Upstream has released version 68.0.3440.75 on July 24: https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates There was also bugfix version 67.0.3396.99 on June 25: https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_25.html
Updated packages are ready for testing. MGA6 SRPM: chromium-browser-stable-68.0.3440.106-1.mga6.src.rpm RPMS: chromium-browser-68.0.3440.106-1.mga6.i586.rpm chromium-browser-stable-68.0.3440.106-1.mga6.i586.rpm chromium-browser-68.0.3440.106-1.mga6.x86_64.rpm chromium-browser-stable-68.0.3440.106-1.mga6.x86_64.rpm Advisory: Chromium-browser 68.0.3440.106 fixes security issues: Multiple flaws were found in the way Chromium 67.0.3396.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2018-4117, CVE-2018-6044, CVE-2018-6153, CVE-2018-6154, CVE-2018-6155, CVE-2018-6156, CVE-2018-6157, CVE-2018-6158, CVE-2018-6159, CVE-2018-6160, CVE-2018-6161, CVE-2018-6162, CVE-2018-6163, CVE-2018-6164, CVE-2018-6165, CVE-2018-6166, CVE-2018-6167, CVE-2018-6168, CVE-2018-6169, CVE-2018-6170, CVE-2018-6171, CVE-2018-6172, CVE-2018-6173, CVE-2018-6174, CVE-2018-6175, CVE-2018-6176, CVE-2018-6177, CVE-2018-6178, CVE-2018-6179) Upstream also reported for release 68.0.3440.75 that three additional flaws were fixed in earlier (unspecified) chromium releases but not listed in the release notes for those releases. (CVE-2018-6150, CVE-2018-6151, CVE-2018-6152) References: https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_25.html https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop_31.html https://chromereleases.googleblog.com/2018/08/stable-channel-update-for-desktop.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6152
CC: (none) => cjwAssignee: cjw => qa-bugs
on mga6-64 packages installed cleanly: - chromium-browser-68.0.3440.106-1.mga6.x86_64 - chromium-browser-stable-68.0.3440.106-1.mga6.x86_64 signed in to my Google account tested several bookmarks and other sites no regressions noted looks OK for mga6-64
CC: (none) => jimWhiteboard: (none) => MGA6-64-OK
on mga6-32 packages installed cleanly: - chromium-browser-68.0.3440.106-1.mga6.i586 - chromium-browser-stable-68.0.3440.106-1.mga6.i586 checked a number of web sites no regressions noted Looks OK for mga6-32
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK
Tested mga6-32 under virtual box. General browsing, jetstream etc all OK. Vaildating, ready for push when advisory added to svn.
Keywords: (none) => validated_updateCC: (none) => wrw105, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0343.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED