Fedora 41: 2025-d9219c6a43 critical: chromium buffer overflow and more

fedora

January 17, 2025

Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer ov...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics * High CVE-2025-0438: Stack buffer overflow in Tracing * Medium CVE-2025-0439: Race in Frames * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen * Medium CVE-2025-0441: Inappropriate implementation in Fenced * Medium CVE-2025-0442: Inappropriate implementation in Payments * Medium CVE-2025-0443: Insufficient data validation in Extensions * Low CVE-2025-0446: Inappropriate implementation in Extensions * Low CVE-2025-0447: Inappropriate implementation in Navigation * Low CVE-2025-0448: Inappropriate implementation in Compositing

Topics Covered

security advisory fedora update buffer overflow out of bounds chromium tracing

Change Log

* Wed Jan 15 2025 Than Ngo - 132.0.6834.83-1 - Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics * High CVE-2025-0438: Stack buffer overflow in Tracing * Medium CVE-2025-0439: Race in Frames * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen * Medium CVE-2025-0441: Inappropriate implementation in Fenced * Medium CVE-2025-0442: Inappropriate implementation in Payments * Medium CVE-2025-0443: Insufficient data validation in Extensions * Low CVE-2025-0446: Inappropriate implementation in Extensions * Low CVE-2025-0447: Inappropriate implementation in Navigation * Low CVE-2025-0448: Inappropriate implementation in Compositing

References

[ 1 ] Bug #2336836 - CVE-2025-0291 chromium: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2336836 [ 2 ] Bug #2336837 - CVE-2025-0291 chromium: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2336837 [ 3 ] Bug #2338180 - CVE-2025-0437 chromium: Out of bounds read in Metrics [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338180 [ 4 ] Bug #2338181 - CVE-2025-0437 chromium: Out of bounds read in Metrics [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338181 [ 5 ] Bug #2338200 - CVE-2025-0438 chromium: Stack buffer overflow in Tracing [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338200 [ 6 ] Bug #2338218 - CVE-2025-0434 chromium: Out of bounds memory access in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338218 [ 7 ] Bug #2338230 - CVE-2025-0436 chromium: From CVEorg collector [fedora-all] https://bug...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d9219c6a43' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: chromium

Product: Fedora 41

Version: 132.0.6834.83

Release: 1.fc41

URL: http://www.chromium.org/Home

Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics Covered

security advisory fedora update buffer overflow out of bounds chromium tracing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks