Bug 33227

Summary:	Updated chromium 125.0.6422.60 packages fix vulnerabilities CVE-2024-4947/48/49/50
Product:	Mageia	Reporter:	christian barranco <chb0>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	critical
Priority:	Normal	CC:	andrewsfarm, brtians1, fri, j.alberto.vc, sysadmin-bugs
Version:	9	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:	MGA9-64-OK
Source RPM:	chromium-browser-stable-124.0.6367.207-1.mga9.tainted.src.rpm	CVE:	CVE-2024-4947,CVE-2024-4948,CVE-2024-4949,CVE-2024-4950
Status comment:

Description christian barranco 2024-05-18 21:03:03 CEST

Upstream security update:
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html

Google is aware that an exploit for CVE-2024-4947 exists in the wild.

christian barranco 2024-05-18 21:05:58 CEST

CC: (none) => andrewsfarm, brtians1, fri
CVE: (none) => CVE-2024-4947,CVE-2024-4948,CVE-2024-4949,CVE-2024-4950
Severity: major => critical

christian barranco 2024-05-18 21:06:14 CEST

Hardware: All => x86_64

Comment 1 Morgan Leijström 2024-05-19 19:23:52 CEST Comment hidden (obsolete)

$ LC_ALL=C sudo urpmi chromium-browser
A requested package cannot be installed:
chromium-browser-stable-125.0.6422.60-1.mga9.tainted.x86_64 (due to unsatisfied libffmpeg.so()(64bit))

Keywords: (none) => feedback

Comment 2 christian barranco 2024-05-19 21:27:52 CEST Comment hidden (obsolete)

(In reply to Morgan Leijström from comment #1)
> $ LC_ALL=C sudo urpmi chromium-browser
> A requested package cannot be installed:
> chromium-browser-stable-125.0.6422.60-1.mga9.tainted.x86_64 (due to
> unsatisfied libffmpeg.so()(64bit))

Yes, it is not ready for QA yet. The package currently building will be the one to test. Sorry, I wanted to be quick and I submitted to our BS before finishing my local tests. Unfortunately, I had to submit an update and it takes for ever on our BS.

christian barranco 2024-05-19 21:28:02 CEST

Keywords: feedback => (none)

Comment 3 christian barranco 2024-05-19 21:33:07 CEST

ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable 125.0.6422.60 security update


Description
The chromium-browser-stable package has been updated to the 125.0.6422.60 release. It includes 9 security fixes.


Please, do note, only x86_64 is supported from now on.
i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code.

Some of the security fixes are:
* CVE-2024-4947: Type Confusion in V8. Reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on 2024-05-13
* High CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09
* Medium CVE-2024-4949: Use after free in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24
* Low CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-06-06

Google is aware that an exploit for CVE-2024-4947 exists in the wild.


References
https://bugs.mageia.org/show_bug.cgi?id=33227
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html

SRPMS
9/tainted
chromium-browser-stable-125.0.6422.60-1.1.mga9.tainted.src.rpm


PROVIDED PACKAGES
=================
x86_64
chromium-browser-125.0.6422.60-1.1.mga9.tainted.x86_64.rpm
chromium-browser-stable-125.0.6422.60-1.1.mga9.tainted.x86_64.rpm

CC: (none) => j.alberto.vc

Comment 4 christian barranco 2024-05-20 08:08:28 CEST

Ready for QA!

Assignee: chb0 => qa-bugs

Comment 5 Morgan Leijström 2024-05-20 09:18:20 CEST

OK mga9-64 Plasma X11, nvidia470

Clean update, open tabs and settings preserved, Swedish localisation
Used a few banking and shop sites
and a few video sites
file saving, pdf printing
Video playing remote control by KDEConnect.
Writing this

Unusually short output in launching terminal:
$ chromium-browser 
libpng warning: iCCP: known incorrect sRGB profile
Fontconfig error: Cannot load default config file: No such file: (null)
Warning: disabling flag --expose_wasm due to conflicting flags

Comment 6 christian barranco 2024-05-20 10:56:49 CEST

(In reply to Morgan Leijström from comment #5)
> Unusually short output in launching terminal:
> $ chromium-browser 
> libpng warning: iCCP: known incorrect sRGB profile
> Fontconfig error: Cannot load default config file: No such file: (null)
> Warning: disabling flag --expose_wasm due to conflicting flags

I have seen these warnings here and then. Nothing to worry about.

Comment 7 Brian Rockwell 2024-05-20 17:53:06 CEST

Intel, Nvidia (Nouveau), Cinnamon Desktop


$ chromium-browser -version
Chromium 125.0.6422.60 Mageia.Org 9

Installed and used for about an hour across sites.

No issues.

Comment 8 Morgan Leijström 2024-05-20 18:14:48 CEST

Enough tests for this - exploit is in the wild.
Need advisory uploaded.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK
CC: (none) => sysadmin-bugs

Comment 9 katnatek 2024-05-20 19:00:08 CEST

RH mageia 9 x86_64 Plasma Wayland


Updated without issues
Set Ozone plataform to Wayland
youtube OK
facebook OK
mageia sites OK

katnatek 2024-05-20 19:08:44 CEST

Keywords: (none) => advisory

Comment 10 Morgan Leijström 2024-05-21 10:09:41 CEST

Just noticing that on Thinkpad T510 using nouveau graphic driver, when chromium launches I do not see the messages in my Comment 5, but instead only two messages, but immediately repeated about a hundred times:


[819619:819619:0521/100411.178938:ERROR:gbm_wrapper.cc(74)] Failed to get fd for plane.: Filen eller katalogen finns inte (2)
[819619:819619:0521/100411.179177:ERROR:gbm_wrapper.cc(257)] Failed to export buffer to dma_buf: Filen eller katalogen finns inte (2)

Swedish "Filen eller katalogen finns inte" = The file or folder does not exist.

Comment 11 christian barranco 2024-05-21 18:24:05 CEST

(In reply to Morgan Leijström from comment #10)
> Just noticing that on Thinkpad T510 using nouveau graphic driver, when
> chromium launches I do not see the messages in my Comment 5, but instead
> only two messages, but immediately repeated about a hundred times:
> 
> 
> [819619:819619:0521/100411.178938:ERROR:gbm_wrapper.cc(74)] Failed to get fd
> for plane.: Filen eller katalogen finns inte (2)
> [819619:819619:0521/100411.179177:ERROR:gbm_wrapper.cc(257)] Failed to
> export buffer to dma_buf: Filen eller katalogen finns inte (2)
> 
> Swedish "Filen eller katalogen finns inte" = The file or folder does not
> exist.

Hi. I don't face this but, indeed, it starts to be reported here and there, for Chrome/Chromium derivatives:
https://github.com/ivan-hc/MS-Edge-appimage/issues/5
https://github.com/ungoogled-software/ungoogled-chromium/issues/2842

As long as it does not lead to a crash, we'll have to leave with that until it is fixed upstream, potentially.

@Morgan: could you delete ~/.cache/chromium and test again?

Thakns

Comment 12 katnatek 2024-05-21 18:51:32 CEST

 christian barranco not need to add me to CC, that make I receive duplicated mails.

Comment 13 Morgan Leijström 2024-05-21 23:21:33 CEST

(In reply to christian barranco from comment #11)

> @Morgan: could you delete ~/.cache/chromium and test again?

No change.

Comment 14 Morgan Leijström 2024-05-21 23:27:34 CEST

Also deleting  ~/.config/chromium did not help the issue either.

(And yes it lost configuration but I had nothing important here.)

Comment 15 Mageia Robot 2024-05-22 01:18:39 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0190.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED