Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42 CEF Exploitable Race Condition Memory Access Vulnerability

fedora
Calendar Grey February 2, 2026
Dist Fedora Esm H88
Critical cef updates for Fedora 42 include race condition and memory access issues in V8. Immediate action is required.
Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335) CVE-2026-1220: Race in V8 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate impl...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335) CVE-2026-1220: Race in V8 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate implementation in V8 CVE-2026-0901: Inappropriate implementation in Blink CVE-2026-0902: Inappropriate implementation in V8 CVE-2026-0903: Insufficient validation of untrusted input in Downloads CVE-2026-0904: Incorrect security UI in Digital Credentials CVE-2026-0905: Insufficient policy enforcement in Network CVE-2026-0906: Incorrect security UI CVE-2026-0907: Incorrect security UI in Split View CVE-2026-0908: Use after free in ANGLE

Topics%20covered

Topics Covered

security advisory fedora code execution race condition memory access Blink

Change Log

* Sat Jan 24 2026 Hoshino Lina - 144.0.11^chromium144.0.7559.96-1 - Update to cef-144.0.11+ge135be2 (rhbz#2432335) * Sat Jan 24 2026 Than Ngo - 144.0.6^chromium144.0.7559.96-1 - Update to 144.0.7559.96 [rhbz#2432335] - * CVE-2026-1220: Race in V8 * Wed Jan 21 2026 Than Ngo - 144.0.6^chromium144.0.7559.59-1 - Update to 144.0.7559.59 - * CVE-2026-0899: Out of bounds memory access in V8 - * CVE-2026-0900: Inappropriate implementation in V8 - * CVE-2026-0901: Inappropriate implementation in Blink - * CVE-2026-0902: Inappropriate implementation in V8 - * CVE-2026-0903: Insufficient validation of untrusted input in Downloads - * CVE-2026-0904: Incorrect security UI in Digital Credentials - * CVE-2026-0905: Insufficient policy enforcement in Network - * CVE-2026-0906: Incorrect security UI - * CVE-2026-0907: Incorrect security UI in Split View - * CVE-2026-0908: Use after free in ANGLE - Hoshino Lina: Update to cef-144.0.6+g5f7e671 (rhbz#2431156) * Fri Jan 16 2026 Fedora Release Engineering - 143.0.13^chromium143.0.7499.192-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 143.0.13^chromium143.0.7499.192-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2432335 - cef-144.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432335

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-68ca733984' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 42
Version: 144.0.11^chromium144.0.7559.96
Release: 1.fc42
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora code execution race condition memory access Blink

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here