Upstream has released version 107.0.5304.68 on October 25: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html It fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Already an update: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html?m=1 I will wait for 1 week more, especially as I am traveling.
Summary: chromium-browser-stable new security issues fixed in 107.0.5304.68 => chromium-browser-stable new security issues fixed in 107.0.5304.87
ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 107 fixes bugs and vulnerabilities Description The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.87 version, fixing many bugs and 15 vulnerabilities, together with 107.0.5304.68. Some of the security fixes are: * High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30 * High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19 * High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19 * Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11 * Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18 * Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09 * Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14 * Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23 * Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20 * Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04 * High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25 References https://bugs.mageia.org/show_bug.cgi?id=31033 https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html https://developer.chrome.com/blog/chrome-107-beta/ SRPMS 8/core chromium-browser-stable-107.0.5304.87-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-107.0.5304.87-1.mga8.x86_64.rpm chromium-browser-stable-107.0.5304.87-1.mga8.x86_64.rpm i586 chromium-browser-107.0.5304.87-1.mga8.i586.rpm chromium-browser-stable-107.0.5304.87-1.mga8.i586.rpm
Hi. I have been struggling to build for i586 with MGA8, despite Cauldron works. Now, it should be fixed but upstream just released a new version, fixing new CVE: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
Summary: chromium-browser-stable new security issues fixed in 107.0.5304.87 => chromium-browser-stable new security issues fixed in 107.0.5304.110
ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 107 fixes bugs and vulnerabilities Description The chromium-browser-stable package has been updated to the new 107 branch with the 107.0.5304.110 version, fixing many bugs and 25 vulnerabilities, together with 107.0.5304.68 and 107.0.5304.87. Some of the security fixes are: * High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24 * High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10 * High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08 * High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16 * High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01 * High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01 * High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30 * High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19 * High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19 * Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11 * Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18 * Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09 * Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14 * Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23 * Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20 * Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04 * High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25 References https://bugs.mageia.org/show_bug.cgi?id=31033 https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html https://developer.chrome.com/blog/chrome-107-beta/ SRPMS 8/core chromium-browser-stable-107.0.5304.110-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-107.0.5304.110-1.mga8.x86_64.rpm chromium-browser-stable-107.0.5304.110-1.mga8.x86_64.rpm i586 chromium-browser-107.0.5304.110-1.mga8.i586.rpm chromium-browser-stable-107.0.5304.110-1.mga8.i586.rpm
Finally, ready for QA!
Assignee: chb0 => qa-bugsCC: (none) => fri
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Used newspaper- and sports-site to surf and display textg and pictures and video, all OK.
CC: (none) => herman.viaene
mga8-64, plasma, nvidia-current Swedish localisation Old tabs restored Surfed a few sites, internet video OK
Advisory committed to svn. Working on my bank and other sites. Validating.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0419.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED