Bug 27630

Summary: chromium-browser-stable new security issues fixed in 87.0.4280.88
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: brtians1, herman.viaene, nicolas.salguero, ouaurelien, sysadmin-bugs, wrw105
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: mga7-64-ok mga7-32-ok
Source RPM: chromium-browser-stable-86.0.4240.198-1.mga7.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 27627, 27646    

Description David Walser 2020-11-18 15:15:03 CET 
Upstream has released version 87.0.4280.66 on November 17:
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

It fixes several new security issues.
David Walser 2020-11-18 15:15:31 CET

CC: (none) => nicolas.salguero
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=27627

Comment 1 Nicolas Salguero 2020-11-25 10:02:40 CET 
Hi,

In my tests, chromium-browser-stable-87.0.4280.66-1.mga7 (from core/updates_testing) solves bug 27646 but introduces a new regression: H264 videos fail with the following error:
MediaEvent: {"error":"video decoder initialization failed"}

I will try to see if I can fix that issue in a new build.

Best regards,

Nico.
Comment 2 Nicolas Salguero 2020-11-25 22:02:41 CET 
In my tests, chromium-browser-stable-87.0.4280.66-2.mga7 solves the regression.
Comment 3 Nicolas Salguero 2020-11-27 08:50:21 CET 
Suggested advisory:
========================

The updated packages fix some problems found in version 86 and security vulnerabilities.

References:
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
https://bugs.mageia.org/show_bug.cgi?id=27646
https://bugs.mageia.org/show_bug.cgi?id=27627
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-87.0.4280.66-2.mga7
chromium-browser-87.0.4280.66-2.mga7

from SRPM:
chromium-browser-stable-87.0.4280.66-2.mga7.src.rpm

Blocks: (none) => 27627, 27646
See Also: https://bugs.mageia.org/show_bug.cgi?id=27627 => (none)
Assignee: cjw => qa-bugs
Status: NEW => ASSIGNED

Comment 4 Herman Viaene 2020-11-27 14:13:24 CET 
MGA7-64 MATE on Peaq C1011
No installation issues.
At CLI:
$ chromium-browser 
[10271:10271:1127/140008.105928:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.
But I can open my usual newspapersite and read ans see video.

CC: (none) => herman.viaene

Comment 5 Bill Wilkinson 2020-11-28 20:44:09 CET 
Tested mga7-64.
General browsing ok, but Jetstream crashes regularly. Note, that running the test on Google Chrome finishes OK.

running from terminal yields:
Received signal 11 SEGV_ACCERR 5612ee9a5970
#0 0x5612ee051659 (/usr/lib64/chromium-browser/chrome+0x4fad658)
#1 0x5612edfadba3 (/usr/lib64/chromium-browser/chrome+0x4f09ba2)
#2 0x5612ee0511d1 (/usr/lib64/chromium-browser/chrome+0x4fad1d0)
#3 0x7feb9f75c570 (/usr/lib64/libpthread-2.29.so+0x1356f)
#4 0x5612f315539a (/usr/lib64/chromium-browser/chrome+0xa0b1399)
#5 0x5612ed73ef7a (/usr/lib64/chromium-browser/chrome+0x469af79)
#6 0x5612ed7538fb (/usr/lib64/chromium-browser/chrome+0x46af8fa)
#7 0x5612ed7534d9 (/usr/lib64/chromium-browser/chrome+0x46af4d8)
#8 0x5612ed74f44f (/usr/lib64/chromium-browser/chrome+0x46ab44e)
#9 0x5612ed74ed9f (/usr/lib64/chromium-browser/chrome+0x46aad9e)
#10 0x5612ed74ecad (/usr/lib64/chromium-browser/chrome+0x46aacac)
#11 0x5612ed790c9e (/usr/lib64/chromium-browser/chrome+0x46ecc9d)
#12 0x5612ed7908cd (/usr/lib64/chromium-browser/chrome+0x46ec8cc)
#13 0x5612f1fa3648 (/usr/lib64/chromium-browser/chrome+0x8eff647)
#14 0x5612f1f985dd (/usr/lib64/chromium-browser/chrome+0x8ef45dc)
#15 0x5612ee0151c2 (/usr/lib64/chromium-browser/chrome+0x4f711c1)
#16 0x5612ee02825a (/usr/lib64/chromium-browser/chrome+0x4f84259)
#17 0x5612ee027f73 (/usr/lib64/chromium-browser/chrome+0x4f83f72)
#18 0x5612edfc55fa (/usr/lib64/chromium-browser/chrome+0x4f215f9)
#19 0x5612ee028867 (/usr/lib64/chromium-browser/chrome+0x4f84866)
#20 0x5612edff1636 (/usr/lib64/chromium-browser/chrome+0x4f4d635)
#21 0x5612ed790ec3 (/usr/lib64/chromium-browser/chrome+0x46ecec2)
#22 0x5612ee06339f (/usr/lib64/chromium-browser/chrome+0x4fbf39e)
#23 0x7feb9f75204c start_thread
#24 0x7feb9c1923af __GI___clone
  r8: 00007fff7bfcf090  r9: 000000008028ba7a r10: 000000008028ba7a r11: 0000000000000246
 r12: 00005612ee9a60c0 r13: 0000000000000001 r14: 00007feb5c5468a8 r15: 00003fa206e79130
  di: 0000000000000010  si: 0000000000000001  bp: 00007feb42ffc110  bx: 00003fa206c04038
  dx: 00003fa207b143f8  ax: 00005612f7919180  cx: 00005612ee9a5970  sp: 00007feb42ffc0f0
  ip: 00005612f315539a efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000007
 trp: 000000000000000e msk: 0000000000000000 cr2: 00005612ee9a5970
[end of stack trace]
Calling _exit(1). Core file will not be generated.

CC: (none) => wrw105

Comment 6 Brian Rockwell 2020-11-29 22:51:37 CET 
$ uname -a
Linux linux.local 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux


- chromium-browser-87.0.4280.66-2.mga7.x86_64
- chromium-browser-stable-87.0.4280.66-2.mga7.x86_64
- libatomic1-8.4.0-1.mga7.x86_64

Tested with Jitsi Meet.   Seems to be working.
Google Drive - working
GMAIL - working

CC: (none) => brtians1

Nicolas Salguero 2020-11-30 10:29:54 CET

Assignee: qa-bugs => nicolas.salguero

Comment 7 Nicolas Salguero 2020-12-01 10:19:13 CET 
Sadly with chromium-browser-87.0.4280.66-3.mga7.x86_64, Jetstream also crashes (like "-2.mga7", when running the test "bomb-workers") with the following error:
Received signal 11 SEGV_MAPERR 000000000000
#0 0x55cac9676659 (/usr/lib64/chromium-browser/chrome+0x4fad658)
#1 0x55cac95d2ba3 (/usr/lib64/chromium-browser/chrome+0x4f09ba2)
#2 0x55cac96761d1 (/usr/lib64/chromium-browser/chrome+0x4fad1d0)
#3 0x7f5a59f9b570 (/usr/lib64/libpthread-2.29.so+0x1356f)
#4 0x55cac8d734d6 (/usr/lib64/chromium-browser/chrome+0x46aa4d5)
#5 0x55cac8d732a2 (/usr/lib64/chromium-browser/chrome+0x46aa2a1)
#6 0x55cac8d788dd (/usr/lib64/chromium-browser/chrome+0x46af8dc)
#7 0x55cac8d784d9 (/usr/lib64/chromium-browser/chrome+0x46af4d8)
#8 0x55cac8d7444f (/usr/lib64/chromium-browser/chrome+0x46ab44e)
#9 0x55cac8d73d9f (/usr/lib64/chromium-browser/chrome+0x46aad9e)
#10 0x55cac8d73cad (/usr/lib64/chromium-browser/chrome+0x46aacac)
#11 0x55cac8db5c9e (/usr/lib64/chromium-browser/chrome+0x46ecc9d)
#12 0x55cac8db58cd (/usr/lib64/chromium-browser/chrome+0x46ec8cc)
#13 0x55cacd5c8648 (/usr/lib64/chromium-browser/chrome+0x8eff647)
#14 0x55cacd5bd5dd (/usr/lib64/chromium-browser/chrome+0x8ef45dc)
#15 0x55cac963a1c2 (/usr/lib64/chromium-browser/chrome+0x4f711c1)
#16 0x55cac964d25a (/usr/lib64/chromium-browser/chrome+0x4f84259)
#17 0x55cac964cf73 (/usr/lib64/chromium-browser/chrome+0x4f83f72)
#18 0x55cac95ea5fa (/usr/lib64/chromium-browser/chrome+0x4f215f9)
#19 0x55cac964d867 (/usr/lib64/chromium-browser/chrome+0x4f84866)
#20 0x55cac9616636 (/usr/lib64/chromium-browser/chrome+0x4f4d635)
#21 0x55cac8db5ec3 (/usr/lib64/chromium-browser/chrome+0x46ecec2)
#22 0x55cac968839f (/usr/lib64/chromium-browser/chrome+0x4fbf39e)
#23 0x7f5a59f9104c start_thread
#24 0x7f5a569d13af __GI___clone
  r8: 00007ffdf2151090  r9: 0000000001549d10 r10: 0000000001549d10 r11: 0000000000000001
 r12: 00001f52af736c08 r13: 00001f52af737578 r14: 0000000000000980 r15: 00001f52adb095a0
  di: 00001f52adb095a0  si: 00001f52af737588  bp: 00007f59faffc180  bx: 0000000000000098
  dx: 000055cac8d734d0  ax: 00001f52adb095a0  cx: 0000000000000000  sp: 00007f59faffc128
  ip: 000055cac8d734d6 efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.
Comment 8 Brian Rockwell 2020-12-01 15:52:42 CET 
I'm guessing this is upstream and we'll need to wait on a fix?
Comment 9 Nicolas Salguero 2020-12-01 16:02:31 CET 
According to comment 5, Google Chrome has no problem with Jetstream so the issue comes from the patches we add.  I will try another build without some patches when the build system is less busy.
Comment 10 Nicolas Salguero 2020-12-05 07:44:12 CET 
Good news: with chromium-browser-87.0.4280.66-4.mga7.x86_64, Jetstream does not crash.  As a side note, rootcerts update from bug 27707 makes it difficult to go to the site of the Jetstream test.
Comment 11 Nicolas Salguero 2020-12-06 21:12:51 CET 
Upstream has released version 87.0.4280.88 on December 2:
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

It fixes several new security issues.

Summary: chromium-browser-stable new security issues fixed in 87.0.4280.66 => chromium-browser-stable new security issues fixed in 87.0.4280.88

Comment 12 Nicolas Salguero 2020-12-08 08:43:24 CET 
Suggested advisory:
========================

The updated packages fix some problems found in version 86 and security vulnerabilities.

References:
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
https://bugs.mageia.org/show_bug.cgi?id=27646
https://bugs.mageia.org/show_bug.cgi?id=27627
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-87.0.4280.88-1.mga7
chromium-browser-87.0.4280.88-1.mga7

from SRPM:
chromium-browser-stable-87.0.4280.88-1.mga7.src.rpm

Assignee: nicolas.salguero => qa-bugs

Comment 13 Bill Wilkinson 2020-12-08 16:39:00 CET 
Tested mga7-64

Whiteboard: (none) => mga-7-64-ok

Comment 14 Bill Wilkinson 2020-12-08 16:39:50 CET 
Sorry...apparently submitted
Mga7-64

general browsing, video, jetstream all OK
Comment 15 Bill Wilkinson 2020-12-08 17:55:24 CET 
tested mga7-32 as above, all OK

Whiteboard: mga-7-64-ok => mga7-64-ok mga7-32-ok

Comment 16 Aurelien Oudelet 2020-12-09 17:40:46 CET 
M7.1 Plasma x86_64

General browsing is OK
DRM-widevine protected website are OK.
Bank account is OK.

27646 = inline pdf is OK, 27627 screen-sharing is OK.

Validating
Advisory pushed to SVN.

CC: (none) => ouaurelien, sysadmin-bugs
Keywords: (none) => advisory, validated_update

Comment 17 Mageia Robot 2020-12-09 18:40:22 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0455.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED