Upstream has released version 101.0.4951.41 on April 26th: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html It includes 30 security fixes. The build has been successful locally. It just landed on Cauldron (no issue on Écosse). I will submit the build for MGA8 on Sunday evening.
mga8-64 OK Plasma, nvidia-current, Swedish. Tested different bank logins, video sites, printing.
CC: (none) => fri
Is this ready to assign to the qa team?
CC: (none) => davidwhodgins
Advisory committed to svn as $ cat 30350.adv type: security subject: Updated chromium-browser-stable packages fix security vulnerability CVE: - CVE-2022-1477 - CVE-2022-1478 - CVE-2022-1479 - CVE-2022-1481 - CVE-2022-1482 - CVE-2022-1483 - CVE-2022-1484 - CVE-2022-1485 - CVE-2022-1486 - CVE-2022-1487 - CVE-2022-1488 - CVE-2022-1489 - CVE-2022-1490 - CVE-2022-1491 - CVE-2022-1492 - CVE-2022-1493 - CVE-2022-1494 - CVE-2022-1495 - CVE-2022-1496 - CVE-2022-1497 - CVE-2022-1498 - CVE-2022-1499 - CVE-2022-1500 - CVE-2022-1501 src: 8: core: - chromium-browser-stable-101.0.4951.41-1.mga8 description: | Use after free in Vulkan. (CVE-2022-1477) Use after free in SwiftShader. (CVE-2022-1478) Use after free in ANGLE. (CVE-2022-1479) Use after free in Sharing. (CVE-2022-1481) Inappropriate implementation in WebGL. (CVE-2022-1482) Heap buffer overflow in WebGPU. (CVE-2022-1483) Heap buffer overflow in Web UI Settings. (CVE-2022-1484) Use after free in File System API. (CVE-2022-1485) Type Confusion in V8. (CVE-2022-1486) Use after free in Ozone. (CVE-2022-1487) Inappropriate implementation in Extensions API. (CVE-2022-1488) Out of bounds memory access in UI Shelf. (CVE-2022-1489) Use after free in Browser Switcher. (CVE-2022-1490) Use after free in Bookmarks. (CVE-2022-1491) Insufficient data validation in Blink Editing. (CVE-2022-1492) Use after free in Dev Tools. (CVE-2022-1493) Insufficient data validation in Trusted Types. (CVE-2022-1494) Incorrect security UI in Downloads. (CVE-2022-1495) Use after free in File Manager. (CVE-2022-1496) Inappropriate implementation in Input. (CVE-2022-1497) Inappropriate implementation in HTML Parser. (CVE-2022-1498) Inappropriate implementation in WebAuthentication. (CVE-2022-1499) Insufficient data validation in Dev Tools. (CVE-2022-1500) Inappropriate implementation in iframe. (CVE-2022-1501) references: - https://bugs.mageia.org/show_bug.cgi?id=30350 - https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
Keywords: (none) => advisory
Tested x86_64 with my bank and several other sites. Tested i586 under vb with various sites. Adding the ok tags.
Whiteboard: (none) => MGA8-64-OK MGA8-32-OK
Thanks guys for supporting while I am traveling. Assigned to QA.
CC: (none) => sysadmin-bugsAssignee: chb0 => qa-bugs
Validating the update. One thing I did notice is that https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html includes the statement "This update includes 29 security fixes." but then goes on to list only 24 fixes with CVE numbers assigned. Presumably the other 5 are included and will be detailed later.
Keywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0158.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
(In reply to Dave Hodgins from comment #6) > Validating the update. One thing I did notice is that > https://chromereleases.googleblog.com/2022/04/stable-channel-update-for- > desktop_26.html > includes the statement "This update includes 29 security fixes." but then > goes on to list only 24 fixes with CVE numbers assigned. Presumably the other > 5 are included and will be detailed later. It is not the first time there is a disconnect between the total number information and the list of cve. But where does the 30 I mentioned come from?? Anyway, there is already a new update 101.0.4951.54… Usually, the subsequent builds within the same branch are straightforward. I’ll give it a try on Wednesday night, when I’ll be back.