Upstream released chromium 77.0.3865.120 on 10 october with 8 security fixes: https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html This bugs is for mageia 7. Cauldron has updated packages and as before mageia 6 does not have a C++ compiler that can build chromium.
Updated packages are available for testing: MGA7 SRPM: chromium-browser-stable-77.0.3865.120-1.mga7.src.rpm RPMS: chromium-browser-77.0.3865.120-1.mga7.i586.rpm chromium-browser-stable-77.0.3865.120-1.mga7.i586.rpm chromium-browser-77.0.3865.120-1.mga7.x86_64.rpm chromium-browser-stable-77.0.3865.120-1.mga7.x86_64.rpm Advisory: Chromium-browser 77.0.3865.120 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component (CVE-2019-13693), one in the WebRTC component (CVE-2019-13694), one in the audio component (CVE-2019-13695), and one in the V8 component (CVE-2019-13696). A cross-origin size leak (CVE-2019-13697) was also fixed, as well as various problems found using internal audits, fuzzing and other initiatives. References: https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13697
CC: (none) => cjwAssignee: cjw => qa-bugs
$ uname -a Linux localhost 5.3.6-desktop-2.mga7 #1 SMP Sun Oct 13 18:22:10 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux The following 10 packages are going to be installed: - chromium-browser-77.0.3865.120-1.mga7.x86_64 - chromium-browser-stable-77.0.3865.120-1.mga7.x86_64 - lib64jsoncpp19-1.8.4-2.mga7.x86_64 - lib64minizip1-1.2.11-7.mga7.x86_64 - lib64rpm8-4.14.2.1-12.1.mga7.x86_64 - python3-rpm-4.14.2.1-12.1.mga7.x86_64 - rpm-4.14.2.1-12.1.mga7.x86_64 - rpm-build-4.14.2.1-12.1.mga7.x86_64 - rpm-plugin-syslog-4.14.2.1-12.1.mga7.x86_64 - rpm-plugin-systemd-inhibit-4.14.2.1-12.1.mga7.x86_64 --- Did Email and watched youtube videos. Sound, video and formatting is all working as designed.
Whiteboard: (none) => MGA7-64-OKCC: (none) => brtians1
Mageia 7, x86_64 Installed all the packages in comment 2. Launched the browser from the systems menu. Visited a few sites including gmail account. Started to synchronize with firefox bookmarks - first shut down firefox then started synch. That brought up a red box in the top right-hand corner which reported that synchronization was not working. Tried signing into Google but that wanted a pass-phrase - no idea what to enter but after a long search discovered something from long ago regarding synchronizing "devices" which it seemed to accept but the red box remained. A tab appeared in the menu which opened out into a cascading menu of all the firefox bookmarks. There does not seem to be any way to install those as a side-bar like in firefox so there is always a lot of clicking to find a particular entry (three tiers and a total of maybe 2000 bookmarks). So, it does work, sort of. As in firefox, the Ctrl +/- operation allows zooming.
CC: (none) => tarazed25
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0304.html
Status: NEW => RESOLVEDResolution: (none) => FIXED