Upstream has released version 28.0.1500.95 on July 30: http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO, MGA2TOO
Debian has issued an advisory for this on July 31: http://lists.debian.org/debian-security-announce/2013/msg00143.html
URL: (none) => http://lwn.net/Vulnerabilities/562191/
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron. This should also fix Bug 9851 (no Google Sync because of missing API keys). This should also fix Bug 10828 (mp3 won't play in tainted, ffmpeg codec problem). Note: Mageia 3 includes a tainted build. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling (CVE-2013-2881). Cloudfuzzer discovered a type confusion issue in the V8 javascript library (CVE-2013-2882). Cloudfuzzer discovered a use-after-free issue in MutationObserver (CVE-2013-2883). Ivan Fratric of the Google Security Team discovered a use-after-free issue in the DOM implementation (CVE-2013-2884). Ivan Fratric of the Google Security Team discovered a use-after-free issue in input handling (CVE-2013-2885). The chrome 28 development team found various issues from internal fuzzing, audits, and other studies (CVE-2013-2886). This update provides version 28.0.1500.95, which fixes these issues. Additionally, Google Sync should now work (mga#9851), and playing of media files with certain codecs, such as mp3, should now work with the tainted build (mga#10828) in Mageia 3. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2885 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2886 http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html https://bugs.mageia.org/show_bug.cgi?id=9851 https://bugs.mageia.org/show_bug.cgi?id=10828 http://www.debian.org/security/2013/dsa-2732 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-28.0.1500.95-1.mga2 chromium-browser-28.0.1500.95-1.mga2 chromium-browser-stable-28.0.1500.95-1.mga3 chromium-browser-28.0.1500.95-1.mga3 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-28.0.1500.95-1.mga3 chromium-browser-28.0.1500.95-1.mga3 from SRPMS: chromium-browser-stable-28.0.1500.95-1.mga2.src.rpm chromium-browser-stable-28.0.1500.95-1.mga3.src.rpm
Version: Cauldron => 3Blocks: (none) => 9851, 10828Assignee: dmorganec => qa-bugsWhiteboard: MGA3TOO, MGA2TOO => MGA2TOO
No PoC on securityfocus. Testing mga3-64 core.
CC: (none) => wrw105
Tested mga3-64 core OK General browsing, Sunspider javascript, javatester, youtube testing flash. Logged in to google sync and synced bookmarks.
Tested mga3-64 tainted. Same tests as above, plus paying embedded file at http://archive.org/details/testmp3testfile to test mp3. Main menu showed logged in as the proper gmail account. MGA3-64 OK.
Whiteboard: MGA2TOO => MGA2TOO mga3-64-ok
Tested mga3-32, core as above. All OK.
Tested mga3-32 tainted as above, all OK.
Whiteboard: MGA2TOO mga3-64-ok => MGA2TOO mga3-64-ok Mga3-32-OK
Advisory uploaded. There is actually a tainted srpm so 3 srpms rather than just the two listed. chromium-browser-stable-28.0.1500.95-1.mga2.src.rpm chromium-browser-stable-28.0.1500.95-1.mga3.src.rpm chromium-browser-stable-28.0.1500.95-1.mga3.tainted.src.rpm http://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/3/SRPMS/tainted/updates_testing/chromium-browser-stable-28.0.1500.95-1.mga3.tainted.src.rpm
Testing complete mga2 32 & 64 Validating Could sysadmin please push from 2 core and 3 core & tainted to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA2TOO mga3-64-ok Mga3-32-OK => MGA2TOO mga3-64-ok Mga3-32-OK mga2-32-ok mga2-64-okCC: (none) => sysadmin-bugs
Note that the CVE-2013-2882 issue is actually in the bundled v8 library. Fedora has issued an advisory for this on August 3: https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113963.html As Fedora noted, the impact on Node.js is "lessened," but we may have to update nodejs at some point in the future due to this.
Update pushed: http://advisories.mageia.org/MGASA-2013-0249.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED