Fedora 40 Update: chromium-132.0.6834.83-1.fc40
[SECURITY] Fedora 40 Update: chromium-132.0.6834.83-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4c65803ea6
2025-01-18 01:23:58.040910+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 40
Version : 132.0.6834.83
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 132.0.6834.83
* High CVE-2025-0434: Out of bounds memory access in V8
* High CVE-2025-0435: Inappropriate implementation in Navigation
* High CVE-2025-0436: Integer overflow in Skia
* High CVE-2025-0437: Out of bounds read in Metrics
* High CVE-2025-0438: Stack buffer overflow in Tracing
* Medium CVE-2025-0439: Race in Frames
* Medium CVE-2025-0440: Inappropriate implementation in Fullscreen
* Medium CVE-2025-0441: Inappropriate implementation in Fenced
* Medium CVE-2025-0442: Inappropriate implementation in Payments
* Medium CVE-2025-0443: Insufficient data validation in Extensions
* Low CVE-2025-0446: Inappropriate implementation in Extensions
* Low CVE-2025-0447: Inappropriate implementation in Navigation
* Low CVE-2025-0448: Inappropriate implementation in Compositing
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Than Ngo [than@redhat.com] - 132.0.6834.83-1
- Update to 132.0.6834.83
* High CVE-2025-0434: Out of bounds memory access in V8
* High CVE-2025-0435: Inappropriate implementation in Navigation
* High CVE-2025-0436: Integer overflow in Skia
* High CVE-2025-0437: Out of bounds read in Metrics
* High CVE-2025-0438: Stack buffer overflow in Tracing
* Medium CVE-2025-0439: Race in Frames
* Medium CVE-2025-0440: Inappropriate implementation in Fullscreen
* Medium CVE-2025-0441: Inappropriate implementation in Fenced
* Medium CVE-2025-0442: Inappropriate implementation in Payments
* Medium CVE-2025-0443: Insufficient data validation in Extensions
* Low CVE-2025-0446: Inappropriate implementation in Extensions
* Low CVE-2025-0447: Inappropriate implementation in Navigation
* Low CVE-2025-0448: Inappropriate implementation in Compositing
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2336836 - CVE-2025-0291 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2336836
[ 2 ] Bug #2336837 - CVE-2025-0291 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2336837
[ 3 ] Bug #2338180 - CVE-2025-0437 chromium: Out of bounds read in Metrics [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338180
[ 4 ] Bug #2338181 - CVE-2025-0437 chromium: Out of bounds read in Metrics [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338181
[ 5 ] Bug #2338200 - CVE-2025-0438 chromium: Stack buffer overflow in Tracing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338200
[ 6 ] Bug #2338218 - CVE-2025-0434 chromium: Out of bounds memory access in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338218
[ 7 ] Bug #2338230 - CVE-2025-0436 chromium: From CVEorg collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338230
[ 8 ] Bug #2338231 - CVE-2025-0436 chromium: From CVEorg collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2338231
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4c65803ea6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
