Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42: Addressing CEF High Security Vulnerabilities CVE-2025-14765

fedora
Calendar Grey December 21, 2025
Dist Fedora Esm H88
Update for Fedora 42 addresses high-severity issues in cef framework, including use after free and out of bounds errors.
Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482) High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of bounds read and write in V8 High ...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482) High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of bounds read and write in V8 High CVE-2025-13630: Type Confusion in V8 High CVE-2025-13631: Inappropriate implementation in Google Updater High CVE-2025-13632: Inappropriate implementation in DevTools High CVE-2025-13633: Use after free in Digital Credentials Medium CVE-2025-13634: Inappropriate implementation in Downloads Medium CVE-2025-13720: Bad cast in Loader Medium CVE-2025-13721: Race in v8 Low CVE-2025-13635: Inappropriate implementation in Downloads Low CVE-2025-13636: Inappropriate implementation in Split View Low CVE-2025-13637: Inappropriate implementation in Downloads Low CVE-2025-13638: Use after free in Media Stream Low CVE-2025-13639: Inappropriate implementation in WebRTC Low CVE-2025-13640: Inappropriate implementation in Passwords

Topics%20covered

Topics Covered

security advisory fedora high out-of-bounds use-after-free cef

Change Log

* Thu Dec 18 2025 Than Ngo - 143.0.10^chromium143.0.7499.146-1 - Update to 143.0.7499.146 [rhbz#2423482] - * High CVE-2025-14765: Use after free in WebGPU - * High CVE-2025-14766: Out of bounds read and write in V8 - Force dark mode when auto dark mode web content is on - Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as it's merged * Thu Dec 18 2025 Hoshino Lina - 143.0.10^chromium143.0.7499.109-7 - Fix accelerated paint regression * Sun Dec 14 2025 Hoshino Lina - 143.0.10^chromium143.0.7499.109-6 - Remove GTK dependency * Fri Dec 12 2025 Than Ngo - 143.0.10^chromium143.0.7499.109-2 - Enable gtk4 by default * Fri Dec 12 2025 Than Ngo - 143.0.10^chromium143.0.7499.109-1 - Update to 143.0.7499.109 - * High: Under coordination - * Medium CVE-2025-14372: Use after free in Password Manager - * Medium CVE-2025-14373: Inappropriate implementation in Toolbar - Workaround problem of auto dark mode inverting images and making them unreadable - Hoshino Lina: Update to cef-143.0.10+g8aed01b (rhbz#2421703) * Wed Dec 10 2025 LuK1337 - 143.0.9^chromium143.0.7499.40-6 - Backport Wayland Omnibox bug fix from upstream * Wed Dec 10 2025 Than Ngo - 143.0.9^chromium143.0.7499.40-1 - Update to 143.0.7499.40 - Hoshino Lina: Update to cef-143.0.9+ge88e818 (rhbz#2420939) - * High CVE-2025-13630: Type Confusion in V8 - * High CVE-2025-13631: Inappropriate implementation in Google Updater - * High CVE-2025-13632: Inappropriate implementation in DevTools - * High CVE-2025-13633: Use after free in Digital Credentials - * Medium CVE-2025-13634: Inappropriate implementation in Downloads - * Medium CVE-2025-13720: Bad cast in Loader - * Medium CVE-2025-13721: Race in v8 - * Low CVE-2025-13635: Inappropriate implementation in Downloads - * Low CVE-2025-13636: Inappropriate implementation in Split View - * Low CVE-2025-13637: Inappropriate implementation in Downloads - * Low CVE-2025-13638: Use after free in Media Stream - * Low CVE-2025-13639: Inappropriate implementation in WebRTC - * Low CVE-2025-13640: Inappropriate implementation in Passwords - Drop workaround darkmode-image-policy.patch - Fix build error due to Unresolved dependencies - Fix swiftshader to compile with llvm-16.0 - Refresh python-3.9-ftbfs patch for el9 - Refresh ppc64le patches - Refresh chromium.conf

References


[ 1 ] Bug #2420939 - cef-143.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2420939 [ 2 ] Bug #2421703 - cef-143.0.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=2421703 [ 3 ] Bug #2423482 - cef-143.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2423482

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7605ca0d7d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 42
Version: 143.0.10^chromium143.0.7499.146
Release: 1.fc42
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora high out-of-bounds use-after-free cef

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here