Bug 26494 - chromium-browser-stable new security issue fixed in 81.0.4044.122
Summary: chromium-browser-stable new security issue fixed in 81.0.4044.122
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: mga7-64-ok mga7-32-ok
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-04-18 04:04 CEST by David Walser
Modified: 2020-04-26 16:40 CEST (History)
5 users (show)

See Also:
Source RPM: chromium-browser-stable-81.0.4044.92-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-04-18 04:04:26 CEST 
Upstream has released version 81.0.4044.113 on April 15:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

It fixes a new security issue.
Comment 1 katnatek 2020-04-22 21:10:57 CEST 
Upstream has released version 81.0.4044.122 on April 21
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

It fixes a new security issue.

Summary: chromium-browser-stable new security issue fixed in 81.0.4044.113 => chromium-browser-stable new security issue fixed in 81.0.4044.122

Comment 2 David Walser 2020-04-22 21:15:55 CEST 
Thanks katnatek!

Christiaan, the .113 update has gotten attention in the press.  I'm not entirely sure if it's any more critical than normal, but it would be nice to get moving on this.
Comment 3 Christiaan Welvaart 2020-04-24 09:47:54 CEST 
Updated packages are available for testing:

MGA7
SRPM:
chromium-browser-stable-81.0.4044.122-1.mga7.src.rpm
RPMS:
chromium-browser-81.0.4044.122-1.mga7.i586.rpm
chromium-browser-stable-81.0.4044.122-1.mga7.i586.rpm
chromium-browser-81.0.4044.122-1.mga7.x86_64.rpm
chromium-browser-stable-81.0.4044.122-1.mga7.x86_64.rpm



Advisory:



Chromium-browser 81.0.4044.122 fixes security issues:

Multiple flaws were found in the way Chromium 81.0.4044.92 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6457, CVE-2020-6458, CVE-2020-6459, CVE-2020-6460)


References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460

Assignee: cjw => qa-bugs
CC: (none) => cjw

Comment 4 Bill Wilkinson 2020-04-25 00:42:02 CEST 
tested mga7-64
general browsing, jetstream for javascript, youtube videos, all ok.

Whiteboard: (none) => mga-7-64-ok
CC: (none) => wrw105

Bill Wilkinson 2020-04-25 00:48:17 CEST

Whiteboard: mga-7-64-ok => mga7-64-ok

Comment 5 Bill Wilkinson 2020-04-25 02:21:30 CEST 
tested mga7-32 as above, all ok

ready for validation when advisory uploaded

Whiteboard: mga7-64-ok => mga7-64-ok mga7-32-ok

Comment 6 Thomas Andrews 2020-04-26 01:41:18 CEST 
Thanks, Bill. Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2020-04-26 16:16:34 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 7 Mageia Robot 2020-04-26 16:40:33 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0185.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.