Ready for QA!

Assignee: chb0 => qa-bugs

ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable 109.0.5414.119 fixes bugs and vulnerabilities


Description
The chromium-browser-stable package has been updated to the 109.0.5414.119 release, fixing 6 vulnerabilities.

Some of the security fixes are:

High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19

High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06

Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03

Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14


References
https://bugs.mageia.org/show_bug.cgi?id=31465
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
https://www.androidpolice.com/google-chrome-109/



SRPMS
8/core
chromium-browser-stable-109.0.5414.119-1.mga8


PROVIDED PACKAGES
=================
x86_64
chromium-browser-109.0.5414.119-1.mga8.x86_64.rpm
chromium-browser-stable-109.0.5414.119-1.mga8.x86_64.rpm

i586
chromium-browser-109.0.5414.119-1.mga8.i586.rpm
chromium-browser-stable-109.0.5414.119-1.mga8.i586.rpm

mga8_64 OK for me
Plasma, nvidia-current, backport kernel 6.1.6-desktop-1.mga8
Swedish locale
Previously open tabs restored
Tested various logins at shop, bankings, tax authority
Tested video at various internet sites

CC: (none) => fri

MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Newspaper site, youtube, home banking site, all OK.

CC: (none) => herman.viaene

Installed and tested without issues.

System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics.

Tested:
- Lots of sites;
- HTTPS, HTTP1.1, HTTP2;
- WebGL, WebRTC;
- Video, Audio, Microphone, Camera.

Dark mode still does not work but this is not a regression.

$ uname -a
Linux jupiter 6.1.6-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jan 14 13:18:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q chromium-browser-stable 
chromium-browser-stable-109.0.5414.74-1.mga8

CC: (none) => mageia

(In reply to PC LX from comment #5)
> 
> Dark mode still does not work but this is not a regression.
> 
Hi. I understand it is not regression but I can look at it.
How do you activate the dark mode? I didn't find the option in Settings. Sorry, if I overlooked it.

(In reply to christian barranco from comment #6)
> (In reply to PC LX from comment #5)
> How do you activate the dark mode?

I'm using --force-dark-mode CLI option.

> I didn't find the option in Settings.
> Sorry, if I overlooked it.

I don't think it is anywhere in the settings.

$ chromium-browser --force-dark-mode

Works for me: window frame, menus etc are black with white text, but content seem to be controlled by the browsed site, but maybe I just do not know any site that respect it.

( Comparing to firefox: In settings ui choose dark mode and the settings go dark OK, but not menus etc, and no site I tried )

Plasma, MGA8-64

$ uname -a
Linux localhost 5.15.88-desktop-1.mga8 #1 SMP Sat Jan 14 15:00:41 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux


The following 2 packages are going to be installed:

- chromium-browser-stable-109.0.5414.119-1.mga8.x86_64
- lib64jsoncpp24-1.9.4-1.mga8.x86_64

549MB of additional disk space will be used.

- Using it for a few hours no issues

CC: (none) => brtians1

OK mga8-32, xfce

Tested a couple video sites and banking

( In the launching terminal, lot of error messages at launch about EGL, but that is probably normal in such installation, running in VirtualBox on mga8 )

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK

110.0.5481.77 has been released on February 7, fixing several security issues:
https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html

okay will watch for it

Assuming 109.... did not provide *critical* fix, waiting for 110.... to test

Whiteboard: MGA8-64-OK, MGA8-32-OK => (none)
Assignee: qa-bugs => chb0
Keywords: validated_update => feedback
CC: sysadmin-bugs => (none)

Hi. I am traveling and I will not be able to release 110 before about 2 weeks. 
I recommend to release this 109…119 addressing some vulnerabilities.

Than you for the quick reply Cristian

Setting back flags for releasing.

Advisory proposal in Comment 2.

From Comment 11, I opened
Bug 31534 - Chromium updated to 110.0.5481.77 to fix vulnerabilities

Keywords: feedback => validated_update
Assignee: chb0 => qa-bugs
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0044.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED