Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Fedora 42 CEF Critical Update Heap Overflow DoS 2026-a48b5f36ec

fedora
Calendar Grey March 2, 2026
Dist Fedora Esm H88
Explore the Fedora 42 CEF security advisory detailing critical updates and multiple vulnerabilities. Immediate action is recommended.
Update to cef-145.0.25 + chromium 145.0.7632.75 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 CVE-2026-2313: Use after free in CSS CVE-2026-2314...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

Update to cef-145.0.25 + chromium 145.0.7632.75 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 CVE-2026-2313: Use after free in CSS CVE-2026-2314: Heap buffer overflow in Codecs CVE-2026-2315: Inappropriate implementation in WebGPU CVE-2026-2316: Insufficient policy enforcement in Frames CVE-2026-2317: Inappropriate implementation in Animation CVE-2026-2318: Inappropriate implementation in PictureInPicture CVE-2026-2319: Race in DevTools CVE-2026-2320: Inappropriate implementation in File input CVE-2026-2321: Use after free in Ozone CVE-2026-2322: Inappropriate implementation in File input CVE-2026-2323: Inappropriate implementation in Downloads CVE-2026-2441: Use after free in CSS

Topics%20covered

Topics Covered

security advisory fedora use-after-free type confusion heap buffer embedded framework

Change Log

* Fri Feb 20 2026 Than Ngo - 145.0.25^chromium145.0.7632.75-1 - Update to 145.0.7632.75 - * CVE-2026-2441: Use after free in CSS - Fix FTFS on aarch64/ppc64le caused by missing include file (el9) - Enable rustc_nightly_capability * Fri Feb 20 2026 Than Ngo - 145.0.25^chromium145.0.7632.45-1 - Update to 145.0.7632.45 - * CVE-2026-2313: Use after free in CSS - * CVE-2026-2314: Heap buffer overflow in Codecs - * CVE-2026-2315: Inappropriate implementation in WebGPU - * CVE-2026-2316: Insufficient policy enforcement in Frames - * CVE-2026-2317: Inappropriate implementation in Animation - * CVE-2026-2318: Inappropriate implementation in PictureInPicture - * CVE-2026-2319: Race in DevTools - * CVE-2026-2320: Inappropriate implementation in File input - * CVE-2026-2321: Use after free in Ozone - * CVE-2026-2322: Inappropriate implementation in File input - * CVE-2026-2323: Inappropriate implementation in Downloads - Hoshino Lina: Update to cef-145.0.25+g265860d * Fri Feb 20 2026 Than Ngo - 144.0.11^chromium144.0.7559.132-1 - Update to 144.0.7559.132 - * CVE-2026-1861: Heap buffer overflow in libvpx - * CVE-2026-1862: Type Confusion in V8 - Add BR on esbuild - Disable devtool bundle - Update scripts for downloading the source

References

Fedora Update Notification FEDORA-2026-a48b5f36ec 2026-03-02 00:56:30.545282+00:00 Name : cef Product : Fedora 42 Version : 145.0.25^chromium145.0.7632.75 Release : 4.fc42 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a48b5f36ec' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 42
Version: 145.0.25^chromium145.0.7632.75
Release: 4.fc42
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora use-after-free type confusion heap buffer embedded framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here