0.6998.88-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1920"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1920",
"url": "https://www.suse.com/security/cve/CVE-2025-1920"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-1920",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-1920"
},
{
"cve": "CVE-2025-2135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2135"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2135",
"url": "https://www.suse.com/security/cve/CVE-2025-2135"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-2135",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-2135"
},
{
"cve": "CVE-2025-2136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2136"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2136",
"url": "https://www.suse.com/security/cve/CVE-2025-2136"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-2136",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-2136"
},
{
"cve": "CVE-2025-2137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2137"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2137",
"url": "https://www.suse.com/security/cve/CVE-2025-2137"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-2137",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-134.0.6998.88-1.1.x86_64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.aarch64",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.s390x",
"openSUSE Tumbleweed:chromium-134.0.6998.88-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-2137"
}
]
}
opensuse-su-2025:0089-1
Vulnerability from csaf_opensuse
Published
2025-03-12 17:29
Modified
2025-03-12 17:29
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium fixes the following issues:
Chromium 134.0.6998.88 (stable released 2025-03-11) (boo#1239216)
* CVE-2025-1920: Type Confusion in V8
* CVE-2025-2135: Type Confusion in V8
* CVE-2025-2136: Use after free in Inspector
* CVE-2025-2137: Out of bounds read in V8
Patchnames
openSUSE-2025-89
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium 134.0.6998.88 (stable released 2025-03-11) (boo#1239216)\n\n * CVE-2025-1920: Type Confusion in V8\n * CVE-2025-2135: Type Confusion in V8\n * CVE-2025-2136: Use after free in Inspector\n * CVE-2025-2137: Out of bounds read in V8\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2025-89",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_0089-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:0089-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IUJOIGA32OMEEIDD5K4DHA5H5SKVHFCA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:0089-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IUJOIGA32OMEEIDD5K4DHA5H5SKVHFCA/"
},
{
"category": "self",
"summary": "SUSE Bug 1239216",
"url": "https://bugzilla.suse.com/1239216"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2137 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2137/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2025-03-12T17:29:57Z",
"generator": {
"date": "2025-03-12T17:29:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:0089-1",
"initial_release_date": "2025-03-12T17:29:57Z",
"revision_history": [
{
"date": "2025-03-12T17:29:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"product": {
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"product_id": "chromedriver-134.0.6998.88-bp156.2.93.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"product": {
"name": "chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"product_id": "chromium-134.0.6998.88-bp156.2.93.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"product": {
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"product_id": "chromedriver-134.0.6998.88-bp156.2.93.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"product": {
"name": "chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"product_id": "chromium-134.0.6998.88-bp156.2.93.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP6",
"product": {
"name": "SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64"
},
"product_reference": "chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64"
},
"product_reference": "chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-bp156.2.93.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64"
},
"product_reference": "chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-bp156.2.93.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
},
"product_reference": "chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64"
},
"product_reference": "chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-134.0.6998.88-bp156.2.93.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64"
},
"product_reference": "chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-bp156.2.93.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64"
},
"product_reference": "chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-134.0.6998.88-bp156.2.93.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
},
"product_reference": "chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1920"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1920",
"url": "https://www.suse.com/security/cve/CVE-2025-1920"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-1920",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T17:29:57Z",
"details": "important"
}
],
"title": "CVE-2025-1920"
},
{
"cve": "CVE-2025-2135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2135"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2135",
"url": "https://www.suse.com/security/cve/CVE-2025-2135"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-2135",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T17:29:57Z",
"details": "important"
}
],
"title": "CVE-2025-2135"
},
{
"cve": "CVE-2025-2136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2136"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2136",
"url": "https://www.suse.com/security/cve/CVE-2025-2136"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-2136",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T17:29:57Z",
"details": "important"
}
],
"title": "CVE-2025-2136"
},
{
"cve": "CVE-2025-2137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2137"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2137",
"url": "https://www.suse.com/security/cve/CVE-2025-2137"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-2137",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"SUSE Package Hub 15 SP6:chromium-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromedriver-134.0.6998.88-bp156.2.93.1.x86_64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.aarch64",
"openSUSE Leap 15.6:chromium-134.0.6998.88-bp156.2.93.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T17:29:57Z",
"details": "important"
}
],
"title": "CVE-2025-2137"
}
]
}
opensuse-su-2025:14917-1
Vulnerability from csaf_opensuse
Published
2025-03-21 00:00
Modified
2025-03-21 00:00
Summary
nodejs-electron-33.4.6-1.1 on GA media
Notes
Title of the patch
nodejs-electron-33.4.6-1.1 on GA media
Description of the patch
These are all security issues fixed in the nodejs-electron-33.4.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14917
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "nodejs-electron-33.4.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the nodejs-electron-33.4.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14917",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14917-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14917-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XF57QE77J5QKQPBSWJDAHE7A2Z4Q5QZW/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14917-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XF57QE77J5QKQPBSWJDAHE7A2Z4Q5QZW/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1920/"
}
],
"title": "nodejs-electron-33.4.6-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-21T00:00:00Z",
"generator": {
"date": "2025-03-21T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14917-1",
"initial_release_date": "2025-03-21T00:00:00Z",
"revision_history": [
{
"date": "2025-03-21T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs-electron-33.4.6-1.1.aarch64",
"product": {
"name": "nodejs-electron-33.4.6-1.1.aarch64",
"product_id": "nodejs-electron-33.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs-electron-devel-33.4.6-1.1.aarch64",
"product": {
"name": "nodejs-electron-devel-33.4.6-1.1.aarch64",
"product_id": "nodejs-electron-devel-33.4.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs-electron-doc-33.4.6-1.1.aarch64",
"product": {
"name": "nodejs-electron-doc-33.4.6-1.1.aarch64",
"product_id": "nodejs-electron-doc-33.4.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-electron-33.4.6-1.1.ppc64le",
"product": {
"name": "nodejs-electron-33.4.6-1.1.ppc64le",
"product_id": "nodejs-electron-33.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs-electron-devel-33.4.6-1.1.ppc64le",
"product": {
"name": "nodejs-electron-devel-33.4.6-1.1.ppc64le",
"product_id": "nodejs-electron-devel-33.4.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs-electron-doc-33.4.6-1.1.ppc64le",
"product": {
"name": "nodejs-electron-doc-33.4.6-1.1.ppc64le",
"product_id": "nodejs-electron-doc-33.4.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-electron-33.4.6-1.1.s390x",
"product": {
"name": "nodejs-electron-33.4.6-1.1.s390x",
"product_id": "nodejs-electron-33.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs-electron-devel-33.4.6-1.1.s390x",
"product": {
"name": "nodejs-electron-devel-33.4.6-1.1.s390x",
"product_id": "nodejs-electron-devel-33.4.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs-electron-doc-33.4.6-1.1.s390x",
"product": {
"name": "nodejs-electron-doc-33.4.6-1.1.s390x",
"product_id": "nodejs-electron-doc-33.4.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-electron-33.4.6-1.1.x86_64",
"product": {
"name": "nodejs-electron-33.4.6-1.1.x86_64",
"product_id": "nodejs-electron-33.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs-electron-devel-33.4.6-1.1.x86_64",
"product": {
"name": "nodejs-electron-devel-33.4.6-1.1.x86_64",
"product_id": "nodejs-electron-devel-33.4.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs-electron-doc-33.4.6-1.1.x86_64",
"product": {
"name": "nodejs-electron-doc-33.4.6-1.1.x86_64",
"product_id": "nodejs-electron-doc-33.4.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-33.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.aarch64"
},
"product_reference": "nodejs-electron-33.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-33.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.ppc64le"
},
"product_reference": "nodejs-electron-33.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-33.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.s390x"
},
"product_reference": "nodejs-electron-33.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-33.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.x86_64"
},
"product_reference": "nodejs-electron-33.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-devel-33.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.aarch64"
},
"product_reference": "nodejs-electron-devel-33.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-devel-33.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.ppc64le"
},
"product_reference": "nodejs-electron-devel-33.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-devel-33.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.s390x"
},
"product_reference": "nodejs-electron-devel-33.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-devel-33.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.x86_64"
},
"product_reference": "nodejs-electron-devel-33.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-doc-33.4.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.aarch64"
},
"product_reference": "nodejs-electron-doc-33.4.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-doc-33.4.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.ppc64le"
},
"product_reference": "nodejs-electron-doc-33.4.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-doc-33.4.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.s390x"
},
"product_reference": "nodejs-electron-doc-33.4.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-doc-33.4.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.x86_64"
},
"product_reference": "nodejs-electron-doc-33.4.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1920"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.aarch64",
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.s390x",
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.x86_64",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.aarch64",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.s390x",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.x86_64",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.aarch64",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.s390x",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1920",
"url": "https://www.suse.com/security/cve/CVE-2025-1920"
},
{
"category": "external",
"summary": "SUSE Bug 1239216 for CVE-2025-1920",
"url": "https://bugzilla.suse.com/1239216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.aarch64",
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.s390x",
"openSUSE Tumbleweed:nodejs-electron-33.4.6-1.1.x86_64",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.aarch64",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.s390x",
"openSUSE Tumbleweed:nodejs-electron-devel-33.4.6-1.1.x86_64",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.aarch64",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.s390x",
"openSUSE Tumbleweed:nodejs-electron-doc-33.4.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-1920"
}
]
}
wid-sec-w-2025-0515
Vulnerability from csaf_certbund
Published
2025-03-10 23:00
Modified
2025-07-08 22:00
Summary
Google Chrome und Microsoft Edge: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Web Browser von Microsoft.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome und Microsoft Edge ausnutzen, um einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen preiszugeben und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Web Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome und Microsoft Edge ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen preiszugeben und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0515 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0515.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0515 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0515"
},
{
"category": "external",
"summary": "Google Chrome Stable Channel Update vom 2025-03-10",
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html"
},
{
"category": "external",
"summary": "Cybersecuritynews Artikel vom 2025-03-11",
"url": "https://cybersecuritynews.com/patch-for-multiple-high-severity-vulnerabilities/"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2025-03-12",
"url": "https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-D5935F40AF vom 2025-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d5935f40af"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5877 vom 2025-03-12",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00039.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0089-1 vom 2025-03-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IUJOIGA32OMEEIDD5K4DHA5H5SKVHFCA/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-E114FFCACA vom 2025-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e114ffcaca"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-8FDC09E745 vom 2025-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-8fdc09e745"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-6EAD1A3665 vom 2025-03-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-6ead1a3665"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14888-1 vom 2025-03-14",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RWBUVBTHRK27VE353OCMA3QUHYKSCJOM/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-6B9CBDBDFF vom 2025-03-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-6b9cbdbdff"
},
{
"category": "external",
"summary": "Elastic Security Announcement ESA-2025-09 vom 2025-06-24",
"url": "https://discuss.elastic.co/t/kibana-7-17-29-8-17-8-8-18-3-9-0-3-security-update-esa-2025-09/379443"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202507-07 vom 2025-07-09",
"url": "https://security.gentoo.org/glsa/202507-07"
}
],
"source_lang": "en-US",
"title": "Google Chrome und Microsoft Edge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-08T22:00:00.000+00:00",
"generator": {
"date": "2025-07-09T06:01:26.168+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0515",
"initial_release_date": "2025-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Microsoft aufgenommen; CVE-2025-24201 aktiv ausgenutzt"
},
{
"date": "2025-03-16T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE und Fedora aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Elastic aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Windows \u003c134.0.6998.88/.89",
"product": {
"name": "Google Chrome Windows \u003c134.0.6998.88/.89",
"product_id": "T041703"
}
},
{
"category": "product_version",
"name": "Windows 134.0.6998.88/.89",
"product": {
"name": "Google Chrome Windows 134.0.6998.88/.89",
"product_id": "T041703-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:windows__134.0.6998.88.89"
}
}
},
{
"category": "product_version_range",
