Chromium, ChromeDriver, Kubo updates for SUSE

SUSE 5495 Published 2025-09-14 08:15 by Philipp Esselbach

News

Two security updates have been released for Chromium, addressing two vulnerabilities (CVE-2025-10200 and CVE-2025-10201) that affect openSUSE Backports SLE-15-SP6 and SLE-15-SP7. Additionally, an update has been released for ChromeDriver on GA media of openSUSE Tumbleweed to fix the same vulnerabilities. A separate security update has also been released for Kubo on openSUSE Backports SLE-15-SP7, addressing a vulnerability (CVE-2025-22872) that can cause incorrect DOM construction.

openSUSE-SU-2025:0344-1: important: Security update for chromium
openSUSE-SU-2025:0343-1: important: Security update for chromium
openSUSE-SU-2025:15548-1: moderate: chromedriver-140.0.7339.127-1.1 on GA media
openSUSE-SU-2025:0347-1: moderate: Security update for kubo

openSUSE-SU-2025:0344-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0344-1
Rating: important
References: #1249388
Cross-References: CVE-2025-10200 CVE-2025-10201
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 140.0.7339.127 (boo#1249388)
* CVE-2025-10200: Use after free in Serviceworker
* CVE-2025-10201: Inappropriate implementation in Mojo

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-344=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 x86_64):

chromedriver-140.0.7339.127-bp156.2.167.1
chromium-140.0.7339.127-bp156.2.167.1

References:

https://www.suse.com/security/cve/CVE-2025-10200.html
https://www.suse.com/security/cve/CVE-2025-10201.html
https://bugzilla.suse.com/1249388

openSUSE-SU-2025:0343-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2025:0343-1
Rating: important
References: #1249388
Cross-References: CVE-2025-10200 CVE-2025-10201
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 140.0.7339.127 (boo#1249388)
* CVE-2025-10200: Use after free in Serviceworker
* CVE-2025-10201: Inappropriate implementation in Mojo

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-343=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 x86_64):

chromedriver-140.0.7339.127-bp157.2.49.1
chromium-140.0.7339.127-bp157.2.49.1

References:

https://www.suse.com/security/cve/CVE-2025-10200.html
https://www.suse.com/security/cve/CVE-2025-10201.html
https://bugzilla.suse.com/1249388

openSUSE-SU-2025:15548-1: moderate: chromedriver-140.0.7339.127-1.1 on GA media

# chromedriver-140.0.7339.127-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15548-1
Rating: moderate

Cross-References:

* CVE-2025-10200
* CVE-2025-10201

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-140.0.7339.127-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 140.0.7339.127-1.1
* chromium 140.0.7339.127-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-10200.html
* https://www.suse.com/security/cve/CVE-2025-10201.html

openSUSE-SU-2025:0347-1: moderate: Security update for kubo

openSUSE Security Update: Security update for kubo
_______________________________

Announcement ID: openSUSE-SU-2025:0347-1
Rating: moderate
References: #1241776
Cross-References: CVE-2025-22872
CVSS scores:
CVE-2025-22872 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for kubo fixes the following issues:

- CVE-2025-22872: Fixed golang.org/x/net/html issue where incorrectly
interpreted tags can cause content to be placed wrong scope during DOM
construction (boo#1241776).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-347=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

kubo-0.35.0-bp157.2.6.1

References:

https://www.suse.com/security/cve/CVE-2025-22872.html
https://bugzilla.suse.com/1241776

Patch update for Slackware

ImageMagick and ca-certificates-java updates for Debian 10 ELTS

Chromium, ChromeDriver, Kubo updates for SUSE

openSUSE-SU-2025:0344-1: important: Security update for chromium

openSUSE-SU-2025:0343-1: important: Security update for chromium

openSUSE-SU-2025:15548-1: moderate: chromedriver-140.0.7339.127-1.1 on GA media

openSUSE-SU-2025:0347-1: moderate: Security update for kubo

Windows

Linux

macOS

Community