Upstream has released version 80.0.3987.122 on February 24: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates They also released version 80.0.3987.116 on February 18: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html and version 80.0.3987.106 on February 13: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_13.html and version 80.0.3987.87 on February 4: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html They fix several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates There was also a bugfix release since our last update: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_11.html
The latest update includes "Integer overflow in ICU" with no CVE given, but we'll need to find that fix and fix it in the system icu package in this update too.
If the ICU bug is ICU-20958 then I can apply the patch (from chromium but the same fix is also in ICU git) to mga7 icu.
Status: NEW => ASSIGNED
Updated packages are available for testing: MGA7 SRPMS: chromium-browser-stable-80.0.3987.122-1.mga7.src.rpm icu-63.1-1.2.mga7.src.rpm RPMS: chromium-browser-80.0.3987.122-1.mga7.i586.rpm chromium-browser-stable-80.0.3987.122-1.mga7.i586.rpm icu-63.1-1.2.mga7.i586.rpm libicu63-63.1-1.2.mga7.i586.rpm libicu-devel-63.1-1.2.mga7.i586.rpm chromium-browser-80.0.3987.122-1.mga7.x86_64.rpm chromium-browser-stable-80.0.3987.122-1.mga7.x86_64.rpm icu-63.1-1.2.mga7.x86_64.rpm lib64icu63-63.1-1.2.mga7.x86_64.rpm lib64icu-devel-63.1-1.2.mga7.x86_64.rpm icu-63.1-1.2.mga7.armv7hl.rpm libicu63-63.1-1.2.mga7.armv7hl.rpm libicu-devel-63.1-1.2.mga7.armv7hl.rpm icu-63.1-1.2.mga7.aarch64.rpm lib64icu63-63.1-1.2.mga7.aarch64.rpm lib64icu-devel-63.1-1.2.mga7.aarch64.rpm icu63-data-63.1-1.2.mga7.noarch.rpm icu-doc-63.1-1.2.mga7.noarch.rpm Advisory: Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-18197, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926) Upstream chromium 80.0.3987.122 also includes a fix for an integer overflow issue in ICU. Since the chromium-browser-stable package is linked against the icu packages instead of using the ICU source code bundled with chromium upstream, this issue is fixed in the icu package. References: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_11.html https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_13.html https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html https://unicode-org.atlassian.net/browse/ICU-20958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
CC: (none) => cjwAssignee: cjw => qa-bugs
Source RPM: chromium-browser-stable-79.0.3945.130-1.mga7.src.rpm => chromium-browser-stable-79.0.3945.130-1.mga7.src.rpm, icu-63.1-1.1.mga7.src.rpm
MGA7-64 Plasma on Lenovo B50 No installation issues. Tested by redaing my usual newspaper, with tetxt, picturesand video, all OK
CC: (none) => herman.viaene
Not normally a chromium user, but I managed to figure it out enough for this test. No installation issues, once I noticed the noarch packages that needed to be added to qaRepo. I imported some settings from Firefox, and tried various sites. No issues, except that if I'm going to use it as my regular browser it would need an ad blocker. I'm using it to make this report. This looks OK for 64-bits, on this hardware. Coupling this with Herman's test, I think it's ready to go. Validating. Advisory in Comment 3.
Whiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0123.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
(In reply to Christiaan Welvaart from comment #2) > If the ICU bug is ICU-20958 then I can apply the patch (from chromium but > the same fix is also in ICU git) to mga7 icu. Indeed, and now it has a CVE. It's CVE-2020-10531: https://usn.ubuntu.com/4305-1/
Summary: chromium-browser-stable new security issues fixed in 80.0.3987.122 => chromium-browser-stable new security issues fixed in 80.0.3987.122 (and icu CVE-2020-10531)
and RedHat advisory for CVE-2020-10531 from today (March 18) for reference: https://access.redhat.com/errata/RHSA-2020:0897