Bug 30655 - Chromium updated to 103.0.5060.134, fixes bugs and security vulnerabilitie
Summary: Chromium updated to 103.0.5060.134, fixes bugs and security vulnerabilitie
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on: 30658
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-20 13:20 CEST by christian barranco
Modified: 2022-07-29 22:54 CEST (History)
6 users (show)

See Also:
Source RPM: chromium-browser-stable-103.0.5060.53-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description christian barranco 2022-07-20 13:20:12 CEST
Upstream just released the 103.0.5060.153 version, fixing bugs and 11 security vulnerabilities.
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
Comment 1 christian barranco 2022-07-20 13:21:03 CEST
(In reply to christian barranco from comment #0)
> Upstream just released the 103.0.5060.153 version, fixing bugs and 11
> security vulnerabilities.
> https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-
> desktop_19.html

sorry, typo mistake: 103.0.5060.134 version
Comment 2 christian barranco 2022-07-20 22:29:58 CEST
Cauldron should be up-to-date soon.
However, MGA8 update is currently blocked by https://bugs.mageia.org/show_bug.cgi?id=30658
christian barranco 2022-07-20 22:35:53 CEST

CC: (none) => cjw, lewyssmith

Morgan Leijström 2022-07-21 05:58:14 CEST

Depends on: (none) => 30658
CC: (none) => fri

Comment 3 christian barranco 2022-07-26 11:23:57 CEST
Hi.  Ready for QA in core/updates_tesing



ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable branch fixes bugs and security vulnerabilities


Description
The chromium-browser-stable package has been updated to the new 103.0.5060.134
branch, fixing many bugs and 11 CVE. Some of them are listed below:

[1336266] High CVE-2022-2477 : Use after free in Guest View. Reported by anonymous on 2022-06-14
[1335861] High CVE-2022-2478 : Use after free in PDF. Reported by triplepwns on 2022-06-13
[1329987] High CVE-2022-2479 : Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28
[1339844] High CVE-2022-2480 : Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27
[1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04
[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-2

[1345513] Various fixes from internal audits, fuzzing and other initiatives


References
https://bugs.mageia.org/show_bug.cgi?id=30655
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
https://blog.chromium.org/2022/05/chrome-103-beta-early-navigation-hints.html



SRPMS
8/core
chromium-browser-stable-103.0.5060.134-1.mga8


PROVIDED PACKAGES
=================
x86_64
chromium-browser-103.0.5060.134-1.mga8.x86_64.rpm
chromium-browser-stable-103.0.5060.134-1.mga8.x86_64.rpm

i586
chromium-browser-103.0.5060.134-1.mga8.i586.rpm
chromium-browser-stable-103.0.5060.134-1.mga8.i586.rpm

Assignee: chb0 => qa-bugs
CC: (none) => sysadmin-bugs

Comment 4 Morgan Leijström 2022-07-26 23:46:31 CEST
mga8-64 OK
Plasma, nvidia-current, 4k screen, i7
Localisation Swedish
Restored saved tabs
Browsing some sites with video and different logins
No regression noted.
Comment 5 christian barranco 2022-07-27 20:46:04 CEST
MGA8 x86_64, desktop PC, Plasma
Fresh installation via QA repo
Locale fr
browsing ok
video ok
search engine ok
Comment 6 Brian Rockwell 2022-07-28 04:12:08 CEST
MGA8-64, Gnome, laptop

The following 2 packages are going to be installed:

- chromium-browser-103.0.5060.134-1.mga8.x86_64
- chromium-browser-stable-103.0.5060.134-1.mga8.x86_64


-----

youtube works
jitsi meet works
slashdot works

working for me

CC: (none) => brtians1

Comment 7 Dave Hodgins 2022-07-29 19:22:20 CEST
No regressions noticed. Validating the update.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => davidwhodgins

Dave Hodgins 2022-07-29 19:48:54 CEST

Keywords: (none) => advisory

Comment 8 Mageia Robot 2022-07-29 22:54:44 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0268.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.