Upstream has released version 89.0.4389.114 on March 30: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html It fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Whiteboard: (none) => MGA8TOO, MGA7TOOSource RPM: (none) => chromium-browser-stable-89.0.4389.90-1.mga8.src.rpm
Assignee: bugsquad => nicolas.salgueroBlocks: (none) => 28695CC: (none) => ouaurelien
Blocks: (none) => 28631
Assigning to you Nicolas, as you already sent this on BS.
Build fails for Cauldron because libva 2.11.0 now contains VA Protected Content API, which conflicts with the one included in chromium.
Blocks: (none) => 28732
cloning into https://bugs.mageia.org/show_bug.cgi?id=28732 for cauldron.
Version: Cauldron => 8CC: (none) => mageiaAssignee: nicolas.salguero => qa-bugsWhiteboard: MGA8TOO, MGA7TOO => MGA7TOO
Available in mga7/8 src: - chromium-browser-stable-89.0.4389.114-1.mga7 - chromium-browser-stable-89.0.4389.114-1.mga8
Blocks: 28732 => (none)
Installed and tested without issues. Tested with many of sites. Tested benchmarks, webcam, mic, video, audio, webgl, webrtc, etc. No issues noticed. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GT 1030 GPU using nvidia-current proprietary driver. $ uname -a Linux marte 5.10.27-desktop-1.mga7 #1 SMP Wed Mar 31 00:16:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ cat /proc/driver/nvidia/version NVRM version: NVIDIA UNIX x86_64 Kernel Module 460.67 Thu Mar 11 00:11:45 UTC 2021 GCC version: gcc version 8.4.0 (Mageia 8.4.0-1.mga7) $ rpm -q chromium-browser-stable chromium-browser-stable-89.0.4389.114-1.mga7
CC: (none) => mageiaWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
Tested mga8-64 Jetstream, general browsing, video, all OK
CC: (none) => wrw105Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK Mga8-64-ok
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
testing mga8-32, jetstream crashed. General browsing and video worked as expected. running from command line output: <--- Last few GCs ---> [1:0x137db130] 307388 ms: Scavenge (reduce) 246.4 (251.2) -> 246.4 (251.2) MB, 0.5 / 0.0 ms (average mu = 0.988, current mu = 0.981) allocation failure [1:0x137db130] 307468 ms: Mark-sweep (reduce) 248.4 (253.3) -> 248.2 (253.3) MB, 10.0 / 0.0 ms (+ 0.6 ms in 1 steps since start of marking, biggest step 0.6 ms, walltime since start of marking 80 ms) (average mu = 0.979, current mu = 0.948) allocation <--- JS stacktrace ---> Received signal 6 #0 0x0000051a0eac base::debug::CollectStackTrace() #1 0x0000050e5fdf base::debug::StackTrace::StackTrace() #2 0x0000051a1411 base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x0000b7edb570 ([vdso]+0x56f) #4 0x0000b39f362c __GI_raise #5 0x0000b39dd2bf __GI_abort #6 0x00000512b846 base::internal::OnNoMemoryInternal() #7 0x000009c3c82e (anonymous namespace)::OnNoMemory() #8 0x000009c3c848 blink::ReportOOMErrorInMainThread() #9 0x000003bca890 v8::Utils::ReportOOMFailure() #10 0x000003bcab20 v8::internal::V8::FatalProcessOutOfMemory() #11 0x000003d87134 v8::internal::Heap::FatalProcessOutOfMemory() #12 0x000003d9267e v8::internal::Heap::CollectGarbage() #13 0x000003d949a5 v8::internal::Heap::AllocateRawWithLightRetrySlowPath() #14 0x000003d94a25 v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath() #15 0x000003d5f552 v8::internal::Factory::AllocateRaw() #16 0x000003d599bb v8::internal::FactoryBase<>::AllocateRaw() #17 0x000003d59f1f v8::internal::FactoryBase<>::AllocateRawWithImmortalMap() #18 0x000003d5ba2b v8::internal::FactoryBase<>::NewRawOneByteString() #19 0x000003fadfc4 