Stay Vigilant with Timely Linux Security Advisories

security advisoryfedorabuffer overflow

Fedora 43 Cef High Heap Overflow and Use After Free CVE-2026-5273

Update to 146.0.7680.177 + cef-146.0.11+g8e1262b High CVE-2026-5273: Use after free in CSS High CVE-2026-5272: Heap buffer overflow in GPU High CVE-2026-5274: Integer overflow in Codecs High CVE-2026-5275: Heap buffer overflow in ANGLE. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ffdca48c25 2026-04-16 00:53:32.960297+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 43 Version : 146.0.11^chromium146.0.7680.177 Release : 2.fc43 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 146.0.7680.177 + cef-146.0.11+g8e1262b High CVE-2026-5273: Use after free in CSS High CVE-2026-5272: Heap buffer overflow in GPU High CVE-2026-5274: Integer overflow in Codecs High CVE-2026-5275: Heap buffer overflow in ANGLE High CVE-2026-5276: Insufficient policy enforcement in WebUSB High CVE-2026-5277: Integer overflow in ANGLE High CVE-2026-5278: Use after free in Web MIDI High CVE-2026-5279: Object corruption in V8 High CVE-2026-5280: Use after free in WebCodecs High CVE-2026-5281: Use after free in Dawn High CVE-2026-5282: Out of bounds read in WebCodecs High CVE-2026-5283: Inappropriate implementation in ANGLE High CVE-2026-5284: Use after free in Dawn High CVE-2026-5285: Use after free in WebGL High CVE-2026-5286: Use after free in Dawn High CVE-2026-5287: Use after free in PDF High CVE-2026-5288: Use after free in WebView High CVE-2026-5289: Use after free in Navigation High CVE-2026-5290: Use after free in Compositing Medium CVE-2026-5291: Inappropriate implementation in WebGL Medium CVE-2026-5292: Out of bounds read inWebCodecs -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2026 Hoshino Lina - 146.0.11^chromium146.0.7680.177-1 - Update to cef-146.0.11+g8e1262b * Wed Apr 15 2026 Than Ngo - 146.0.9^chromium146.0.7680.177-1 - Update to 146.0.7680.177 - * High CVE-2026-5273: Use after free in CSS - * High CVE-2026-5272: Heap buffer overflow in GPU - * High CVE-2026-5274: Integer overflow in Codecs - * High CVE-2026-5275: Heap buffer overflow in ANGLE - * High CVE-2026-5276: Insufficient policy enforcement in WebUSB - * High CVE-2026-5277: Integer overflow in ANGLE - * High CVE-2026-5278: Use after free in Web MIDI - * High CVE-2026-5279: Object corruption in V8 - * High CVE-2026-5280: Use after free in WebCodecs - * High CVE-2026-5281: Use after free in Dawn - * High CVE-2026-5282: Out of bounds read in WebCodecs - * High CVE-2026-5283: Inappropriate implementation in ANGLE - * High CVE-2026-5284: Use after free in Dawn - * High CVE-2026-5285: Use after free in WebGL - * High CVE-2026-5286: Use after free in Dawn - * High CVE-2026-5287: Use after free in PDF - * High CVE-2026-5288: Use after free in WebView - * High CVE-2026-5289: Use after free in Navigation - * High CVE-2026-5290: Use after free in Compositing - * Medium CVE-2026-5291: Inappropriate implementation in WebGL - * Medium CVE-2026-5292: Out of bounds read in WebCodecs - removed ppc64le-build-error patch that is merged in upstream * Tue Apr 14 2026 Hoshino Lina - 146.0.9^chromium146.0.7680.164-2 - Fix 136 ABI backwards compat breakage -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454750 - cef-146.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454750 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ffdca48c25' at the command line. For moreinformation, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for Fedora 43 cef address multiple high severity issues. Stay secure and updated.. Fedora updates, Cef security issues, high severity threats, Linux security, software patches. . Severity: Critical. LinuxSecurity.com Team

Apr 16, 2026 •Critical Fedora

security advisoryfedoraCVE

Fedora 42 cef Patch for CVE-2026-1504 - Background Fetch API Vulnerability

Update to Chromium 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-24ed079b30 2026-02-10 01:08:32.523402+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 42 Version : 144.0.11^chromium144.0.7559.109 Release : 2.fc42 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to Chromium 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 31 2026 Jan Stan\u011bk - 144.0.11^chromium144.0.7559.109-2 - Update BR for nodejs * Sat Jan 31 2026 Than Ngo - 144.0.11^chromium144.0.7559.109-1 - Update to 144.0.7559.109 - * CVE-2026-1504: Inappropriate implementation in Background Fetch API -------------------------------------------------------------------------------- References: [ 1 ] Bug #2435464 - cef-144.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2435464 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-24ed079b30' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to Chromium 144.0.7559.109 inFedora 42 addresses a critical issue found in the Background Fetch API.. Fedora Update, Chromium Embedded Framework, Background Fetch API, Fedora 42, Security Advisory. . Severity: Important. LinuxSecurity.com Team

Feb 10, 2026 •Important Fedora

Banner 2 1028x280 1708121730 1 1771599631

security advisoryfedoracritical

Fedora 43 cef Critical Race Condition Memory Access Issues 2026-c5295ae3b9

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335) CVE-2026-1220: Race in V8 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate implementation in V8 CVE-2026-0901: Inappropriate implementation in Blink. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c5295ae3b9 2026-02-02 00:40:18.916458+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 43 Version : 144.0.11^chromium144.0.7559.96 Release : 1.fc43 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335) CVE-2026-1220: Race in V8 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate implementation in V8 CVE-2026-0901: Inappropriate implementation in Blink CVE-2026-0902: Inappropriate implementation in V8 CVE-2026-0903: Insufficient validation of untrusted input in Downloads CVE-2026-0904: Incorrect security UI in Digital Credentials CVE-2026-0905: Insufficient policy enforcement in Network CVE-2026-0906: Incorrect security UI CVE-2026-0907: Incorrect security UI in Split View CVE-2026-0908: Use after free in ANGLE -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 24 2026 Hoshino Lina - 144.0.11^chromium144.0.7559.96-1 - Update to cef-144.0.11+ge135be2 (rhbz#2432335) * Sat Jan 24 2026 Than Ngo - 144.0.6^chromium144.0.7559.96-1 - Update to 144.0.7559.96 [rhbz#2432335] - * CVE-2026-1220: Race in V8 * Wed Jan 21 2026 Than Ngo - 144.0.6^chromium144.0.7559.59-1 - Update to 144.0.7559.59 - * CVE-2026-0899: Out of bounds memory access in V8 - *CVE-2026-0900: Inappropriate implementation in V8 - * CVE-2026-0901: Inappropriate implementation in Blink - * CVE-2026-0902: Inappropriate implementation in V8 - * CVE-2026-0903: Insufficient validation of untrusted input in Downloads - * CVE-2026-0904: Incorrect security UI in Digital Credentials - * CVE-2026-0905: Insufficient policy enforcement in Network - * CVE-2026-0906: Incorrect security UI - * CVE-2026-0907: Incorrect security UI in Split View - * CVE-2026-0908: Use after free in ANGLE - Hoshino Lina: Update to cef-144.0.6+g5f7e671 (rhbz#2431156) * Fri Jan 16 2026 Fedora Release Engineering - 143.0.13^chromium143.0.7499.192-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 143.0.13^chromium143.0.7499.192-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432335 - cef-144.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432335 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c5295ae3b9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update released for Fedora 43 rectifying multiple critical issues in cef related to V8 and Blink implementations. Immediate action required.. Fedora Update, cef Security Fix, V8 Memory Issue, Race Condition Fix, Chromium Security Update. . Severity: Critical. LinuxSecurity.com Team

Feb 02, 2026 •Critical Fedora

security advisoryfedorahigh

Fedora 42: CEF High CVE-2026-0628 Insufficient Policy Enforcement Advisory

Update to 143.0.7499.192 [rhbz#2427842] * High CVE-2026-0628: Insufficient policy enforcement in WebView tag. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2a94cc43d9 2026-01-21 01:30:15.162802+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 42 Version : 143.0.13^chromium143.0.7499.192 Release : 1.fc42 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 143.0.7499.192 [rhbz#2427842] * High CVE-2026-0628: Insufficient policy enforcement in WebView tag -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 9 2026 Than Ngo - 143.0.13^chromium143.0.7499.192-1 - Update to 143.0.7499.192 [rhbz#2427842] - * High CVE-2026-0628: Insufficient policy enforcement in WebView tag - Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64 - Enable build for epel10.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2427842 - cef-143.0.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2427842 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2a94cc43d9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 has a high-severity update for cef addressing insufficient policy enforcement in WebView tag. Critical fix available.. Fedora CEF Security Update High Risk CVE-2026-0628 Insufficient Enforcement. . Severity: Important. LinuxSecurity.com Team

Jan 21, 2026 •Important Fedora

security advisoryfedorahigh

Fedora 43: Important Advisory on cef High Policy Enforcement CVE-2026-0628

Update to 143.0.7499.192 [rhbz#2427842] * High CVE-2026-0628: Insufficient policy enforcement in WebView tag. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-77e3579a49 2026-01-21 01:10:49.670808+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 43 Version : 143.0.13^chromium143.0.7499.192 Release : 1.fc43 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 143.0.7499.192 [rhbz#2427842] * High CVE-2026-0628: Insufficient policy enforcement in WebView tag -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 9 2026 Than Ngo - 143.0.13^chromium143.0.7499.192-1 - Update to 143.0.7499.192 [rhbz#2427842] - * High CVE-2026-0628: Insufficient policy enforcement in WebView tag - Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64 - Enable build for epel10.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2427842 - cef-143.0.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2427842 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-77e3579a49' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update to cef version 143.0.7499.192 on Fedora 43 addresses high severity policy enforcement issue in WebView.. Linux security advisory, Fedora update, cef policy enforcement. . Severity: Critical. LinuxSecurity.com Team

Jan 21, 2026 •Critical Fedora

security advisoryfedorahigh

Fedora 43 CEF High CVE-2025-14765 Critical Update for WebGPU Issues

Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482) High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of bounds read and write in V8 High CVE-2025-13630: Type Confusion in V8 High CVE-2025-13631: Inappropriate implementation in Google Updater. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6e776254bf 2025-12-21 03:52:21.127349+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 43 Version : 143.0.10^chromium143.0.7499.146 Release : 1.fc43 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482) High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of bounds read and write in V8 High CVE-2025-13630: Type Confusion in V8 High CVE-2025-13631: Inappropriate implementation in Google Updater High CVE-2025-13632: Inappropriate implementation in DevTools High CVE-2025-13633: Use after free in Digital Credentials Medium CVE-2025-13634: Inappropriate implementation in Downloads Medium CVE-2025-13720: Bad cast in Loader Medium CVE-2025-13721: Race in v8 Low CVE-2025-13635: Inappropriate implementation in Downloads Low CVE-2025-13636: Inappropriate implementation in Split View Low CVE-2025-13637: Inappropriate implementation in Downloads Low CVE-2025-13638: Use after free in Media Stream Low CVE-2025-13639: Inappropriate implementation in WebRTC Low CVE-2025-13640: Inappropriate implementation in Passwords -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2025 Than Ngo - 143.0.10^chromium143.0.7499.146-1 - Update to143.0.7499.146 [rhbz#2423482] - * High CVE-2025-14765: Use after free in WebGPU - * High CVE-2025-14766: Out of bounds read and write in V8 - Force dark mode when auto dark mode web content is on - Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as it's merged * Thu Dec 18 2025 Hoshino Lina - 143.0.10^chromium143.0.7499.109-7 - Fix accelerated paint regression * Sun Dec 14 2025 Hoshino Lina - 143.0.10^chromium143.0.7499.109-6 - Remove GTK dependency * Fri Dec 12 2025 Than Ngo - 143.0.10^chromium143.0.7499.109-2 - Enable gtk4 by default * Fri Dec 12 2025 Than Ngo - 143.0.10^chromium143.0.7499.109-1 - Update to 143.0.7499.109 - * High: Under coordination - * Medium CVE-2025-14372: Use after free in Password Manager - * Medium CVE-2025-14373: Inappropriate implementation in Toolbar - Workaround problem of auto dark mode inverting images and making them unreadable - Hoshino Lina: Update to cef-143.0.10+g8aed01b (rhbz#2421703) * Wed Dec 10 2025 LuK1337 - 143.0.9^chromium143.0.7499.40-6 - Backport Wayland Omnibox bug fix from upstream * Wed Dec 10 2025 Than Ngo - 143.0.9^chromium143.0.7499.40-1 - Update to 143.0.7499.40 - Hoshino Lina: Update to cef-143.0.9+ge88e818 (rhbz#2420939) - * High CVE-2025-13630: Type Confusion in V8 - * High CVE-2025-13631: Inappropriate implementation in Google Updater - * High CVE-2025-13632: Inappropriate implementation in DevTools - * High CVE-2025-13633: Use after free in Digital Credentials - * Medium CVE-2025-13634: Inappropriate implementation in Downloads - * Medium CVE-2025-13720: Bad cast in Loader - * Medium CVE-2025-13721: Race in v8 - * Low CVE-2025-13635: Inappropriate implementation in Downloads - * Low CVE-2025-13636: Inappropriate implementation in Split View - * Low CVE-2025-13637: Inappropriate implementation in Downloads - * Low CVE-2025-13638: Use after free in Media Stream - * Low CVE-2025-13639: Inappropriate implementation in WebRTC - * Low CVE-2025-13640: Inappropriate implementation inPasswords - Drop workaround darkmode-image-policy.patch - Fix build error due to Unresolved dependencies - Fix swiftshader to compile with llvm-16.0 - Refresh python-3.9-ftbfs patch for el9 - Refresh ppc64le patches - Refresh chromium.conf -------------------------------------------------------------------------------- References: [ 1 ] Bug #2420939 - cef-143.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2420939 [ 2 ] Bug #2421703 - cef-143.0.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=2421703 [ 3 ] Bug #2423482 - cef-143.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2423482 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6e776254bf' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for Fedora 43 enhances cef with critical patches for multiple high-risk CVEs including Type Confusion and Use After Free issues.. Cef, Fedora, CVE, Type Confusion, Update. . Severity: Critical.LinuxSecurity.com Team

Dec 21, 2025 •Critical Fedora

security advisoryfedorahigh

Fedora 42: Addressing CEF High Security Vulnerabilities CVE-2025-14765

Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482) High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of bounds read and write in V8 High CVE-2025-13630: Type Confusion in V8 High CVE-2025-13631: Inappropriate implementation in Google Updater. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7605ca0d7d 2025-12-21 00:50:40.670442+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 42 Version : 143.0.10^chromium143.0.7499.146 Release : 1.fc42 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482) High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of bounds read and write in V8 High CVE-2025-13630: Type Confusion in V8 High CVE-2025-13631: Inappropriate implementation in Google Updater High CVE-2025-13632: Inappropriate implementation in DevTools High CVE-2025-13633: Use after free in Digital Credentials Medium CVE-2025-13634: Inappropriate implementation in Downloads Medium CVE-2025-13720: Bad cast in Loader Medium CVE-2025-13721: Race in v8 Low CVE-2025-13635: Inappropriate implementation in Downloads Low CVE-2025-13636: Inappropriate implementation in Split View Low CVE-2025-13637: Inappropriate implementation in Downloads Low CVE-2025-13638: Use after free in Media Stream Low CVE-2025-13639: Inappropriate implementation in WebRTC Low CVE-2025-13640: Inappropriate implementation in Passwords -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2025 Than Ngo - 143.0.10^chromium143.0.7499.146-1 - Update to143.0.7499.146 [rhbz#2423482] - * High CVE-2025-14765: Use after free in WebGPU - * High CVE-2025-14766: Out of bounds read and write in V8 - Force dark mode when auto dark mode web content is on - Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as it's merged * Thu Dec 18 2025 Hoshino Lina - 143.0.10^chromium143.0.7499.109-7 - Fix accelerated paint regression * Sun Dec 14 2025 Hoshino Lina - 143.0.10^chromium143.0.7499.109-6 - Remove GTK dependency * Fri Dec 12 2025 Than Ngo - 143.0.10^chromium143.0.7499.109-2 - Enable gtk4 by default * Fri Dec 12 2025 Than Ngo - 143.0.10^chromium143.0.7499.109-1 - Update to 143.0.7499.109 - * High: Under coordination - * Medium CVE-2025-14372: Use after free in Password Manager - * Medium CVE-2025-14373: Inappropriate implementation in Toolbar - Workaround problem of auto dark mode inverting images and making them unreadable - Hoshino Lina: Update to cef-143.0.10+g8aed01b (rhbz#2421703) * Wed Dec 10 2025 LuK1337 - 143.0.9^chromium143.0.7499.40-6 - Backport Wayland Omnibox bug fix from upstream * Wed Dec 10 2025 Than Ngo - 143.0.9^chromium143.0.7499.40-1 - Update to 143.0.7499.40 - Hoshino Lina: Update to cef-143.0.9+ge88e818 (rhbz#2420939) - * High CVE-2025-13630: Type Confusion in V8 - * High CVE-2025-13631: Inappropriate implementation in Google Updater - * High CVE-2025-13632: Inappropriate implementation in DevTools - * High CVE-2025-13633: Use after free in Digital Credentials - * Medium CVE-2025-13634: Inappropriate implementation in Downloads - * Medium CVE-2025-13720: Bad cast in Loader - * Medium CVE-2025-13721: Race in v8 - * Low CVE-2025-13635: Inappropriate implementation in Downloads - * Low CVE-2025-13636: Inappropriate implementation in Split View - * Low CVE-2025-13637: Inappropriate implementation in Downloads - * Low CVE-2025-13638: Use after free in Media Stream - * Low CVE-2025-13639: Inappropriate implementation in WebRTC - * Low CVE-2025-13640: Inappropriate implementation inPasswords - Drop workaround darkmode-image-policy.patch - Fix build error due to Unresolved dependencies - Fix swiftshader to compile with llvm-16.0 - Refresh python-3.9-ftbfs patch for el9 - Refresh ppc64le patches - Refresh chromium.conf -------------------------------------------------------------------------------- References: [ 1 ] Bug #2420939 - cef-143.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2420939 [ 2 ] Bug #2421703 - cef-143.0.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=2421703 [ 3 ] Bug #2423482 - cef-143.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2423482 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7605ca0d7d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for Fedora 42 addresses high-severity issues in cef framework, including use after free and out of bounds errors.. Fedora Update cef Security High CVE Issues. . Severity: Critical.LinuxSecurity.com Team

Dec 21, 2025 •Critical Fedora

security advisoryfedorahigh

Fedora 42: cef High Type Confusion Vuln CVE-2025-13223,13224 Advisory

Update to cef-142.0.17+g60aac24 & chromium 142.0.7444.175 (rhbz#2413981) High CVE-2025-13223: Type Confusion in V8 High CVE-2025-13224: Type Confusion in V8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-dd47e79eb8 2025-12-06 01:27:06.737449+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 42 Version : 142.0.17^chromium142.0.7444.175 Release : 1.fc42 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to cef-142.0.17+g60aac24 & chromium 142.0.7444.175 (rhbz#2413981) High CVE-2025-13223: Type Confusion in V8 High CVE-2025-13224: Type Confusion in V8 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 2 2025 Asahi Lina - 142.0.17^chromium142.0.7444.175-1 - Update to cef-142.0.17+g60aac24 (rhbz#2413981) * Mon Dec 1 2025 LuK1337 - 142.0.14^chromium142.0.7444.175-4 - Backport one more Wayland DnD bug fix from upstream * Mon Dec 1 2025 Than Ngo - 142.0.14^chromium142.0.7444.175-3 - Enable system libcxx - Fix link error when building with system libcxx - Apply memory-allocator-dcheck-assert-fix for aarch64 * Mon Dec 1 2025 LuK1337 - 142.0.14^chromium142.0.7444.175-2 - Backport Wayland DnD bug fix from upstream * Mon Dec 1 2025 Than Ngo - 142.0.14^chromium142.0.7444.175-1 - Update to 142.0.7444.175 - * High CVE-2025-13223: Type Confusion in V8 - * High CVE-2025-13224: Type Confusion in V8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2413981 - cef-142.0.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=2413981 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-dd47e79eb8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Critical updates for cef in Fedora 42 resolve high-severity type confusion issues in Chromium's V8 engine.. Fedora 42, cef update, chromium security, type confusion, security advisory. . Severity: Critical. LinuxSecurity.com Team

Dec 06, 2025 •Critical Fedora

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 43 Cef High Heap Overflow and Use After Free CVE-2026-5273

Fedora 42 cef Patch for CVE-2026-1504 - Background Fetch API Vulnerability

Fedora 43 cef Critical Race Condition Memory Access Issues 2026-c5295ae3b9

Fedora 42: CEF High CVE-2026-0628 Insufficient Policy Enforcement Advisory

Fedora 43: Important Advisory on cef High Policy Enforcement CVE-2026-0628

Fedora 43 CEF High CVE-2025-14765 Critical Update for WebGPU Issues

Fedora 42: Addressing CEF High Security Vulnerabilities CVE-2025-14765

Fedora 42: cef High Type Confusion Vuln CVE-2025-13223,13224 Advisory

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!