Fedora 42 and Fedora 43 Beta have been updated to version 141.0.7390.54 of the Chromium browser, which addresses multiple security vulnerabilities. The update includes fixes for high-severity issues such as heap buffer overflows in WebGPU and Video, as well as medium- and low-severity bugs related to side-channel information leakage, out-of-bounds reads, and use-after-free errors.

Fedora 42 Update: chromium-141.0.7390.54-1.fc42
Fedora 43 Update: chromium-141.0.7390.54-1.fc43

[SECURITY] Fedora 42 Update: chromium-141.0.7390.54-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-acc92fcc12
2025-10-07 00:54:27.049559+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 141.0.7390.54
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU
* High CVE-2025-11206: Heap buffer overflow in Video
* Medium CVE-2025-11207: Side-channel information leakage in Storage
* Medium CVE-2025-11208: Inappropriate implementation in Media
* Medium CVE-2025-11209: Inappropriate implementation in Omnibox
* Medium CVE-2025-11210: Side-channel information leakage in Tab
* Medium CVE-2025-11211: Out of bounds read in Media
* Medium CVE-2025-11212: Inappropriate implementation in Media
* Medium CVE-2025-11213: Inappropriate implementation in Omnibox
* Medium CVE-2025-11215: Off by one error in V8
* Low CVE-2025-11216: Inappropriate implementation in Storage
* Low CVE-2025-11219: Use after free in V8
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 2 2025 Than Ngo [than@redhat.com] - 141.0.7390.54-1
- Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU
* High CVE-2025-11206: Heap buffer overflow in Video
* Medium CVE-2025-11207: Side-channel information leakage in Storage
* Medium CVE-2025-11208: Inappropriate implementation in Media
* Medium CVE-2025-11209: Inappropriate implementation in Omnibox
* Medium CVE-2025-11210: Side-channel information leakage in Tab
* Medium CVE-2025-11211: Out of bounds read in Media
* Medium CVE-2025-11212: Inappropriate implementation in Media
* Medium CVE-2025-11213: Inappropriate implementation in Omnibox
* Medium CVE-2025-11215: Off by one error in V8
* Low CVE-2025-11216: Inappropriate implementation in Storage
* Low CVE-2025-11219: Use after free in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2381730 - DebugInfo packages aren't being produced.
https://bugzilla.redhat.com/show_bug.cgi?id=2381730
[ 2 ] Bug #2400095 - Update chromium-141.0.7390.54 major release [fedora-all, epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2400095
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-acc92fcc12' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: chromium-141.0.7390.54-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-37da05914f
2025-10-07 00:16:55.352077+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 141.0.7390.54
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU
* High CVE-2025-11206: Heap buffer overflow in Video
* Medium CVE-2025-11207: Side-channel information leakage in Storage
* Medium CVE-2025-11208: Inappropriate implementation in Media
* Medium CVE-2025-11209: Inappropriate implementation in Omnibox
* Medium CVE-2025-11210: Side-channel information leakage in Tab
* Medium CVE-2025-11211: Out of bounds read in Media
* Medium CVE-2025-11212: Inappropriate implementation in Media
* Medium CVE-2025-11213: Inappropriate implementation in Omnibox
* Medium CVE-2025-11215: Off by one error in V8
* Low CVE-2025-11216: Inappropriate implementation in Storage
* Low CVE-2025-11219: Use after free in V8
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 2 2025 Than Ngo [than@redhat.com] - 141.0.7390.54-1
- Update to 141.0.7390.54
* High CVE-2025-11205: Heap buffer overflow in WebGPU
* High CVE-2025-11206: Heap buffer overflow in Video
* Medium CVE-2025-11207: Side-channel information leakage in Storage
* Medium CVE-2025-11208: Inappropriate implementation in Media
* Medium CVE-2025-11209: Inappropriate implementation in Omnibox
* Medium CVE-2025-11210: Side-channel information leakage in Tab
* Medium CVE-2025-11211: Out of bounds read in Media
* Medium CVE-2025-11212: Inappropriate implementation in Media
* Medium CVE-2025-11213: Inappropriate implementation in Omnibox
* Medium CVE-2025-11215: Off by one error in V8
* Low CVE-2025-11216: Inappropriate implementation in Storage
* Low CVE-2025-11219: Use after free in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2381730 - DebugInfo packages aren't being produced.
https://bugzilla.redhat.com/show_bug.cgi?id=2381730
[ 2 ] Bug #2400095 - Update chromium-141.0.7390.54 major release [fedora-all, epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2400095
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-37da05914f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--