-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6b4da4f9c9 2025-07-19 21:31:40.396476+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 138.0.7204.157 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 138.0.7204.157 * CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 16 2025 Than Ngo <than@xxxxxxxxxx> - 138.0.7204.157-1 - Update to 138.0.7204.157 * CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU * Fri Jul 11 2025 Tom Stellard <tstellar@xxxxxxxxxx> -138.0.7204.100-2 - Update rust-clanglib patch for clang 21 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376010 - CVE-2025-34092 chromium: Chrome Cookie Key Exposure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2376010 [ 2 ] Bug #2380352 - CVE-2025-7657 chromium: Chromium use after free [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380352 [ 3 ] Bug #2380353 - CVE-2025-7656 chromium: Chromium integer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380353 [ 4 ] Bug #2380354 - CVE-2025-6558 chromium: Chromium insufficient validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380354 [ 5 ] Bug #2380355 - CVE-2025-7656 chromium: Chromium integer overflow [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380355 [ 6 ] Bug #2380356 - CVE-2025-7657 chromium: Chromium use after free [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380356 [ 7 ] Bug #2380357 - CVE-2025-6558 chromium: Chromium insufficient validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380357 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6b4da4f9c9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
