Bug 31033

Summary: chromium-browser-stable new security issues fixed in 107.0.5304.110
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: davidwhodgins, fri, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: chromium-browser-stable-106.0.5249.119-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-10-26 18:52:19 CEST 
Upstream has released version 107.0.5304.68 on October 25:
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html

It fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Comment 1 christian barranco 2022-10-28 11:49:33 CEST 
Already an update:
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html?m=1

I will wait for 1 week more, especially as I am traveling.

Summary: chromium-browser-stable new security issues fixed in 107.0.5304.68 => chromium-browser-stable new security issues fixed in 107.0.5304.87

Comment 2 christian barranco 2022-11-04 17:08:54 CET 
ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable 107 fixes bugs and vulnerabilities


Description
The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.87 version, fixing many bugs and 15 vulnerabilities, together with 107.0.5304.68.

Some of the security fixes are:

* High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
* High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
* High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
* Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
* Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
* Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
* Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
* Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
* Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
* Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04

* High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25

References
https://bugs.mageia.org/show_bug.cgi?id=31033
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
https://developer.chrome.com/blog/chrome-107-beta/



SRPMS
8/core
chromium-browser-stable-107.0.5304.87-1.mga8


PROVIDED PACKAGES
=================
x86_64
chromium-browser-107.0.5304.87-1.mga8.x86_64.rpm
chromium-browser-stable-107.0.5304.87-1.mga8.x86_64.rpm

i586
chromium-browser-107.0.5304.87-1.mga8.i586.rpm
chromium-browser-stable-107.0.5304.87-1.mga8.i586.rpm
Comment 3 christian barranco 2022-11-09 22:50:19 CET 
Hi. I have been struggling to build for i586 with MGA8, despite Cauldron works.
Now, it should be fixed but upstream just released a new version, fixing new CVE: 
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html

Summary: chromium-browser-stable new security issues fixed in 107.0.5304.87 => chromium-browser-stable new security issues fixed in 107.0.5304.110

Comment 4 christian barranco 2022-11-11 09:09:52 CET 
ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable 107 fixes bugs and vulnerabilities


Description
The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.110 version, fixing many bugs and 25 vulnerabilities, together with 107.0.5304.68 and 107.0.5304.87.

Some of the security fixes are:

* High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
* High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
* High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
* High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
* High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
* High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01

* High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
* High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
* High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
* Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
* Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
* Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
* Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
* Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
* Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
* Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04

* High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25

References
https://bugs.mageia.org/show_bug.cgi?id=31033
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
https://developer.chrome.com/blog/chrome-107-beta/



SRPMS
8/core
chromium-browser-stable-107.0.5304.110-1.mga8


PROVIDED PACKAGES
=================
x86_64
chromium-browser-107.0.5304.110-1.mga8.x86_64.rpm
chromium-browser-stable-107.0.5304.110-1.mga8.x86_64.rpm

i586
chromium-browser-107.0.5304.110-1.mga8.i586.rpm
chromium-browser-stable-107.0.5304.110-1.mga8.i586.rpm
Comment 5 christian barranco 2022-11-12 12:05:36 CET 
Finally, ready for QA!

Assignee: chb0 => qa-bugs
CC: (none) => fri

Comment 6 Herman Viaene 2022-11-12 14:53:30 CET 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Used newspaper- and sports-site to surf and display textg and pictures and video, all OK.

CC: (none) => herman.viaene

Comment 7 Morgan Leijström 2022-11-13 00:35:31 CET 
mga8-64, plasma, nvidia-current
Swedish localisation
Old tabs restored
Surfed a few sites, internet video OK
Comment 8 Dave Hodgins 2022-11-13 01:45:57 CET 
Advisory committed to svn. Working on my bank and other sites. Validating.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 9 Mageia Robot 2022-11-13 03:26:56 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0419.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED