Bug 29541 - chromium-browser-stable new security issues fixed in 96.0.4664.45
Summary: chromium-browser-stable new security issues fixed in 96.0.4664.45
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 29522
  Show dependency treegraph
 
Reported: 2021-10-08 21:47 CEST by David Walser
Modified: 2021-11-20 20:32 CET (History)
5 users (show)

See Also:
Source RPM: chromium-browser-stable
CVE:
Status comment:


Attachments
Out from konsole installing ublock origin (6.49 KB, text/plain)
2021-11-20 08:34 CET, Jose Manuel López
Details
Out from konsole with ublock origin installed (3.38 KB, text/plain)
2021-11-20 08:47 CET, Jose Manuel López
Details
Output from konsole uninstalling ublock origin (3.60 KB, text/plain)
2021-11-20 08:51 CET, Jose Manuel López
Details

Description David Walser 2021-10-08 21:47:04 CEST
Upstream has released version 94.0.4606.81 on October 7:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html

It fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
David Walser 2021-10-08 21:47:14 CEST

CC: (none) => nicolas.salguero

David Walser 2021-10-09 14:35:43 CEST

Blocks: (none) => 29522

katnatek 2021-10-12 01:00:43 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29519

Comment 1 katnatek 2021-10-12 01:34:20 CEST
Looks good with the exception of mga#29519 but on 4th comment you have a workaround for that.

Sintel video on shakaplayer https://shaka-player-demo.appspot.com/demo/#build=uncompiled

And Multi drm video on prestoplay https://demo.castlabs.com/#/player/demo?cfg=eyJlbmFibGVFbmhhbmNlZFN1YnRpdGxlTWFuYWdlciI6dHJ1ZSwidGV4dHN0eWxlIjp7ImZvbnRGYW1pbHkiOiInUm9ib3RvJywgc2Fucy1zZXJpZiIsImZvbnRDb2xvciI6IndoaXRlIiwiYmFja2dyb3VuZENvbG9yIjoicmdiYSgwLCAwLCAwLCAwLjc1KSJ9fQ%3D%3D

Don't works for me but i suspect is due google don't update widevine for i586

Youtube and other sites work well. is needed other test?
Comment 2 David Walser 2021-10-20 16:52:34 CEST
Upstream has released version 95.0.4638.54 on October 19:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html

It fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Summary: chromium-browser-stable new security issues fixed in 94.0.4606.81 => chromium-browser-stable new security issues fixed in 95.0.4638.54

Comment 3 Christiaan Welvaart 2021-10-20 19:27:14 CEST
Is it certain that we cannot use the "Extended Stable" releases? So far the tarball for 94.0.4606.101 does not appear to be available. That release also does not contain security updates, but I suppose that will be addressed later.
Comment 4 David Walser 2021-10-20 19:30:51 CEST
I'm not familiar with that for Chrome.  Do you have more information?
Comment 5 Christiaan Welvaart 2021-10-20 20:03:43 CEST
It was announced a while ago (20210304), available for enterprise and chromium users, but whether the latter category includes Mageia I don't know.

https://blog.chromium.org/2021/03/speeding-up-release-cycle.html

See also:
https://support.google.com/chrome/a/answer/9027636?hl=en
https://chromereleases.googleblog.com/search/label/Extended%20Stable%20updates
Comment 6 David Walser 2021-10-21 21:06:03 CEST
Based on the information in those links, it unfortunately doesn't sound like something that would really help us.
Comment 7 Nicolas Salguero 2021-10-29 17:00:30 CEST
Upstream has released version 95.0.4638.69 on October 28:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html

It fixes several new security issues.  Two of them are being exploited in the wild.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Summary: chromium-browser-stable new security issues fixed in 95.0.4638.54 => chromium-browser-stable new security issues fixed in 95.0.4638.69

Comment 8 Christiaan Welvaart 2021-11-03 23:36:39 CET
Applying the following as patches to M94 should fix the most "important" issues:

https://chromium.googlesource.com/chromium/src/+/2dc6b4aa93063bd0c3283e605b59a26f60b13a01%5E%21/
https://chromium.googlesource.com/chromium/src/+/0acea24516305427f2dcad85b98e6faf6f3e8908%5E%21/
https://chromium.googlesource.com/chromium/src/+/45f9dcf5021da2f53812c769ec67f033a636b9cc%5E%21/

Then in 2 weeks M96 will be released with all fixes from M95...

