| Summary: | chromium-browser-stable new security issues fixed in 100.0.4896.60 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | chb0, davidwhodgins, fri, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK, MGA8-32-OK | ||
| Source RPM: | chromium-browser-stable-99.0.4844.84-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-03-30 17:04:27 CEST
David Walser
2022-03-30 17:04:41 CEST
CC:
(none) =>
chb0 Hi x86_64 version builds but there is something broken for i586. I am looking at it. Assignee:
cjw =>
chb0 Hi Finally, Chromium 100 is ready for testing. ADVISORY NOTICE PROPOSAL ======================== Updated chromium-browser-stable packages fix bugs and CVE Description The chromium-browser-stable package has been updated to the 100.0.4896.60 version, fixing many bugs and 28 CVE. Some of them are listed below: [1292261] High CVE-2022-1125: Use after free in Portals. [1291891] High CVE-2022-1127: Use after free in QR Code Generator. [1301920] High CVE-2022-1128: Inappropriate implementation in Web Share API. [1300253] High CVE-2022-1129: Inappropriate implementation in Full Screen Mode. [1142269] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. [1297404] High CVE-2022-1131: Use after free in Cast UI. [1303410] High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. [1305776] High CVE-2022-1133: Use after free in WebRTC. [1308360] High CVE-2022-1134: Type Confusion in V8. [1285601] Medium CVE-2022-1135: Use after free in Shopping Cart. [1280205] Medium CVE-2022-1136: Use after free in Tab Strip . [1289846] Medium CVE-2022-1137: Inappropriate implementation in Extensions. [1246188] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor. [1268541] Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API. [1303253] Medium CVE-2022-1141: Use after free in File Manager. [1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI. [1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI. [1304145] Medium CVE-2022-1144: Use after free in WebUI. [1304545] Medium CVE-2022-1145: Use after free in Extensions. [1290150] Low CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23 [1311327] Various fixes from internal audits, fuzzing and other initiatives References https://bugs.mageia.org/show_bug.cgi?id=30222 https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html SRPMS 8/core chromium-browser-stable-100.0.4896.60-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-100.0.4896.60-1.mga8.x86_64.rpm chromium-browser-stable-100.0.4896.60-1.mga8.x86_64.rpm i586 chromium-browser-100.0.4896.60-1.mga8.i586.rpm chromium-browser-stable-100.0.4896.60-1.mga8.i586.rpm Assignee:
chb0 =>
qa-bugs
David Walser
2022-04-04 20:44:03 CEST
CC:
sysadmin-bugs =>
(none) Ok on my normal sites. Will wait for additional testers before validating. Advisory committed to svn. CC:
(none) =>
davidwhodgins Also confirmed that it works fine on Mageia 8 x86_64. Ok in an i586 vb install. Whiteboard:
MGA8-64-OK =>
MGA8-64-OK, MGA8-32-OK OK on 64 bit, plasma: a couple banking sites, video, printing, restoring tabs. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0130.html Status:
NEW =>
RESOLVED |