v8::internal::String::SlowFlatten() #20 0x000003c05ad9 v8::internal::String::Flatten() #21 0x0000040da7ee v8::internal::Runtime_StringCharCodeAt() #22 0x00000466cd17 Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit #23 0x000004644202 Builtins_KeyedLoadIC #24 0x0000046d8762 Builtins_LdaKeyedPropertyHandler #25 0x000004618e06 Builtins_InterpreterEntryTrampoline #26 0x000004618e06 Builtins_InterpreterEntryTrampoline #27 0x000004617118 Builtins_JSEntryTrampoline #28 0x000004616f3b Builtins_JSEntry #29 0x000003d06c59 v8::internal::(anonymous namespace)::Invoke() gs: 00000033 fs: 00000000 es: 0000007b ds: 0000007b edi: 00000000 esi: 00000008 ebp: bffd092c esp: bffd0928 ebx: 00000002 edx: 00000000 ecx: bffd092c eax: 00000000 trp: 00000000 err: 00000000 ip: b39f362c cs: 00000073 efl: 00000246 usp: bffd0928 ss: 0000007b [end of stack trace] Calling _exit(1). Core file will not be generated.
Tested jetstream (https://browserbench.org/JetStream/) until its completion and it did not crash on a Mageia 7 x86_64 (comment 5). Maybe it is i586 specific.
Keywords: validated_update => (none)Assignee: qa-bugs => nicolas.salgueroWhiteboard: MGA7TOO MGA7-64-OK Mga8-64-ok => (none)
Suggested advisory: ======================== The updated packages fix security vulnerabilities and a crash when a device does some cast traffic in the local network. References: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://bugs.mageia.org/show_bug.cgi?id=28631 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-89.0.4389.114-2.mga7 chromium-browser-89.0.4389.114-2.mga7 chromium-browser-stable-89.0.4389.114-2.mga8 chromium-browser-89.0.4389.114-2.mga8 from SRPMS: chromium-browser-stable-89.0.4389.114-2.mga7.src.rpm chromium-browser-stable-89.0.4389.114-2.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugs
Whiteboard: (none) => MGA7TOO
Upstream has released version 89.0.4389.128 today (April 13): https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html It fixes a zero day that was posted on Twitter.
Severity: major => criticalSummary: chromium-browser-stable new security issues fixed in 89.0.4389.114 => chromium-browser-stable new security issues fixed in 89.0.4389.128Assignee: qa-bugs => nicolas.salguero
Suggested advisory: ======================== The updated packages fix security vulnerabilities and a crash when a device does some cast traffic in the local network. References: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html https://bugs.mageia.org/show_bug.cgi?id=28631 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-89.0.4389.128-1.mga7 chromium-browser-89.0.4389.128-1.mga7 chromium-browser-stable-89.0.4389.128-1.mga8 chromium-browser-89.0.4389.128-1.mga8 from SRPMS: chromium-browser-stable-89.0.4389.128-1.mga7.src.rpm chromium-browser-stable-89.0.4389.128-1.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugs
MGA 8 Plasma chromium-browser-stable-89.0.4389.128-1.mga8 OK Browsing http, https, widevine DRM OK, Google sites OK. Bug 286312 fixed. No crash. webRTC/Zoom/ BigBlueButton OK MGA7 Plasma and Gnome chromium-browser-stable-89.0.4389.128-1.mga7 OK Same. This is a OK candidate. Can be pushed ASAP as zero-day widely exploited and reported. webRTC/Zoom/ BigBlueButton OK Note also chromium-browser-stable-90.0.4430.78 is out since 15-04-2021 fixing security bugs. Report is Bug 28732. Validating,
Keywords: (none) => advisory, validated_updateWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0188.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED