Bug 26470 - chromium-browser-stable new security issues fixed in 81.0.4044.92
Summary: chromium-browser-stable new security issues fixed in 81.0.4044.92
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-04-10 16:51 CEST by David Walser
Modified: 2020-04-17 01:02 CEST (History)
6 users (show)

See Also:
Source RPM: chromium-browser-stable-80.0.3987.149-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-04-10 16:51:26 CEST 
Upstream has released version 81.0.4044.92 on April 7:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

They also released version 80.0.3987.162 on March 31:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html

They fix several new security issues.

There was also a bugfix release since our last update:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop.html
Comment 1 Christiaan Welvaart 2020-04-12 12:49:08 CEST 
Updated packages are available for testing:

MGA7
SRPM:
chromium-browser-stable-81.0.4044.92-1.mga7.src.rpm
RPMS:
chromium-browser-81.0.4044.92-1.mga7.i586.rpm
chromium-browser-stable-81.0.4044.92-1.mga7.i586.rpm
chromium-browser-81.0.4044.92-1.mga7.x86_64.rpm
chromium-browser-stable-81.0.4044.92-1.mga7.x86_64.rpm



Advisory:




Chromium-browser 81.0.4044.92 fixes security issues:

Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6423, CVE-2020-6430, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, CVE-2020-6448, CVE-2020-6450, CVE-2020-6451, CVE-2020-6452, CVE-2020-6454, CVE-2020-6455, CVE-2020-6456)


References:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456

Assignee: cjw => qa-bugs
CC: (none) => cjw

Comment 2 Herman Viaene 2020-04-13 14:56:12 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues
Tested with usual newspaper site.Text, pictures, video, sound all OK.

CC: (none) => herman.viaene

Comment 3 Brian Rockwell 2020-04-13 18:34:08 CEST 
$ chromium-browser -version
Chromium 81.0.4044.92 Mageia.Org 7


$ chromium-browser 
[10657:10657:0413/092953.377982:ERROR:browser_switcher_service.cc(238)] XXX Init()
[10686:10686:0413/092953.853859:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.


Seemed to work okay anyhow.

- usual suspects
- ran a jitsi video conference for an hour, no issues

works for me.

CC: (none) => brtians1

Thomas Backlund 2020-04-15 11:30:37 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 4 Brian Rockwell 2020-04-16 20:09:02 CEST 
AMD desktop, Nvidia, Xfce

chromium working as designed.

Giving this an ok

Whiteboard: (none) => MGA7-64-OK

Comment 5 Thomas Andrews 2020-04-16 20:59:42 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 6 Mageia Robot 2020-04-17 01:02:31 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0174.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.