Fedora 42 CEF High Security Vulnerabilities Heap Overflow Out Of Bounds

* Tue Mar 31 2026 Hoshino Lina - 146.0.9^chromium146.0.7680.164-1 - Update to cef-146.0.9+g3ca6a87 * Wed Mar 25 2026 Than Ngo - 146.0.6^chromium146.0.7680.164-1 - Update to 146.0.7680.164 - * High CVE-2026-4673: Heap buffer overflow in WebAudio - * High CVE-2026-4674: Out of bounds read in CSS - * High CVE-2026-4675: Heap buffer overflow in WebGL - * High CVE-2026-4676: Use after free in Dawn - * High CVE-2026-4677: Out of bounds read in WebAudio - * High CVE-2026-4678: Use after free in WebGPU - * High CVE-2026-4679: Integer overflow in Fonts - * High CVE-2026-4680: Use after free in FedCM * Wed Mar 25 2026 Than Ngo - 146.0.6^chromium146.0.7680.153-1 - Update to 146.0.7680.153 - * CVE-2026-4439: Out of bounds memory access in WebGL - * CVE-2026-4440: Out of bounds read and write in WebGL - * CVE-2026-4441: Use after free in Base - * CVE-2026-4442: Heap buffer overflow in CSS - * CVE-2026-4443: Heap buffer overflow in WebAudio - * CVE-2026-4444: Stack buffer overflow in WebRTC - * CVE-2026-4445: Use after free in WebRTC - * CVE-2026-4446: Use after free in WebRTC - * CVE-2026-4447: Inappropriate implementation in V8 - * CVE-2026-4448: Heap buffer overflow in ANGLE - * CVE-2026-4449: Use after free in Blink - * CVE-2026-4450: Out of bounds write in V8 - * CVE-2026-4451: Insufficient validation of untrusted input in Navigation - * CVE-2026-4452: Integer overflow in ANGLE - * CVE-2026-4453: Integer overflow in Dawn - * CVE-2026-4454: Use after free in Network - * CVE-2026-4455: Heap buffer overflow in PDFium - * CVE-2026-4456: Use after free in Digital Credentials API - * CVE-2026-4457: Type Confusion in V8 - * CVE-2026-4458: Use after free in Extensions - * CVE-2026-4459: Out of bounds read and write in WebAudio - * CVE-2026-4460: Out of bounds read in Skia - * CVE-2026-4461: Inappropriate implementation in V8 - * CVE-2026-4462: Out of bounds read in Blink - * CVE-2026-4463: Heap buffer overflow in WebRTC - * CVE-2026-4464: Integer overflow in ANGLE * Wed Mar 25 2026 Than Ngo - 146.0.6^chromium146.0.7680.80-1 - Update to 146.0.7680.80 - * CVE-2026-3909: Out of bounds write in Ski * Wed Mar 25 2026 Than Ngo - 146.0.6^chromium146.0.7680.75-1 - Update to 146.0.7680.75 - * CVE-2026-3909: Out of bounds write in Skia - * CVE-2026-3910: Inappropriate implementation in V8 * Wed Mar 25 2026 Than Ngo - 146.0.6^chromium146.0.7680.71-1 - Update to 146.0.7680.71 - * CVE-2026-3913: Heap buffer overflow in WebML - * CVE-2026-3914: Integer overflow in WebML - * CVE-2026-3915: Heap buffer overflow in WebML - * CVE-2026-3916: Out of bounds read in Web Speech - * CVE-2026-3917: Use after free in Agents - * CVE-2026-3918: Use after free in WebMCP - * CVE-2026-3919: Use after free in Extensions - * CVE-2026-3920: Out of bounds memory access in WebML - * CVE-2026-3921: Use after free in TextEncoding - * CVE-2026-3922: Use after free in MediaStream - * CVE-2026-3923: Use after free in WebMIDI - * CVE-2026-3924: Use after free in WindowDialog - * CVE-2026-3925: Incorrect security UI in LookalikeChecks - * CVE-2026-3926: Out of bounds read in V8 - * CVE-2026-3927: Incorrect security UI in PictureInPicture - * CVE-2026-3928: Insufficient policy enforcement in Extensions - * CVE-2026-3929: Side-channel information leakage in ResourceTiming - * CVE-2026-3930: Unsafe navigation in Navigation - * CVE-2026-3931: Heap buffer overflow in Skia - * CVE-2026-3932: Insufficient policy enforcement in PDF - * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver - * CVE-2026-3935: Incorrect security UI in WebAppInstalls - * CVE-2026-3936: Use after free in WebView - * CVE-2026-3937: Incorrect security UI in Downloads - * CVE-2026-3938: Insufficient policy enforcement in Clipboard - * CVE-2026-3939: Insufficient policy enforcement in PDF - * CVE-2026-3940: Insufficient policy enforcement in DevTools - * CVE-2026-3941: Insufficient policy enforcement in DevTools - * CVE-2026-3942: Incorrect security UI in PictureInPicture - Fix build errors - Refresh patches for new upstream changes - Remove patches merged by upstream - Hoshino Lina: Update to cef-146.0.6+g68649e2 (rhbz#2450085)