Bug 26565

Summary: chromium-browser-stable new security issue fixed in 81.0.4044.129
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, cjw, herman.viaene, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: chromium-browser-stable-81.0.4044.122-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-04-29 13:28:40 CEST 
Upstream has released version 81.0.4044.129 on April 27:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

It fixes two new security issues.
Comment 1 Christiaan Welvaart 2020-05-01 10:06:27 CEST 
Updated packages are available for testing:

MGA7
SRPM:
chromium-browser-stable-81.0.4044.129-1.mga7.src.rpm
RPMS:
chromium-browser-81.0.4044.129-1.mga7.i586.rpm
chromium-browser-stable-81.0.4044.129-1.mga7.i586.rpm
chromium-browser-81.0.4044.129-1.mga7.x86_64.rpm
chromium-browser-stable-81.0.4044.129-1.mga7.x86_64.rpm



Advisory:



Chromium-browser 81.0.4044.129 fixes security issues:

Multiple flaws were found in the way Chromium 81.0.4044.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6461, CVE-2020-6462)


References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462

Assignee: cjw => qa-bugs
CC: (none) => cjw

Comment 2 Herman Viaene 2020-05-01 15:15:08 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Tested by reading usual newspaper site with text, pictures and video.
At CLI:
$ chromium-browser 
[10190:10190:0501/145556.431889:ERROR:browser_switcher_service.cc(238)] XXX Init()
[10216:10216:0501/145556.620832:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.
No problems seen.
Logged on to Google account and checked G-Drive and F-Photos, all OK

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 3 Thomas Andrews 2020-05-01 15:25:08 CEST 
Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2020-05-05 10:09:03 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 4 Mageia Robot 2020-05-05 14:22:52 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0198.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED