Chromium and CEF updates for Fedora

Fedora Linux 9233 Published 2026-02-02 06:53 by Philipp Esselbach

News

Fedora 42 and 43 have received security updates for the open‑source Chromium browser (version 144.0.7559.109) that fix CVE‑2026‑1504, an inappropriate implementation in the Background Fetch API. The Fedora 42 update also includes a new release of the Chromium Embedded Framework (CEF) version 144.0.11+ge135be2 bundled with Chromium 144.0.7559.96, which addresses numerous CVEs affecting V8, Blink, ANGLE and various security‑UI components. A similar CEF update is available for Fedora 43, covering the same set of vulnerabilities (CVE‑2026‑1220, ‑0899, ‑0900‑0908) in the embedded Chromium engine.

Fedora 42 Update: chromium-144.0.7559.109-1.fc42
Fedora 42 Update: cef-144.0.11^chromium144.0.7559.96-1.fc42
Fedora 43 Update: chromium-144.0.7559.109-1.fc43
Fedora 43 Update: cef-144.0.11^chromium144.0.7559.96-1.fc43

[SECURITY] Fedora 42 Update: chromium-144.0.7559.109-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-64e9a195d3
2026-02-02 00:59:05.302431+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 144.0.7559.109
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 144.0.7559.109
* CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 28 2026 Than Ngo [than@redhat.com] - 144.0.7559.109-1
- Update to 144.0.7559.109
* CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-64e9a195d3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: cef-144.0.11^chromium144.0.7559.96-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-68ca733984
2026-02-02 00:59:05.302407+00:00
--------------------------------------------------------------------------------

Name : cef
Product : Fedora 42
Version : 144.0.11^chromium144.0.7559.96
Release : 1.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335)
CVE-2026-1220: Race in V8
CVE-2026-0899: Out of bounds memory access in V8
CVE-2026-0900: Inappropriate implementation in V8
CVE-2026-0901: Inappropriate implementation in Blink
CVE-2026-0902: Inappropriate implementation in V8
CVE-2026-0903: Insufficient validation of untrusted input in Downloads
CVE-2026-0904: Incorrect security UI in Digital Credentials
CVE-2026-0905: Insufficient policy enforcement in Network
CVE-2026-0906: Incorrect security UI
CVE-2026-0907: Incorrect security UI in Split View
CVE-2026-0908: Use after free in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 24 2026 Hoshino Lina [lina@lina.yt] - 144.0.11^chromium144.0.7559.96-1
- Update to cef-144.0.11+ge135be2 (rhbz#2432335)
* Sat Jan 24 2026 Than Ngo [than@redhat.com] - 144.0.6^chromium144.0.7559.96-1
- Update to 144.0.7559.96 [rhbz#2432335]
- * CVE-2026-1220: Race in V8
* Wed Jan 21 2026 Than Ngo [than@redhat.com] - 144.0.6^chromium144.0.7559.59-1
- Update to 144.0.7559.59
- * CVE-2026-0899: Out of bounds memory access in V8
- * CVE-2026-0900: Inappropriate implementation in V8
- * CVE-2026-0901: Inappropriate implementation in Blink
- * CVE-2026-0902: Inappropriate implementation in V8
- * CVE-2026-0903: Insufficient validation of untrusted input in Downloads
- * CVE-2026-0904: Incorrect security UI in Digital Credentials
- * CVE-2026-0905: Insufficient policy enforcement in Network
- * CVE-2026-0906: Incorrect security UI
- * CVE-2026-0907: Incorrect security UI in Split View
- * CVE-2026-0908: Use after free in ANGLE
- Hoshino Lina: Update to cef-144.0.6+g5f7e671 (rhbz#2431156)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 143.0.13^chromium143.0.7499.192-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 143.0.13^chromium143.0.7499.192-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2432335 - cef-144.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432335
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-68ca733984' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: chromium-144.0.7559.109-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ffccca9880
2026-02-02 00:40:18.916511+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 144.0.7559.109
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 144.0.7559.109
* CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 28 2026 Than Ngo [than@redhat.com] - 144.0.7559.109-1
- Update to 144.0.7559.109
* CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ffccca9880' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: cef-144.0.11^chromium144.0.7559.96-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c5295ae3b9
2026-02-02 00:40:18.916458+00:00
--------------------------------------------------------------------------------

Name : cef
Product : Fedora 43
Version : 144.0.11^chromium144.0.7559.96
Release : 1.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335)
CVE-2026-1220: Race in V8
CVE-2026-0899: Out of bounds memory access in V8
CVE-2026-0900: Inappropriate implementation in V8
CVE-2026-0901: Inappropriate implementation in Blink
CVE-2026-0902: Inappropriate implementation in V8
CVE-2026-0903: Insufficient validation of untrusted input in Downloads
CVE-2026-0904: Incorrect security UI in Digital Credentials
CVE-2026-0905: Insufficient policy enforcement in Network
CVE-2026-0906: Incorrect security UI
CVE-2026-0907: Incorrect security UI in Split View
CVE-2026-0908: Use after free in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 24 2026 Hoshino Lina [lina@lina.yt] - 144.0.11^chromium144.0.7559.96-1
- Update to cef-144.0.11+ge135be2 (rhbz#2432335)
* Sat Jan 24 2026 Than Ngo [than@redhat.com] - 144.0.6^chromium144.0.7559.96-1
- Update to 144.0.7559.96 [rhbz#2432335]
- * CVE-2026-1220: Race in V8
* Wed Jan 21 2026 Than Ngo [than@redhat.com] - 144.0.6^chromium144.0.7559.59-1
- Update to 144.0.7559.59
- * CVE-2026-0899: Out of bounds memory access in V8
- * CVE-2026-0900: Inappropriate implementation in V8
- * CVE-2026-0901: Inappropriate implementation in Blink
- * CVE-2026-0902: Inappropriate implementation in V8
- * CVE-2026-0903: Insufficient validation of untrusted input in Downloads
- * CVE-2026-0904: Incorrect security UI in Digital Credentials
- * CVE-2026-0905: Insufficient policy enforcement in Network
- * CVE-2026-0906: Incorrect security UI
- * CVE-2026-0907: Incorrect security UI in Split View
- * CVE-2026-0908: Use after free in ANGLE
- Hoshino Lina: Update to cef-144.0.6+g5f7e671 (rhbz#2431156)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 143.0.13^chromium143.0.7499.192-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 143.0.13^chromium143.0.7499.192-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2432335 - cef-144.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432335
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c5295ae3b9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Resources 1.10 released

Kernel, Python, PHP, and more updates for RHEL

Chromium and CEF updates for Fedora

[SECURITY] Fedora 42 Update: chromium-144.0.7559.109-1.fc42

[SECURITY] Fedora 42 Update: cef-144.0.11^chromium144.0.7559.96-1.fc42

[SECURITY] Fedora 43 Update: chromium-144.0.7559.109-1.fc43

[SECURITY] Fedora 43 Update: cef-144.0.11^chromium144.0.7559.96-1.fc43

Windows

Linux

macOS

Community