Hi upstream just release the first package on the new 106 branch. https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
CC: (none) => luigiwalser
FYI you don't need to CC directly, as I get all the Sec team stuff from the QA contact. Thanks for staying on top of this package.
CC: luigiwalser => (none)
ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable branch fixes bugs and vulnerabilities Description The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are: High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01 High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24 High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27 High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08 Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16 Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04 Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06 Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20 Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24 Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05 Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07 Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24 Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22 References https://bugs.mageia.org/show_bug.cgi?id=30802 https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html https://blog.chromium.org/2022/09/chrome-106-beta-new-css-features.html SRPMS 8/core chromium-browser-stable-106.0.5249.61-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-106.0.5249.61-1.mga8.x86_64.rpm chromium-browser-stable-106.0.5249.61-1.mga8.x86_64.rpm i586 chromium-browser-106.0.5249.61-1.mga8.i586.rpm chromium-browser-stable-106.0.5249.61-1.mga8.i586.rpm
Hi. Ready QA. Build time was not too bad this time ;) :)
CC: (none) => sysadmin-bugsAssignee: chb0 => qa-bugs
CC: (none) => fri
mga8-64 OK for me. Old i7, nvidia-current, Plasma, 4K screen Clean update using drakrpm Swedish localisation Remembered settings and open tabs Different login methods Three different video sites In terminal from where i started it i see it complaining about Vulcan, which is not strange as i have an old nvidia card.
MGA8 on a desktop PC. AMD CPU and GPU. Plasma. 2K screen. FR locale. Clean update All extensions are back Browsing ok Bank ok video ok Works as intended.
MGA8-64, Gnome, laptop, A6 working with youtube other sites working for me.
CC: (none) => brtians1
Hi. New security update 106.0.5249.91 just released. I propose not to push this one. https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html Build is starting.
Summary: Updated chromium 106.0.5249.61 packages fix vulnerabilities => Updated chromium 106.0.5249.91 packages fix vulnerabilities
Assignee: qa-bugs => chb0
Ready for QA again ! ;)
Assignee: chb0 => qa-bugs
OK 64 same tests as comment 4
Whiteboard: (none) => MGA8-64-OK
Sending this on before another shows up... ;) Validating. Advisory in Comment 2, with an additional reference in Comment 7.
CC: (none) => andrewsfarmKeywords: (none) => validated_update
Advisory committed using chromium-browser-stable-106.0.5249.91-1.mga8.src.rpm rather then .61, as that's the version in the testing repo.
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0357.html
Status: NEW => RESOLVEDResolution: (none) => FIXED