I'll see if I can free up some disk space so I can do local builds again.
David Walser 2021-11-08 15:17:33 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29634

Comment 9 David Walser 2021-11-15 17:10:04 CET
Upstream has released version 96.0.4664.45 today (November 15):
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html

It appears to be a bugfix release.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Nicolas Salguero 2021-11-18 11:16:24 CET

Summary: chromium-browser-stable new security issues fixed in 95.0.4638.69 => chromium-browser-stable new security issues fixed in 96.0.4664.45

Comment 10 Nicolas Salguero 2021-11-19 08:52:21 CET
Suggested advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities.

The chromium-browser-stable package has been updated to 96.0.4664.45
version that fixes multiples security vulnerabilities.

From 94.0.4606.71 (released on September 30, 2021) to 96.0.4664.45 version,
see upstream advisories.

References:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-96.0.4664.45-1.mga8
chromium-browser-stable-96.0.4664.45-1.mga8

from SRPM:
chromium-browser-stable-96.0.4664.45-1.mga8.src.rpm

Status: NEW => ASSIGNED
Source RPM: (none) => chromium-browser-stable
Assignee: cjw => qa-bugs

Comment 11 Jose Manuel López 2021-11-19 09:48:18 CET
Hi,

Right now, writing from Chromium 96, works fine, settings, language, banks, pdf.

I have tried to install the addon Ublock origin. And chromium crash.

I reboot chromium and install addon. Now is installed, but if i try to uninstall it, chromium crash over and over again...

Greetings!!

CC: (none) => joselpddj

Comment 12 Hugues Detavernier 2021-11-19 14:33:58 CET
Hi,

Chromium works fine with Bitwarden and Adblock extensions.

CC: (none) => hdetavernier

Comment 13 David Walser 2021-11-19 15:52:30 CET
Before this update, Chromium started crashing for me on youtube, without updating anything, so you might just need to delete your profile.
Comment 14 Dave Hodgins 2021-11-19 19:00:44 CET
Jose, please report back if deleting or renaming ~/.config/chromium/ and
~/.cache/chromium/ fixes the problem.

CC: (none) => davidwhodgins

Comment 15 katnatek 2021-11-19 22:45:54 CET
(In reply to Dave Hodgins from comment #14)
> Jose, please report back if deleting or renaming ~/.config/chromium/ and
> ~/.cache/chromium/ fixes the problem.

