Hi. Upstream just releases 109.0.5414.74, bringing 17 security fixes. https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
Hi. The MGA8 build is ready in core/Updates_testing, but I will not flag it ready to QA before the Cauldron build is complete. For once (I need to buy a lottery ticket :) ), both MGA8 jobs have been assigned to Ecosse and MGA8 wan the race against MGA9 (despite MGA9 started earlier)!
ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 109.0.5414.74 fixes bugs and vulnerabilities Description The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities. Some of the security fixes are: High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30 Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28 Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05 Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17 Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26 Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10 Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23 Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24 Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18 Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12 References https://bugs.mageia.org/show_bug.cgi?id=31389 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://www.androidpolice.com/google-chrome-109/ SRPMS 8/core chromium-browser-stable-109.0.5414.74-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-109.0.5414.74-1.mga8.x86_64.rpm chromium-browser-stable-109.0.5414.74-1.mga8.x86_64.rpm i586 chromium-browser-109.0.5414.74-1.mga8.i586.rpm chromium-browser-stable-109.0.5414.74-1.mga8.i586.rpm
Lets hope that kind of luck or more will spread throughout the world this year. Anyway I tested it because I saw it. mga8-64 OK for me. Plasma CPU: i7-3770, Kernel 5.15.82-desktop-1.mga8 GPU: GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display. Used four sites with video, four banks with three different logins, Nextcloud server login, ...
CC: (none) => fri
Ready for QA!
Assignee: chb0 => qa-bugs
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Tested with same newspapersite as I do for Firefox updates. Everything I throw at it works OK, but the video rendering was noticeably more sluggish (more and longer interruptions) than Firefox. But that's not a reason to withhold this update.
CC: (none) => herman.viaene
(In reply to Herman Viaene from comment #5) > throw at it works OK, but the video rendering was noticeably more sluggish > (more and longer interruptions) than Firefox. But that's not a reason to > withhold this update. Hi. Is it the same video performance than with Chromium 108 or is it better with the previous Chromium version?
IMHO Chromium was never excellent at this. It is just now that I paid more attention to it, because I had a test of Chromium and a new version of Firefox within the hour. I don't feel it's necessary to raise an alarm.
MGA8-64, on Xfce, Toshiba Laptop AMD A6-3420M APU Radeon HD 6520G RTL8188CE 802.11b/g/n WiFi Adapter - chromium-browser-109.0.5414.74-1.mga8.x86_64 - chromium-browser-stable-109.0.5414.74-1.mga8.x86_64 - lib64jsoncpp24-1.9.4-1.mga8.x86_64 Tested video and some web sites. Working as expected for me
CC: (none) => brtians1
I normally use Firefox, but I have Chromium around to use as an alternative. Updated with qarepo, with no installation issues. Went to the U.S. Weather Service Climate Prediction Center https://www.cpc.ncep.noaa.gov/ and looked at long-range forecast, used Google to research how the expected transition from La Nina to an ESLO-neutral condition should affect the weather for the northeastern USA in the Spring, watched this week's edition of U.S. Farm Report https://farmjournaltv.gallery.video/ott/category/videos/u.s.-farm-report All things that I, as a farmer, might do on any given day, especially during the growing season. Everything worked perfectly. Looks OK for me. I'm going to give this an OK and Validate, before we bump up against the next version. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0016.html
Status: NEW => RESOLVEDResolution: (none) => FIXED