Upstream just released the 104.0.5112.79 version, fixing bugs and 27 CVE.
ADVISORY NOTICE PROPOSAL
New chromium-browser-stable branch fixes bugs and CVE
The chromium-browser-stable package has been updated to the new 104.0.5112.79
branch, fixing many bugs and 27 CVE. Some of them are listed below:
 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16
 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10
 High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22
 High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
 High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11
 High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01
 High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
 Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09
 Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28
 Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (firstname.lastname@example.org), Martin Schwarzl (email@example.com) on 2022-04-30
 Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13
 Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
 Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10
 Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02
 Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31
 Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21
 Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04
 Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17
 Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07
 Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
 Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20
 Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27
 Various fixes from internal audits, fuzzing and other initiatives
Ready for QA in core/updates_testing
mga8-64, Plasma, Swedish, Intel i7, Nvidia-current
OK: Localisation, settings, restores tabs
Tested a couple banking sites and video sites
MGA8-64 Plasma on Acer Aspire
No installation issues.
Checked newspaper site with sound and picturees and video, all OK.
No regressions for me, or anyone reporting on their testing. Validating.
An update for this issue has been pushed to the Mageia Updates repository.