"name": "Mac \u003c134.0.6998.88/.89",
"product": {
"name": "Google Chrome Mac \u003c134.0.6998.88/.89",
"product_id": "T041704"
}
},
{
"category": "product_version",
"name": "Mac 134.0.6998.88/.89",
"product": {
"name": "Google Chrome Mac 134.0.6998.88/.89",
"product_id": "T041704-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:mac__134.0.6998.88.89"
}
}
},
{
"category": "product_version_range",
"name": "Linux \u003c134.0.6998.88",
"product": {
"name": "Google Chrome Linux \u003c134.0.6998.88",
"product_id": "T041705"
}
},
{
"category": "product_version",
"name": "Linux 134.0.6998.88",
"product": {
"name": "Google Chrome Linux 134.0.6998.88",
"product_id": "T041705-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:linux__134.0.6998.88"
}
}
}
],
"category": "product_name",
"name": "Chrome"
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c134.0.3124.62",
"product": {
"name": "Microsoft Edge \u003c134.0.3124.62",
"product_id": "T041812"
}
},
{
"category": "product_version",
"name": "134.0.3124.62",
"product": {
"name": "Microsoft Edge 134.0.3124.62",
"product_id": "T041812-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:134.0.3124.62"
}
}
},
{
"category": "product_version_range",
"name": "\u003c134.0.3124.66",
"product": {
"name": "Microsoft Edge \u003c134.0.3124.66",
"product_id": "T041813"
}
},
{
"category": "product_version",
"name": "134.0.3124.66",
"product": {
"name": "Microsoft Edge 134.0.3124.66",
"product_id": "T041813-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:134.0.3124.66"
}
}
}
],
"category": "product_name",
"name": "Edge"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.17.29",
"product": {
"name": "Open Source Kibana \u003c7.17.29",
"product_id": "T044807"
}
},
{
"category": "product_version",
"name": "7.17.29",
"product": {
"name": "Open Source Kibana 7.17.29",
"product_id": "T044807-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:kibana:7.17.29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.17.8",
"product": {
"name": "Open Source Kibana \u003c8.17.8",
"product_id": "T044808"
}
},
{
"category": "product_version",
"name": "8.17.8",
"product": {
"name": "Open Source Kibana 8.17.8",
"product_id": "T044808-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:kibana:8.17.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.18.3",
"product": {
"name": "Open Source Kibana \u003c8.18.3",
"product_id": "T044809"
}
},
{
"category": "product_version",
"name": "8.18.3",
"product": {
"name": "Open Source Kibana 8.18.3",
"product_id": "T044809-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:kibana:8.18.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.3",
"product": {
"name": "Open Source Kibana \u003c9.0.3",
"product_id": "T044810"
}
},
{
"category": "product_version",
"name": "9.0.3",
"product": {
"name": "Open Source Kibana 9.0.3",
"product_id": "T044810-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:kibana:9.0.3"
}
}
}
],
"category": "product_name",
"name": "Kibana"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1920",
"product_status": {
"known_affected": [
"T041705",
"T041704",
"T041703",
"T041813",
"T041812",
"T044807",
"T012167",
"T044809",
"T044808",
"74185",
"T044810",
"2951",
"T027843"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-1920"
},
{
"cve": "CVE-2025-2135",
"product_status": {
"known_affected": [
"T041705",
"T041704",
"T041703",
"T041813",
"T041812",
"T044807",
"T012167",
"T044809",
"T044808",
"74185",
"T044810",
"2951",
"T027843"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-2135"
},
{
"cve": "CVE-2025-2136",
"product_status": {
"known_affected": [
"T041705",
"T041704",
"T041703",
"T041813",
"T041812",
"T044807",
"T012167",
"T044809",
"T044808",
"74185",
"T044810",
"2951",
"T027843"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-2136"
},
{
"cve": "CVE-2025-2137",
"product_status": {
"known_affected": [
"T041705",
"T041704",
"T041703",
"T041813",
"T041812",
"T044807",
"T012167",
"T044809",
"T044808",
"74185",
"T044810",
"2951",
"T027843"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-2137"
},
{
"cve": "CVE-2025-24201",
"product_status": {
"known_affected": [
"T044810",
"2951",
"T041705",
"T041704",
"T041703",
"T041812",
"T027843",
"T044807",
"T012167",
"T044809",
"T044808",
"74185"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-24201"
}
]
}
fkie_cve-2025-1920
Vulnerability from fkie_nvd
Published
2025-03-10 21:15
Modified
2025-04-07 18:54
Severity ?
Summary
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html | Release Notes | |
| chrome-cve-admin@google.com | https://issues.chromium.org/issues/398065918 | Issue Tracking, Permissions Required |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71424862-226B-44F2-9AD1-01ACF6021C9D",
"versionEndExcluding": "134.0.6998.88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 134.0.6998.88 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)"
}
],
"id": "CVE-2025-1920",
"lastModified": "2025-04-07T18:54:46.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-10T21:15:40.280",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://issues.chromium.org/issues/398065918"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "chrome-cve-admin@google.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-fhwv-7gx3-h767
Vulnerability from github
Published
2025-03-10 21:31
Modified
2025-03-11 03:30
Severity ?
VLAI Severity ?
Details
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-1920"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-10T21:15:40Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-fhwv-7gx3-h767",
"modified": "2025-03-11T03:30:49Z",
"published": "2025-03-10T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1920"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/398065918"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…