Bug 30208 - chromium-browser-stable new security issue fixed in 99.0.4844.84
Summary: chromium-browser-stable new security issue fixed in 99.0.4844.84
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-03-26 16:43 CET by David Walser
Modified: 2022-03-28 18:24 CEST (History)
5 users (show)

See Also:
Source RPM: chromium-browser-stable-99.0.4844.74-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-03-26 16:43:53 CET
Upstream has released version 99.0.48446.84 on March 25:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

It fixes a new security issue, which is being exploited in the wild.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
David Walser 2022-03-26 16:44:07 CET

CC: (none) => chb0

Comment 1 christian barranco 2022-03-26 17:18:23 CET
Hi
Chromium 100 will be available in a few days. 
I propose to go directly to it. Or do you want me still to update 99?
Comment 2 David Walser 2022-03-26 17:38:21 CET
It's being exploited in the wild.  If we can build this version now, let's do it (priority being on Mageia 8).
Comment 3 christian barranco 2022-03-27 13:25:15 CEST
Hi.
Build is on-going -> heads-up to QA

Assignee: cjw => chb0

christian barranco 2022-03-27 13:25:50 CEST

CC: (none) => sysadmin-bugs

David Walser 2022-03-28 02:07:47 CEST

CC: sysadmin-bugs => (none)

Comment 4 christian barranco 2022-03-28 11:25:14 CEST
Hi. Package is now ready for QA testing in core-update_testing


ADVISORY NOTICE PROPOSAL
========================

Updated chromium-browser-stable packages fix a security exploit and bugs


Description
The chromium-browser-stable package has been updated to 99.0.4844.84 that fixes one security vulnerability and many bugs (together with 99.0.4844.82).

[1309225] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23
Google is aware that an exploit for CVE-2022-1096 exists in the wild. 

References
https://bugs.mageia.org/show_bug.cgi?id=30208
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_20.html


SRPMS
8/core
chromium-browser-stable-99.0.4844.84-1.mga8


PROVIDED PACKAGES
=================
x86_64
chromium-browser-99.0.4844.84-1.mga8.x86_64.rpm
chromium-browser-stable-99.0.4844.84-1.mga8.x86_64.rpm

i586
chromium-browser-99.0.4844.84-1.mga8.i586.rpm
chromium-browser-stable-99.0.4844.84-1.mga8.i586.rpm

Assignee: chb0 => qa-bugs

Comment 5 Jose Manuel López 2022-03-28 12:14:53 CEST
Hi, 

Updated in Vbox from the last version of Chromium.

Works fine for the moment.

Video y audio ok, youtube ok, addons ok, banks ok,

Greetings!

CC: (none) => joselp

Comment 6 Thomas Andrews 2022-03-28 15:22:23 CEST
MGA8-64 Plasma, i5-2500, Intel graphics, wired Internet.

No installation issues.

Not my usual browser, so I probably won't give it an extended test. However, I did try several websites, watched a video of the local TV weather forecast, checked out a fishing forum, looked at a root zone moisture map, and made my way here. No issues noted.

CC: (none) => andrewsfarm

Comment 7 Dave Hodgins 2022-03-28 15:56:08 CEST
No regressions noticed. Advisory committed to svn. Validating the update.

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 8 Mageia Robot 2022-03-28 18:24:41 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0118.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.