Upstream just released the 104.0.5112.101 version, fixing bugs and 11 CVE. https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable branch fixes bugs and CVE Description The chromium-browser-stable package has been updated to the new 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: [1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02 [1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18 [1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16 [1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21 [1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05 [1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04 [1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19 [1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22 [1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18 [1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21 [1353442] Various fixes from internal audits, fuzzing and other initiatives References https://bugs.mageia.org/show_bug.cgi?id=30756 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://blog.chromium.org/2022/06/chrome-104-beta-new-media-query-syntax.html SRPMS 8/core chromium-browser-stable-104.0.5112.101-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-104.0.5112.101-1.mga8.x86_64.rpm chromium-browser-stable-104.0.5112.101-1.mga8.x86_64.rpm i586 chromium-browser-104.0.5112.101-1.mga8.i586.rpm chromium-browser-stable-104.0.5112.101-1.mga8.i586.rpm
Severity: normal => critical
mga8-64 OK for me on Plasma, nvidia-current, 4K screen, Swedish locale Updated using drakrpm Settings and tabs preserved Played video, visited bank Printing via internal printer dialogue, and with system printer dialogue.
CC: (none) => fri
Hi Morgan. Is it on testing already? I still see it being built on rabbit. I had to resubmit it because I hit a timeout.
Woops! I thought I updated it before shutting off for hardware service (CPU cooler) this morning, but I apparently forgot updated failed. Embarrassing... Iĺl test when I see the new one...
Hi. Ready for QA. @Morgan: Go! ;)
Assignee: chb0 => qa-bugsCC: (none) => sysadmin-bugs
MGA8-64 Updated chromium with QA repo. Tested with: Netflix Bank site Gmail Facebook All is OK
CC: (none) => guillaume.royer
Tests OK as per comment 2, now version 104.0.5112.101-1
MGA8-64, GNOME, laptop installed -- ran Jitsi - working -- google cloud - working -- youtube works
CC: (none) => brtians1
Tested with my bank and a few other sites. No regressions noticed. Validating the update.
CC: (none) => davidwhodginsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0307.html
Status: NEW => RESOLVEDResolution: (none) => FIXED