Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42: CEF Critical Type Confusion Issues CVE-2025-8010 2025-b7cb89ddd3

fedora
Calendar Grey August 31, 2025
Dist Fedora Esm H88
Urgent security notice for Fedora 42 highlighting type mismanagement vulnerabilities within CEF, necessitating swift measures for remediation.
CVE-2025-8010: Type Confusion in V8 CVE-2025-8011: Type Confusion in V8 CVE-2025-8576: Use after free in Extensions CVE-2025-8578: Use after free in Cast CVE-2025-8579: Inappropria...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

CVE-2025-8010: Type Confusion in V8 CVE-2025-8011: Type Confusion in V8 CVE-2025-8576: Use after free in Extensions CVE-2025-8578: Use after free in Cast CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome CVE-2025-8580: Inappropriate implementation in Filesystems CVE-2025-8581: Inappropriate implementation in Extensions CVE-2025-8582: Insufficient validation of untrusted input in DOM CVE-2025-8583: Inappropriate implementation in Permissions CVE-2025-8879: Heap buffer overflow in libaom CVE-2025-8880: Race in V8 CVE-2025-8901: Out of bounds write in ANGLE CVE-2025-8881: Inappropriate implementation in File Picker CVE-2025-8882: Use after free in Aura

Topics%20covered

Topics Covered

security advisory fedora critical browser type confusion embedded framework

Change Log

* Thu Aug 21 2025 Asahi Lina - 139.0.26^chromium139.0.7258.127-1 - Update to cef-139.0.26+g9d80e0d * Thu Aug 14 2025 Than Ngo - 139.0.20^chromium139.0.7258.127-1 - Updated to 139.0.7258.127 (rhbz#2381869) - * CVE-2025-8879: Heap buffer overflow in libaom - * CVE-2025-8880: Race in V8 - * CVE-2025-8901: Out of bounds write in ANGLE - * CVE-2025-8881: Inappropriate implementation in File Picker - * CVE-2025-8882: Use after free in Aura * Thu Aug 14 2025 Than Ngo - 139.0.20^chromium139.0.7258.66-1 - Updated to 139.0.7258.66 - Asahi Lina: Update to cef-139.0.20+g60bd77d - * CVE-2025-8576: Use after free in Extensions - * CVE-2025-8578: Use after free in Cast - * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome - * CVE-2025-8580: Inappropriate implementation in Filesystems - * CVE-2025-8581: Inappropriate implementation in Extensions - * CVE-2025-8582: Insufficient validation of untrusted input in DOM - * CVE-2025-8583: Inappropriate implementation in Permissions * Thu Aug 14 2025 Than Ngo - 138.0.25^chromium138.0.7204.183-1 - Update to 138.0.7204.183 - * CVE-2025-8292: Use after free in Media Stream * Thu Aug 14 2025 Than Ngo - 138.0.25^chromium138.0.7204.168-1 - Update to 138.0.7204.168 - * CVE-2025-8010: Type Confusion in V8 - * CVE-2025-8011: Type Confusion in V8 * Thu Aug 14 2025 Tom Stellard - 138.0.25^chromium138.0.7204.157-4 - Backport fix for build failure with clang-21 * Thu Jul 24 2025 Dominik Mierzejewski - 138.0.25^chromium138.0.7204.157-3 - drop unused yasm build dependency * Wed Jul 23 2025 Fedora Release Engineering - 138.0.25^chromium138.0.7204.157-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2389708 - cef-139.0.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=2389708

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b7cb89ddd3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 42
Version: 139.0.26^chromium139.0.7258.127
Release: 1.fc42
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora critical browser type confusion embedded framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here