|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2025-c4a9f54d14 (chromium)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: chromium-135.0.7049.52-2.fc42


Date:
              Fri, 11 Apr 2025 18:33:59 +0000


Message-ID:
              <20250411183359.4A7C020D3434@bastion01.iad2.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c4a9f54d14
2025-04-11 18:19:12.062612+00:00
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 42
Version     : 135.0.7049.52
Release     : 2.fc42
URL         : http://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 135.0.7049.52
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  2 2025 Jan Grulich <jgrulich@redhat.com> - 135.0.7049.52-2
- Add CFI suppressions for inline PipeWire functions
* Tue Apr  1 2025 Than Ngo <than@redhat.com> - 135.0.7049.52-1
- Update to 135.0.7049.52
* Fri Mar 28 2025 Than Ngo <than@redhat.com> - 135.0.7049.41-1
- Update to 135.0.7049.41
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2356787 - CVE-2025-3066 chromium: Use after free in Navigations [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356787
  [ 2 ] Bug #2356788 - CVE-2025-3066 chromium: Use after free in Navigations [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356788
  [ 3 ] Bug #2356789 - CVE-2025-3068 chromium: Inappropriate implementation in Intents
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356789
  [ 4 ] Bug #2356790 - CVE-2025-3068 chromium: Inappropriate implementation in Intents [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356790
  [ 5 ] Bug #2356792 - CVE-2025-3072 chromium: Inappropriate implementation in Custom Tabs
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356792
  [ 6 ] Bug #2356793 - CVE-2025-3072 chromium: Inappropriate implementation in Custom Tabs
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356793
  [ 7 ] Bug #2356794 - CVE-2025-3073 chromium: Inappropriate implementation in Autofill
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356794
  [ 8 ] Bug #2356795 - CVE-2025-3073 chromium: Inappropriate implementation in Autofill
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356795
  [ 9 ] Bug #2356796 - CVE-2025-3070 chromium: Insufficient validation of untrusted input in
Extensions [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356796
  [ 10 ] Bug #2356797 - CVE-2025-3070 chromium: Insufficient validation of untrusted input in
Extensions [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356797
  [ 11 ] Bug #2356798 - CVE-2025-3069 chromium: Inappropriate implementation in Extensions
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356798
  [ 12 ] Bug #2356799 - CVE-2025-3069 chromium: Inappropriate implementation in Extensions
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356799
  [ 13 ] Bug #2356800 - CVE-2025-3071 chromium: Inappropriate implementation in Navigations
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2356800
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c4a9f54d14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds