Bug 28534 - chromium-browser-stable new security issues fixed in 89.0.4389.90
Summary: chromium-browser-stable new security issues fixed in 89.0.4389.90
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7TOO MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-03-05 23:32 CET by David Walser
Modified: 2021-03-17 12:03 CET (History)
6 users (show)

See Also:
Source RPM: chromium-browser-stable-88.0.4324.182-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Start page contain Super Duper Module (385.70 KB, image/png)
2021-03-11 11:34 CET, Morgan Leijström 		Details
strace from comment 3 (209.54 KB, application/gzip)
2021-03-12 10:57 CET, Aurelien Oudelet 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-03-05 23:32:22 CET 
Upstream has released version 89.0.4389.72 on March 2:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html

It fixes several new security issues.

CVE-2020-27844 in openjpeg2 was already fixed in Bug 27986.

89.0.4389.82 is a bugfix release from today (March 5):
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_5.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
David Walser 2021-03-05 23:32:31 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Nicolas Salguero 2021-03-11 08:53:49 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities.

References:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_5.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-89.0.4389.82-1.mga7
chromium-browser-89.0.4389.82-1.mga7
chromium-browser-stable-89.0.4389.82-1.mga8
chromium-browser-89.0.4389.82-1.mga8

from SRPMS:
chromium-browser-stable-89.0.4389.82-1.mga7.src.rpm
chromium-browser-stable-89.0.4389.82-1.mga8.src.rpm

CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: cjw => qa-bugs

Comment 2 Morgan Leijström 2021-03-11 11:34:57 CET 
Created attachment 12452 [details]
Start page contain Super Duper Module

It looks like some testing mode is left active?
"Super Duper Module"
"Even Better Module"
And foo bar baz are all included.

Except from that quick test OK, video with sound from a couple sites, and banking site, weather site.

CC: (none) => fri

Comment 3 Aurelien Oudelet 2021-03-12 10:54:02 CET 
Nope. M8 x86_64 with kernel 5.10.22-1.mga8 and glibc from glibc-2.32-15.mga8 update.
Note: nvidia-current 460.57 nonfree drivers. installed from Mageia 8 

This is not functioning:
This has not extension running.

$ chromium-browser 
[20513:20513:0312/103838.388164:ERROR:allowlist.cc(66)] Component extension with manifest resource id 11690 not in allowlist and is not being loaded as a result.
[20513:20513:0312/103838.388446:ERROR:allowlist.cc(66)] Component extension with manifest resource id 11691 not in allowlist and is not being loaded as a result.
[20543:20543:0312/103838.552602:ERROR:vaapi_wrapper.cc(1045)] vaQuerySurfaceAttributes failed, VA error: invalid parameter
[20543:20543:0312/103838.552725:ERROR:vaapi_wrapper.cc(993)] FillProfileInfo_Locked failed for va_profile VAProfileH264Main and entrypoint VAEntrypointVLD
[20543:20543:0312/103838.552788:ERROR:vaapi_wrapper.cc(1045)] vaQuerySurfaceAttributes failed, VA error: invalid parameter
[20543:20543:0312/103838.552824:ERROR:vaapi_wrapper.cc(993)] FillProfileInfo_Locked failed for va_profile VAProfileH264High and entrypoint VAEntrypointVLD
Received signal 11 SEGV_ACCERR 7f3df9ffc000
#0 0x555609382a59 base::debug::CollectStackTrace()
#1 0x5556092d1ab6 base::debug::StackTrace::StackTrace()
#2 0x555609382499 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f3e0abd1170 (/usr/lib64/libpthread-2.32.so+0x1316f)
#4 0x7f3e06b79964 __memmove_avx_unaligned_erms
#5 0x5556093737e7 std::__cxx11::basic_string<>::_M_construct<>()
#6 0x555609373f64 base::Value::Value()
#7 0x55560bdbf126 cast_channel::CreateReceiverStatusRequest()
#8 0x55560eaac31a cast_channel::CastMessageHandler::RequestReceiverStatus()
#9 0x55560c272338 media_router::MediaSinkServiceBase::AddOrUpdateSink()
#10 0x55560c28b17e media_router::CastMediaSinkServiceImpl::OnChannelOpenSucceeded()
#11 0x55560c28c84e media_router::CastMediaSinkServiceImpl::OnChannelOpened()
#12 0x55560c28cd3f base::internal::Invoker<>::RunOnce()
#13 0x55560bdb0c8f cast_channel::CastSocketImpl::DoConnectCallback()
#14 0x55560bdb25c1 base::internal::CancelableCallbackImpl<>::ForwardOnce<>()
#15 0x555604e99fd1 base::internal::Invoker<>::RunOnce()
#16 0x55560933fc32 base::TaskAnnotator::RunTask()
#17 0x5556093568fb base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
#18 0x5556093575e6 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#19 0x5556093b5651 base::MessagePumpLibevent::Run()
#20 0x555609355af0 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
#21 0x55560931f12c base::RunLoop::Run()
#22 0x55560679345a content::BrowserProcessSubThread::IOThreadRun()
#23 0x55560936b868 base::Thread::ThreadMain()
#24 0x5556093961e6 base::(anonymous namespace)::ThreadFunc()
#25 0x7f3e0abc6dea start_thread
#26 0x7f3e06b16fff __GI___clone
  r8: fffffffffffffff0  r9: 00007f3dd010a820 r10: 00007f3d6bfffc14 r11: 00007f3d62c8e010
 r12: 0000000009371c04 r13: 00007f3df9ffa070 r14: 000055561496ebb0 r15: 0000000000000003
  di: 00007f3d62c8ffa0  si: 00007f3df9ffc000  bp: 00007f3df9ff98d0  bx: 00007f3df9ff98e0
  dx: 000000000936fc74  ax: 00007f3d62c8e010  cx: 00007f3d6bfffbf4  sp: 00007f3df9ff9898
  ip: 00007f3e06b79964 efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 00007f3df9ffc000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

CC: (none) => ouaurelien

Comment 4 Aurelien Oudelet 2021-03-12 10:57:10 CET 
Created attachment 12457 [details]
strace from comment 3

Heavy strace obtained from:
$ strace chromium-browser 2>chromium-browser-89-bug-28534.txt

and archived in .tar.gz
Comment 5 Guillaume Royer 2021-03-12 21:53:42 CET 
MGA 8 XFCE Desktop with kernel 5.10.20-1.mga8 an Nvidia 390 driver.

no error messages during installation.

I have tested with 3 tabs opened: Youtube, Netflix and Matrix/Element client.
No problem with navigation.

================================================================================

VM MGA7 GNOME with kernel 5.10.20-1.mga8 an Nvidia 390 driver.

no error messages during installation.

I have tested with 3 tabs opened: Youtube, Netflix and Matrix/Element client.

Problem with Netflix and Widevine Content Decryption Module not up to date  Version : 4.10.1610.0 

No problem with navigation.

CC: (none) => guillaume.royer

Comment 6 Dave Hodgins 2021-03-12 22:13:07 CET 
chromium is working fine for me on M8 x86_64.
[dave@x8t ~]$ uname -r
5.10.22-desktop-1.mga8
[dave@x8t ~]$ rpm -q glibc
glibc-2.32-15.mga8
[dave@x8t ~]$ rpm -q x11-driver-video-nvidia-current
x11-driver-video-nvidia-current-460.56-1.mga8.nonfree
[dave@x8t ~]$ rpm -q chromium-browser-stable
chromium-browser-stable-89.0.4389.82-1.mga8

Aurelien, Where did you get the nvidia-current 460.57 nonfree drivers?
I don't see them in M8 or cauldron.

It's also working on my m7 x86_64 system. I'm ready to ok and validate this
update, but will hold off pending more info.

CC: (none) => davidwhodgins

Comment 7 Aurelien Oudelet 2021-03-12 22:17:47 CET 
So sorry, it is NVIDIA 460.56 (from mga nonfree repo).
So i don't know why it des this. I will test tomorrow with a new user.
And also by removing all chromium datas from ~/.config and ~/. local/share/
Comment 8 Nicolas Salguero 2021-03-15 11:04:49 CET 
Upstream has released version 89.0.4389.90 on March 12:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html

It fixes several new security issues.

Assignee: qa-bugs => nicolas.salguero
Summary: chromium-browser-stable new security issues fixed in 89.0.4389.72 => chromium-browser-stable new security issues fixed in 89.0.4389.90

Comment 9 Nicolas Salguero 2021-03-17 09:25:46 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities.  At least one of them is known to be actively exploited.

References:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_5.html
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-89.0.4389.90-1.mga7
chromium-browser-89.0.4389.90-1.mga7
chromium-browser-stable-89.0.4389.90-1.mga8
chromium-browser-89.0.4389.90-1.mga8

from SRPMS:
chromium-browser-stable-89.0.4389.90-1.mga7.src.rpm
chromium-browser-stable-89.0.4389.90-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs

Comment 10 Dave Hodgins 2021-03-17 09:53:41 CET 
Ok on Mageia 7 x86_64 with a half dozen sites including my bank.

Ok on Mageia 8 x86_64 with youtube with the 5.10.23-desktop-1.mga8 desktop
kernel, glibc-2.32-15.mga8, and
x11-driver-video-nvidia-current-460.56-1.mga8.nonfree.

Validating the update.

Keywords: (none) => validated_update
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
CC: (none) => sysadmin-bugs

Comment 11 Dave Hodgins 2021-03-17 10:20:38 CET 
Advisory committed to svn.

Keywords: (none) => advisory

Comment 12 Mageia Robot 2021-03-17 12:03:03 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0142.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.