Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 43: cef High Out Of Bounds Issues DoS 2025-604e02ca72

fedora
Calendar Grey November 29, 2025
Dist Fedora Esm H88
High severity vulnerabilities found in CEF on Fedora 43 require urgent patching to prevent exploitation risks.
Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High CVE-2025-12727: Inappropriate implementa...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High CVE-2025-12727: Inappropriate implementation in V8 Medium CVE-2025-12728: Inappropriate implementation in Omnibox Medium CVE-2025-12729: Inappropriate implementation in Omnibox High CVE-2025-12428: Type Confusion in V8 High CVE-2025-12429: Inappropriate implementation in V8 High CVE-2025-12430: Object lifecycle issue in Media High CVE-2025-12431: Inappropriate implementation in Extensions High CVE-2025-12432: Race in V8 High CVE-2025-12433: Inappropriate implementation in V8 High CVE-2025-12036: Inappropriate implementation in V8 Medium CVE-2025-12434: Race in Storage Medium CVE-2025-12435: Incorrect security UI in Omnibox Medium CVE-2025-12436: Policy bypass in Extensions Medium CVE-2025-12437: Use after free in PageInfo Medium CVE-2025-12438: Use after free in Ozone Medium CVE-2025-12439: Inappropriate implementation in App-B...

Topics%20covered

Topics Covered

security advisory fedora high out-of-bounds implementation webgpu

Change Log

* Tue Nov 18 2025 Asahi Lina - 142.0.14^chromium142.0.7444.162-1 - Update to cef-142.0.14+gceaf578 (rhbz#2413981) * Tue Nov 18 2025 Than Ngo - 142.0.10^chromium142.0.7444.162-4 - Fix FTBFS caused by rust-1.88 on EL9 * Tue Nov 18 2025 Than Ngo - 142.0.10^chromium142.0.7444.162-3 - Fix FTBFS - epel9 has new rust-1.88, dropp chromium-134-rust- libadler2.patch * Fri Nov 14 2025 Than Ngo - 142.0.10^chromium142.0.7444.162-1 - Update to 142.0.7444.162 - * High CVE-2025-13042: Inappropriate implementation in V8 * Tue Nov 11 2025 Dominik 'Rathann' Mierzejewski - 142.0.10^chromium142.0.7444.134-2 - Rebuilt for FFmpeg 8 * Tue Nov 11 2025 Asahi Lina - 142.0.10^chromium142.0.7444.134-1 - Update to cef-142.0.10+g29548e2 (rhbz#2413981) * Sun Nov 9 2025 Than Ngo - 142.0.6^chromium142.0.7444.134-1 - Update to 142.0.7444.134 (rhbz#2413621) - * High CVE-2025-12725: Out of bounds write in WebGPU - * High CVE-2025-12726: Inappropriate implementation in Views - * High CVE-2025-12727: Inappropriate implementation in V8 - * Medium CVE-2025-12728: Inappropriate implementation in Omnibox - * Medium CVE-2025-12729: Inappropriate implementation in Omnibox * Sun Nov 9 2025 Than Ngo - 142.0.6^chromium142.0.7444.59-5 - Add CVEs in changelog - * High CVE-2025-12428: Type Confusion in V8 - * High CVE-2025-12429: Inappropriate implementation in V8 - * High CVE-2025-12430: Object lifecycle issue in Media - * High CVE-2025-12431: Inappropriate implementation in Extensions - * High CVE-2025-12432: Race in V8 - * High CVE-2025-12433: Inappropriate implementation in V8 - * High CVE-2025-12036: Inappropriate implementation in V8 - * Medium CVE-2025-12434: Race in Storage - * Medium CVE-2025-12435: Incorrect security UI in Omnibox - * Medium CVE-2025-12436: Policy bypass in Extensions - * Medium CVE-2025-12437: Use after free in PageInfo - * Medium CVE-2025-12438: Use after free in Ozone - * Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption - * Low CVE-2025-12440: Inappropriate implementation in Autofill - * Medium CVE-2025-12441: Out of bounds read in V8 - * Medium CVE-2025-12443: Out of bounds read in WebXR - * Low CVE-2025-12444: Incorrect security UI in Fullscreen UI - * Low CVE-2025-12445: Policy bypass in Extensions - * Low CVE-2025-12446: Incorrect security UI in SplitView - * Low CVE-2025-12447: Incorrect security UI in Omnibox * Tue Nov 4 2025 Dominik 'Rathann' Mierzejewski - 142.0.6^chromium142.0.7444.59-2 - Rebuilt for FFmpeg 8

References

Fedora Update Notification FEDORA-2025-604e02ca72 2025-11-29 16:43:28.332542+00:00 Name : cef Product : Fedora 43 Version : 142.0.14^chromium142.0.7444.162 Release : 1.fc43 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-604e02ca72' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 43
Version: 142.0.14^chromium142.0.7444.162
Release: 1.fc43
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora high out-of-bounds implementation webgpu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here