Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 44 cef Update Fixes Integer Overflow and Object Lifecycle Concerns

fedora
Calendar Grey March 8, 2026
Dist Fedora Esm H88
Fedora 44 cef updated for critical issues, including integer overflow and buffer overflows affecting multiple components.
Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 (rhbz#2437035) CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Inte...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 (rhbz#2437035) CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Integer overflow in Skia CVE-2026-3539: Object lifecycle issue in DevTools CVE-2026-3540: Inappropriate implementation in WebAudio CVE-2026-3541: Inappropriate implementation in CSS CVE-2026-3542: Inappropriate implementation in WebAssembly CVE-2026-3543: Inappropriate implementation in V8 CVE-2026-3544: Heap buffer overflow in WebCodecs CVE-2026-3545: Insufficient data validation in Navigation CVE-2026-3061: Out of bounds read in Media CVE-2026-3062: Out of bounds read and write in Tint CVE-2026-3063: Inappropriate implementation in DevTools CVE-2026-2648: Heap buffer overflow in PDFium CVE-2026-2649: Integer overflow in V8 CVE-2026-2650: Heap buffer overflow in Media

Topics%20covered

Topics Covered

security advisory fedora integer overflow cve issue heap buffer overflow object lifecycle

Change Log

* Sat Mar 7 2026 Hoshino Lina - 145.0.28^chromium145.0.7632.159-1 - Bump to cef-145.0.28+g51162e8 (rhbz#2437035) * Sat Mar 7 2026 Than Ngo - 145.0.25^chromium145.0.7632.159-1 - Update to 145.0.7632.159 - * CVE-2026-3536: Integer overflow in ANGLE - * CVE-2026-3537: Object lifecycle issue in PowerVR - * CVE-2026-3538: Integer overflow in Skia - * CVE-2026-3539: Object lifecycle issue in DevTools - * CVE-2026-3540: Inappropriate implementation in WebAudio - * CVE-2026-3541: Inappropriate implementation in CSS - * CVE-2026-3542: Inappropriate implementation in WebAssembly - * CVE-2026-3543: Inappropriate implementation in V8 - * CVE-2026-3544: Heap buffer overflow in WebCodecs - * CVE-2026-3545: Insufficient data validation in Navigation * Sat Mar 7 2026 Than Ngo - 145.0.25^chromium145.0.7632.116-1 - Update to 145.0.7632.116 - * CVE-2026-3061: Out of bounds read in Media - * CVE-2026-3062: Out of bounds read and write in Tint - * CVE-2026-3063: Inappropriate implementation in DevTools * Sat Mar 7 2026 Than Ngo - 145.0.25^chromium145.0.7632.109-1 - Update to 145.0.7632.109 - * CVE-2026-2648: Heap buffer overflow in PDFium - * CVE-2026-2649: Integer overflow in V8 - * CVE-2026-2650: Heap buffer overflow in Media * Sat Mar 7 2026 Hoshino Lina - 145.0.25^chromium145.0.7632.75-5 - Use C++20 for libcef target

References


[ 1 ] Bug #2437035 - cef-145.0.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437035

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9834b25fc2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 44
Version: 145.0.28^chromium145.0.7632.159
Release: 1.fc44
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora integer overflow cve issue heap buffer overflow object lifecycle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here