Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42: CEF High WebGPU Out of Bounds Write CVE-2025-12725 Advisory

fedora
Calendar Grey November 29, 2025
Dist Fedora Esm H88
Critical updates for Fedora 42's CEF application address multiple high-impact security issues from CVE-2025-12725 to CVE-2025-12447.
Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High CVE-2025-12727: Inappropriate implementa...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High CVE-2025-12727: Inappropriate implementation in V8 Medium CVE-2025-12728: Inappropriate implementation in Omnibox Medium CVE-2025-12729: Inappropriate implementation in Omnibox High CVE-2025-12428: Type Confusion in V8 High CVE-2025-12429: Inappropriate implementation in V8 High CVE-2025-12430: Object lifecycle issue in Media High CVE-2025-12431: Inappropriate implementation in Extensions High CVE-2025-12432: Race in V8 High CVE-2025-12433: Inappropriate implementation in V8 High CVE-2025-12036: Inappropriate implementation in V8 Medium CVE-2025-12434: Race in Storage Medium CVE-2025-12435: Incorrect security UI in Omnibox Medium CVE-2025-12436: Policy bypass in Extensions Medium CVE-2025-12437: Use after free in PageInfo Medium CVE-2025-12438: Use after free in Ozone Medium CVE-2025-12439: Inappropriate implementation in App-B...

Topics%20covered

Topics Covered

security advisory fedora high implementation cef webgpu

Change Log

* Tue Nov 18 2025 Asahi Lina - 142.0.14^chromium142.0.7444.162-1 - Update to cef-142.0.14+gceaf578 (rhbz#2413981) * Tue Nov 18 2025 Than Ngo - 142.0.10^chromium142.0.7444.162-4 - Fix FTBFS caused by rust-1.88 on EL9 * Tue Nov 18 2025 Than Ngo - 142.0.10^chromium142.0.7444.162-3 - Fix FTBFS - epel9 has new rust-1.88, dropp chromium-134-rust- libadler2.patch * Fri Nov 14 2025 Than Ngo - 142.0.10^chromium142.0.7444.162-1 - Update to 142.0.7444.162 - * High CVE-2025-13042: Inappropriate implementation in V8 * Tue Nov 11 2025 Dominik 'Rathann' Mierzejewski - 142.0.10^chromium142.0.7444.134-2 - Rebuilt for FFmpeg 8 * Tue Nov 11 2025 Asahi Lina - 142.0.10^chromium142.0.7444.134-1 - Update to cef-142.0.10+g29548e2 (rhbz#2413981) * Sun Nov 9 2025 Than Ngo - 142.0.6^chromium142.0.7444.134-1 - Update to 142.0.7444.134 (rhbz#2413621) - * High CVE-2025-12725: Out of bounds write in WebGPU - * High CVE-2025-12726: Inappropriate implementation in Views - * High CVE-2025-12727: Inappropriate implementation in V8 - * Medium CVE-2025-12728: Inappropriate implementation in Omnibox - * Medium CVE-2025-12729: Inappropriate implementation in Omnibox * Sun Nov 9 2025 Than Ngo - 142.0.6^chromium142.0.7444.59-5 - Add CVEs in changelog - * High CVE-2025-12428: Type Confusion in V8 - * High CVE-2025-12429: Inappropriate implementation in V8 - * High CVE-2025-12430: Object lifecycle issue in Media - * High CVE-2025-12431: Inappropriate implementation in Extensions - * High CVE-2025-12432: Race in V8 - * High CVE-2025-12433: Inappropriate implementation in V8 - * High CVE-2025-12036: Inappropriate implementation in V8 - * Medium CVE-2025-12434: Race in Storage - * Medium CVE-2025-12435: Incorrect security UI in Omnibox - * Medium CVE-2025-12436: Policy bypass in Extensions - * Medium CVE-2025-12437: Use after free in PageInfo - * Medium CVE-2025-12438: Use after free in Ozone - * Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption - * Low CVE-2025-12440: Inappropriate implementation in Autofill - * Medium CVE-2025-12441: Out of bounds read in V8 - * Medium CVE-2025-12443: Out of bounds read in WebXR - * Low CVE-2025-12444: Incorrect security UI in Fullscreen UI - * Low CVE-2025-12445: Policy bypass in Extensions - * Low CVE-2025-12446: Incorrect security UI in SplitView - * Low CVE-2025-12447: Incorrect security UI in Omnibox * Tue Nov 4 2025 Dominik 'Rathann' Mierzejewski - 142.0.6^chromium142.0.7444.59-2 - Rebuilt for FFmpeg 8

References

Fedora Update Notification FEDORA-2025-58193e3850 2025-11-29 17:02:16.261252+00:00 Name : cef Product : Fedora 42 Version : 142.0.14^chromium142.0.7444.162 Release : 1.fc42 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-58193e3850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 42
Version: 142.0.14^chromium142.0.7444.162
Release: 1.fc42
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora high implementation cef webgpu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here