I test the same extension with same result, crash on terminal

libva error: /usr/lib/dri/i965_drv_video.so init failed
[7699:7699:1119/153511.147948:ERROR:sandbox_linux.cc(376)] InitializeSandbox() called with multiple threads in process gpu-process.
[7660:7692:1119/153515.159905:ERROR:chrome_browser_main_extra_parts_metrics.cc(226)] crbug.com/1216328: Checking Bluetooth availability started. Please report if there is no report that this ends.
[7660:7692:1119/153515.160014:ERROR:chrome_browser_main_extra_parts_metrics.cc(229)] crbug.com/1216328: Checking Bluetooth availability ended.
[7660:7692:1119/153515.160061:ERROR:chrome_browser_main_extra_parts_metrics.cc(232)] crbug.com/1216328: Checking default browser status started. Please report if there is no report that this ends.
[7660:7692:1119/153515.279082:ERROR:chrome_browser_main_extra_parts_metrics.cc(236)] crbug.com/1216328: Checking default browser status ended.
[katnatek@cefiro ~]$ chromium-browser 
libva error: /usr/lib/dri/i965_drv_video.so init failed
[8296:8296:1119/153741.201857:ERROR:sandbox_linux.cc(376)] InitializeSandbox() called with multiple threads in process gpu-process.
[8261:8322:1119/153748.859131:ERROR:chrome_browser_main_extra_parts_metrics.cc(226)] crbug.com/1216328: Checking Bluetooth availability started. Please report if there is no report that this ends.
[8261:8322:1119/153748.863995:ERROR:chrome_browser_main_extra_parts_metrics.cc(229)] crbug.com/1216328: Checking Bluetooth availability ended.
[8261:8322:1119/153748.865689:ERROR:chrome_browser_main_extra_parts_metrics.cc(232)] crbug.com/1216328: Checking default browser status started. Please report if there is no report that this ends.
[8261:8322:1119/153749.125314:ERROR:chrome_browser_main_extra_parts_metrics.cc(236)] crbug.com/1216328: Checking default browser status ended.
[8261:8261:1119/154017.629610:ERROR:interface_endpoint_client.cc(658)] Message 0 rejected by interface blink.mojom.WidgetHost
[8302:8706:1119/154047.530315:ERROR:object_proxy.cc(642)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd5: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying
[8302:8706:1119/154047.530371:ERROR:kwallet_dbus.cc(100)] Error contacting kwalletd5 (isEnabled)
[8302:8706:1119/154047.769100:ERROR:object_proxy.cc(642)] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.klauncher was not provided by any .service files
[8302:8706:1119/154047.769325:ERROR:kwallet_dbus.cc(72)] Error contacting klauncher to start kwalletd5
[8302:8706:1119/154048.118441:ERROR:object_proxy.cc(642)] Failed to call method: org.kde.KWallet.close: object_path= /modules/kwalletd5: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying
[8302:8706:1119/154048.118519:ERROR:kwallet_dbus.cc(418)] Error contacting kwalletd5 (close)
[1119/154058.308176:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[1119/154058.308800:ERROR:elf_dynamic_array_reader.h(64)] tag not found
Received signal 11 SEGV_MAPERR 000000000000
#0 0x0000063a817c base::debug::CollectStackTrace()
#1 0x0000062e71cf base::debug::StackTrace::StackTrace()
#2 0x0000063a86f2 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x0000b7fbd560 ([vdso]+0x55f)
  gs: 00000033  fs: 00000000  es: 0000007b  ds: 0000007b
 edi: 1575da00 esi: 1559cf40 ebp: 1579c980 esp: bffec34c
 ebx: 1461c408 edx: 1559a0f8 ecx: 15757bc0 eax: 00000000
 trp: 0000000e err: 00000014  ip: 00000000  cs: 00000073
 efl: 00010286 usp: bffec34c  ss: 0000007b
[end of stack trace]
Violación de segmento (`core' generado)
Comment 16 Dave Hodgins 2021-11-19 23:29:20 CET
Please downgrade to the prior version. Does it crash too?
Comment 17 katnatek 2021-11-19 23:49:54 CET
I see the workaround for bug#29519 is now integrated on the script that launch chromium.

At less once a youtube video crash without crashing the software just have to reload the video

The adblock extension - https://chrome.google.com/webstore/detail/adblock-%E2%80%94-best-ad-blocker/gighmmpiobklfepjocnamgkkbiglidom?hl=es-419 - can be installed without issues as reported on comment#12


All the test made after delete the chromium profile and cache folders
Comment 18 katnatek 2021-11-20 00:03:09 CET
(In reply to Dave Hodgins from comment #16)
> Please downgrade to the prior version. Does it crash too?

Ublock origin - https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm - crash with 94.0.4606.61-1.mga8 but works well on 88.0.4324.150-1.mga8
Comment 19 Dave Hodgins 2021-11-20 02:44:21 CET
So it's not a regression from the current version, but a regression we missed
in prior testing. As such I'll ok the update. Please open a new bug report
to use for debugging the crash.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update

Comment 20 Jose Manuel López 2021-11-20 08:34:21 CET
Created attachment 12998 [details]
Out from konsole installing ublock origin

Sorry for the delay. Here is the logs of the installation of ublock origin addon.

I have tried this with a clean profile and cache deleted.
Comment 21 Jose Manuel López 2021-11-20 08:47:14 CET
Created attachment 12999 [details]
Out from konsole with ublock origin installed

I have tried to reboot Chromium and install ublock origin addon. Now, the addon is installed, and works. I don't know why the first crash appears, because appears it with a clean profile and without default settings changed.
Comment 22 Jose Manuel López 2021-11-20 08:51:58 CET
Created attachment 13000 [details]
Output from konsole uninstalling ublock origin

Once instaled the addon, i have tried to uninstall it. Chromium crash again and i can't uninstall it. I have to delete the profile for delete the addon...

This output from konsole show the uninstall the addon.
Dave Hodgins 2021-11-20 18:07:12 CET

Keywords: (none) => advisory

Comment 23 Mageia Robot 2021-11-20 20:32:21 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0516.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.