Bug 28702

Summary: chromium-browser-stable new security issues fixed in 89.0.4389.128
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, mageia, mageia, ouaurelien, sysadmin-bugs, wrw105
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7TOO MGA7-64-OK MGA8-64-OK
Source RPM: chromium-browser-stable-89.0.4389.90-1.mga8.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 28631, 28695    

Description Nicolas Salguero 2021-04-02 09:08:14 CEST 
Upstream has released version 89.0.4389.114 on March 30:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html

It fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Nicolas Salguero 2021-04-02 09:09:10 CEST

Whiteboard: (none) => MGA8TOO, MGA7TOO
Source RPM: (none) => chromium-browser-stable-89.0.4389.90-1.mga8.src.rpm

Aurelien Oudelet 2021-04-02 12:54:01 CEST

Assignee: bugsquad => nicolas.salguero
Blocks: (none) => 28695
CC: (none) => ouaurelien

Aurelien Oudelet 2021-04-02 12:55:40 CEST

Blocks: (none) => 28631

Comment 1 Aurelien Oudelet 2021-04-02 12:56:14 CEST 
Assigning to you Nicolas, as you already sent this on BS.
Comment 2 Nicolas Salguero 2021-04-02 14:30:32 CEST 
Build fails for Cauldron because libva 2.11.0 now contains VA Protected Content API, which conflicts with the one included in chromium.
Nicolas Lécureuil 2021-04-05 23:45:21 CEST

Blocks: (none) => 28732

Comment 3 Nicolas Lécureuil 2021-04-05 23:46:08 CEST 
cloning into https://bugs.mageia.org/show_bug.cgi?id=28732 for cauldron.

Version: Cauldron => 8
CC: (none) => mageia
Assignee: nicolas.salguero => qa-bugs
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO

Comment 4 Nicolas Lécureuil 2021-04-05 23:47:25 CEST 
Available in mga7/8
src:
     - chromium-browser-stable-89.0.4389.114-1.mga7
     - chromium-browser-stable-89.0.4389.114-1.mga8
David Walser 2021-04-06 01:08:09 CEST

Blocks: 28732 => (none)

Comment 5 PC LX 2021-04-06 17:58:56 CEST 
Installed and tested without issues.


Tested with many of sites. Tested benchmarks, webcam, mic, video, audio, webgl, webrtc, etc. No issues noticed.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GT 1030 GPU using nvidia-current proprietary driver.



$ uname -a
Linux marte 5.10.27-desktop-1.mga7 #1 SMP Wed Mar 31 00:16:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ cat /proc/driver/nvidia/version 
NVRM version: NVIDIA UNIX x86_64 Kernel Module  460.67  Thu Mar 11 00:11:45 UTC 2021
GCC version:  gcc version 8.4.0 (Mageia 8.4.0-1.mga7) 
$ rpm -q chromium-browser-stable
chromium-browser-stable-89.0.4389.114-1.mga7

CC: (none) => mageia
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK

Comment 6 Bill Wilkinson 2021-04-06 20:40:37 CEST 
Tested mga8-64

Jetstream, general browsing, video, all OK

CC: (none) => wrw105
Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK Mga8-64-ok

Comment 7 Thomas Andrews 2021-04-06 23:20:18 CEST 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 8 Bill Wilkinson 2021-04-07 00:14:09 CEST 
testing mga8-32, jetstream crashed. General browsing and video worked as expected.

running from command line output: 

<--- Last few GCs --->

[1:0x137db130]   307388 ms: Scavenge (reduce) 246.4 (251.2) -> 246.4 (251.2) MB, 0.5 / 0.0 ms  (average mu = 0.988, current mu = 0.981) allocation failure 
[1:0x137db130]   307468 ms: Mark-sweep (reduce) 248.4 (253.3) -> 248.2 (253.3) MB, 10.0 / 0.0 ms  (+ 0.6 ms in 1 steps since start of marking, biggest step 0.6 ms, walltime since start of marking 80 ms) (average mu = 0.979, current mu = 0.948) allocation 

<--- JS stacktrace --->

Received signal 6
#0 0x0000051a0eac base::debug::CollectStackTrace()
#1 0x0000050e5fdf base::debug::StackTrace::StackTrace()
#2 0x0000051a1411 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x0000b7edb570 ([vdso]+0x56f)
#4 0x0000b39f362c __GI_raise
#5 0x0000b39dd2bf __GI_abort
#6 0x00000512b846 base::internal::OnNoMemoryInternal()
#7 0x000009c3c82e (anonymous namespace)::OnNoMemory()
#8 0x000009c3c848 blink::ReportOOMErrorInMainThread()
#9 0x000003bca890 v8::Utils::ReportOOMFailure()
#10 0x000003bcab20 v8::internal::V8::FatalProcessOutOfMemory()
#11 0x000003d87134 v8::internal::Heap::FatalProcessOutOfMemory()
#12 0x000003d9267e v8::internal::Heap::CollectGarbage()
#13 0x000003d949a5 v8::internal::Heap::AllocateRawWithLightRetrySlowPath()
#14 0x000003d94a25 v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath()
#15 0x000003d5f552 v8::internal::Factory::AllocateRaw()
#16 0x000003d599bb v8::internal::FactoryBase<>::AllocateRaw()
#17 0x000003d59f1f v8::internal::FactoryBase<>::AllocateRawWithImmortalMap()
#18 0x000003d5ba2b v8::internal::FactoryBase<>::NewRawOneByteString()
#19 0x000003fadfc4 v8::internal::String::SlowFlatten()
#20 0x000003c05ad9 v8::internal::String::Flatten()
#21 0x0000040da7ee v8::internal::Runtime_StringCharCodeAt()
#22 0x00000466cd17 Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit
#23 0x000004644202 Builtins_KeyedLoadIC
#24 0x0000046d8762 Builtins_LdaKeyedPropertyHandler
#25 0x000004618e06 Builtins_InterpreterEntryTrampoline
#26 0x000004618e06 Builtins_InterpreterEntryTrampoline
#27 0x000004617118 Builtins_JSEntryTrampoline
#28 0x000004616f3b Builtins_JSEntry
#29 0x000003d06c59 v8::internal::(anonymous namespace)::Invoke()
  gs: 00000033  fs: 00000000  es: 0000007b  ds: 0000007b
 edi: 00000000 esi: 00000008 ebp: bffd092c esp: bffd0928
 ebx: 00000002 edx: 00000000 ecx: bffd092c eax: 00000000
 trp: 00000000 err: 00000000  ip: b39f362c  cs: 00000073
 efl: 00000246 usp: bffd0928  ss: 0000007b
[end of stack trace]
Calling _exit(1). Core file will not be generated.
Comment 9 PC LX 2021-04-07 00:35:52 CEST 
Tested jetstream (https://browserbench.org/JetStream/) until its completion and it did not crash on a Mageia 7 x86_64 (comment 5). Maybe it is i586 specific.
Nicolas Salguero 2021-04-09 11:13:53 CEST

Keywords: validated_update => (none)
Assignee: qa-bugs => nicolas.salguero
Whiteboard: MGA7TOO MGA7-64-OK Mga8-64-ok => (none)

Comment 10 Nicolas Salguero 2021-04-13 09:56:11 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities and a crash when a device does some cast traffic in the local network.

References:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://bugs.mageia.org/show_bug.cgi?id=28631
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-89.0.4389.114-2.mga7
chromium-browser-89.0.4389.114-2.mga7
chromium-browser-stable-89.0.4389.114-2.mga8
chromium-browser-89.0.4389.114-2.mga8

from SRPMS:
chromium-browser-stable-89.0.4389.114-2.mga7.src.rpm
chromium-browser-stable-89.0.4389.114-2.mga8.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

Nicolas Salguero 2021-04-13 09:57:34 CEST

Whiteboard: (none) => MGA7TOO

Comment 11 David Walser 2021-04-14 01:04:50 CEST 
Upstream has released version 89.0.4389.128 today (April 13):
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html

It fixes a zero day that was posted on Twitter.

Severity: major => critical
Summary: chromium-browser-stable new security issues fixed in 89.0.4389.114 => chromium-browser-stable new security issues fixed in 89.0.4389.128
Assignee: qa-bugs => nicolas.salguero

Comment 12 Nicolas Salguero 2021-04-15 14:42:34 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities and a crash when a device does some cast traffic in the local network.

References:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
https://bugs.mageia.org/show_bug.cgi?id=28631
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-89.0.4389.128-1.mga7
chromium-browser-89.0.4389.128-1.mga7
chromium-browser-stable-89.0.4389.128-1.mga8
chromium-browser-89.0.4389.128-1.mga8

from SRPMS:
chromium-browser-stable-89.0.4389.128-1.mga7.src.rpm
chromium-browser-stable-89.0.4389.128-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs

Comment 13 Aurelien Oudelet 2021-04-15 16:37:33 CEST 
MGA 8 Plasma
chromium-browser-stable-89.0.4389.128-1.mga8 OK
Browsing http, https, widevine DRM OK, Google sites OK.

Bug 286312 fixed. No crash.

webRTC/Zoom/ BigBlueButton OK

MGA7 Plasma and Gnome
chromium-browser-stable-89.0.4389.128-1.mga7 OK
Same. This is a OK candidate.
Can be pushed ASAP as zero-day widely exploited and reported.

webRTC/Zoom/ BigBlueButton OK

Note also chromium-browser-stable-90.0.4430.78 is out since 15-04-2021 fixing security bugs. Report is Bug 28732.

Validating,

Keywords: (none) => advisory, validated_update
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OK

Comment 14 Mageia Robot 2021-04-15 21:06:21 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0188.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED