Bug 31288

Summary: Chromium-browser-stable update to 108.0.5359.124 fixes vulnerabilities
Product: Mageia Reporter: christian barranco <chb0>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, fri, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: chromium-browser-stable-108.0.5359.94-1.mga8.src.rpm CVE:
Status comment:

Description christian barranco 2022-12-16 15:13:22 CET 
Upstream just released 108.0.5359.124 update, fixing 8 CVE. 
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
Comment 1 christian barranco 2022-12-18 09:54:39 CET 
Ready for QA

Assignee: chb0 => qa-bugs

Comment 2 christian barranco 2022-12-18 21:12:13 CET 
ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable 108.0.5359.124 fixes vulnerabilities


Description
The chromium-browser-stable package has been updated to the 108.0.5359.124 release, fixing 8 vulnerabilities.

Some of the security fixes are:

High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09


References
https://bugs.mageia.org/show_bug.cgi?id=31288
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html


SRPMS
8/core
chromium-browser-stable-108.0.5359.124-1.mga8


PROVIDED PACKAGES
=================
x86_64
chromium-browser-108.0.5359.124-1.mga8.x86_64.rpm
chromium-browser-stable-108.0.5359.124-1.mga8.x86_64.rpm

i586
chromium-browser-108.0.5359.124-1.mga8.i586.rpm
chromium-browser-stable-108.0.5359.124-1.mga8.i586.rpm
Comment 3 Morgan Leijström 2022-12-19 12:07:30 CET 
mga8-64, plasma, nvidia-current, i7

OK:
Swedish localisation
Restored tabs, kept settings
Tried three different login methods (2 QR phone apps, one 2FA)
A few more sites incl video

CC: (none) => fri

Comment 4 Thomas Andrews 2022-12-19 17:46:21 CET 
MGA8-64 Plasma system, i5-2500, Intel graphics, US English version.

No installation issues. I'm not normally a Chromium user, but I do have it installed as an alternative should Firefox fail to work for some reason. I ran it, visited several websites using bookmarks I had imported from Firefox a while back, watched a weather forecast video, did an Internet speed test.

No issues noted.

CC: (none) => andrewsfarm

Comment 5 Thomas Andrews 2022-12-20 23:14:53 CET 
MGA8-64 Plasma system, AMD Phenom II X4, AMD HD 8490 graphics.

Did a new install of chromium, ran it, imported bookmarks etc from Firefox, went here and there, no issues.

I see no reason to hold this back any longer. OKing and Validating. Advisory in comment 2.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-12-21 00:15:52 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2022-12-24 10:15:21 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0480.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED