Bug 33308

Upstream has released version 126.0.6478.54 on June 11:
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html

and, then, version 126.0.6478.61 on June 13:
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_13.html

Summary: chromium-browser-stable new security issues fixed in 126.0.6478.55 => chromium-browser-stable new security issues fixed in 126.0.6478.61
Whiteboard: (none) => MGA9TOO
Severity: normal => critical
Source RPM: (none) => chromium-browser-stable-125.0.6422.112-3.mga10.tainted.src.rpm
CVE: (none) => CVE-2024-5830,CVE-2024-5831,CVE-2024-5832,CVE-2024-5833,CVE-2024-5834,CVE-2024-5835,CVE-2024-5836,CVE-2024-5837,CVE-2024-5838,CVE-2024-5839,CVE-2024-5840,CVE-2024-5841,CVE-2024-5842,CVE-2024-5843,CVE-2024-5844,CVE-2024-5845,CVE-2024-5846,CVE-2024-5847

ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable 126.0.6478.61 security update


Description
The chromium-browser-stable package has been updated to the 126.0.6478.61 release. It includes 21 security fixes.
Some of them are:

* High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24
* High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on 2024-05-07
* High CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz on 2024-05-13
* High CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel on 2024-05-24
* High CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert on 2024-05-26
* High CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI on 2024-05-22
* High CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding on 2024-05-21
* High CVE-2024-5837: Type Confusion in V8. Reported by Anonymous on 2024-05-23
* High CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-05-24
* Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Micky on 2024-05-13
* Medium CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard on 2024-01-17
* Medium CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-02-26
* Medium CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy) on 2023-01-12
* Medium CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575 on 2024-04-12
* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri on 2024-04-01
* Medium CVE-2024-5845: Use after free in Audio. Reported by anonymous on 2024-05-13
* Medium CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive) on 2024-05-16
* Medium CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive) on 2024-05-18

Please, do note, only x86_64 is supported from now on.
i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code.


References
https://bugs.mageia.org/show_bug.cgi?id=33308
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_13.html
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html


SRPMS
9/tainted
chromium-browser-stable-126.0.6478.61-1.mga9.tainted.src.rpm


PROVIDED PACKAGES
=================
x86_64
chromium-browser-126.0.6478.61-1.mga9.tainted.x86_64.rpm
chromium-browser-stable-126.0.6478.61-1.mga9.tainted.x86_64.rpm

Summary: chromium-browser-stable new security issues fixed in 126.0.6478.61 => chromium-browser-stable new security issues fixed in 126.0.6478.61 CVE-2024-58[30-47]

Ready for QA!

Assignee: chb0 => qa-bugs

chromium 125 is in M9, as per Christian's comment above.  I'm not seeing 126?

CC: (none) => tablackwell

The build system built the previous same version as for Bug 33261 
chromium-browser-stable-125.0.6422.141-1.mga9

CC: (none) => fri
Assignee: qa-bugs => chb0

christian barranco are you working on this?

As we can see in http://pkgsubmit.mageia.org/ it was pushed to buildsystem more than a day ago, and it took a day.

I am running it now.
[morgan@svarten ~]$ chromium-browser --version
Chromium 126.0.6478.61 Mageia.Org 9

Assignee: chb0 => qa-bugs

Thanks Morgan. Indeed, ready for QA!

CC: (none) => chb0

MGA9-64, Xfce, Intel celeron

$ chromium-browser -version
Chromium 126.0.6478.61 Mageia.Org 9


----


email
sites work
youtube (sound/video) working as expected

CC: (none) => brtians1

RH mageia 9 x86_64

 LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing chromium-browser-stable-126.0.6478.61-1.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: chromium-browser-stable
                                 ##################################################################################################
      1/1: removing chromium-browser-stable-125.0.6422.141-1.mga9.tainted.x86_64
                                 ##################################################################################################

Youtube Ok
mail.com OK (I have an alternative mail here)
Facebook OK

Post this comment from chromium-browser

mga9-64 Plasma X11 nvidia-current

Swedish localisation
Restored tabs opened in previous version
Banking sites, shops, video sites.
download file
open saved pdf file and print to Boomaga and network printer.
Writing this Comment.

Plasma Wayland

Set ozone plataform to wayland
Youtube OK
Facebook OK

I note slow response somme time when hit butons or hit enter after type url, in both type of sessions, not sure if can be result of still have ublock origin as adblocker, but as for the moment I'm the one complain abouth that not need to block this update

MGA9-64 Plasma,i5-7500, Quadro K620 graphics.

No installation issues, and no operating issues to report. I mostly use Chromium for my banking, as the bank seems to trust it more than Firefox. No problem there. I looked at the NOAA Climate Prediction Center, and almost wish I hadn't, as they are predicting more hotter than normal weather next week. I'm using it to make this report.

Looks good here.

CC: (none) => andrewsfarm

MGA9-64 Plasma Wayland on HP-Pavillion.
No installation issues.
Accessed newspaper with all sorts of content, consulted Google Maps and streetview. Cann't find anything wrong with it.

CC: (none) => herman.viaene

Used it a bit more. No issues to report.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0230.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED