[SECURITY] Fedora 43 Update: cef-140.1.15^chromium140.0.7339.207-3.fc43 - package-announce - Fedora mailing-lists

25 Oct 2025


      --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1e8f05e0a6
2025-10-25 20:54:13.408256+00:00
--------------------------------------------------------------------------------
Name        : cef
Product     : Fedora 43
Version     : 140.1.15^chromium140.0.7339.207
Release     : 3.fc43
URL         : https://bitbucket.org/chromiumembedded/cef
Summary     : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 140.1.15^chromium140.0.7339.207 (rhbz#2396308)
CVE-2025-10890: Side-channel information leakage in V8
CVE-2025-10891: Integer overflow in V8
CVE-2025-10892: Integer overflow in V8
CVE-2025-10585: Type Confusion in V8
CVE-2025-10500: Use after free in Dawn
CVE-2025-10501: Use after free in WebRTC
CVE-2025-10502: Heap buffer overflow in ANGLE
CVE-2025-10200: Use after free in Serviceworker
CVE-2025-10201: Inappropriate implementation in Mojo
CVE-2025-9864: Use after free in V8
CVE-2025-9865: Inappropriate implementation in Toolbar
CVE-2025-9866: Inappropriate implementation in Extensions
CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Than Ngo than@redhat.com - 140.1.15^chromium140.0.7339.207-1
- Update to 140.0.7339.207
- * CVE-2025-10890: Side-channel information leakage in V8
- * CVE-2025-10891: Integer overflow in V8
- * CVE-2025-10892: Integer overflow in V8
* Tue Sep 30 2025 Than Ngo than@redhat.com - 140.1.15^chromium140.0.7339.185-1
- Update to 140.0.7339.185
- * CVE-2025-10585: Type Confusion in V8
- * CVE-2025-10500: Use after free in Dawn
- * CVE-2025-10501: Use after free in WebRTC
- * CVE-2025-10502: Heap buffer overflow in ANGLE
- * Fix rendering issue on epel9
* Tue Sep 30 2025 Than Ngo than@redhat.com - 140.1.15^chromium140.0.7339.127-1
- Update to 140.0.7339.127
- * CVE-2025-10200: Use after free in Serviceworker
- * CVE-2025-10201: Inappropriate implementation in Mojo
* Tue Sep 30 2025 Than Ngo than@redhat.com - 140.1.15^chromium140.0.7339.80-1
- Update to 140.0.7339.80 (rhbz#2396308)
- * Update to cef-140.1.15+gfaef09b (rhbz#2380429) (Asahi Lina)
- * CVE-2025-9864: Use after free in V8
- * CVE-2025-9865: Inappropriate implementation in Toolbar
- * CVE-2025-9866: Inappropriate implementation in Extensions
- * CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2396308 - cef-140.1.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2396308
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1e8f05e0a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------