Bug 31465 - Chromium updated to 109.0.5414.119 to fix vulnerabilities
Summary: Chromium updated to 109.0.5414.119 to fix vulnerabilities
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK, MGA8-32-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-01-28 10:01 CET by christian squidf
Modified: 2023-02-14 23:44 CET (History)
7 users (show)

See Also:
Source RPM: chromium-browser-stable-109.0.5414.74-1.mga8.src.rpm
Status comment:


Description christian squidf 2023-01-28 10:01:18 CET
Hi. New upstream release 109.0.5414.119, addressing 6 vulnerabilities:
christian squidf 2023-01-28 13:55:28 CET

QA Contact: (none) => security
Component: RPM Packages => Security

Comment 1 christian squidf 2023-01-29 18:23:08 CET
Ready for QA!

Assignee: chb0 => qa-bugs

Comment 2 christian squidf 2023-01-29 18:26:43 CET

New chromium-browser-stable 109.0.5414.119 fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 109.0.5414.119 release, fixing 6 vulnerabilities.

Some of the security fixes are:

High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19

High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06

Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03

Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14




Comment 3 Morgan Leijström 2023-01-29 18:58:04 CET
mga8_64 OK for me
Plasma, nvidia-current, backport kernel 6.1.6-desktop-1.mga8
Swedish locale
Previously open tabs restored
Tested various logins at shop, bankings, tax authority
Tested video at various internet sites

CC: (none) => fri

Nicolas Salguero 2023-02-01 16:14:54 CET

Version: Cauldron => 8
CC: (none) => nicolas.salguero

Comment 4 Herman Viaene 2023-02-02 11:32:33 CET
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Newspaper site, youtube, home banking site, all OK.

CC: (none) => herman.viaene

Comment 5 PC LX 2023-02-03 12:33:22 CET
Installed and tested without issues.

System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics.

- Lots of sites;
- WebGL, WebRTC;
- Video, Audio, Microphone, Camera.

Dark mode still does not work but this is not a regression.

$ uname -a
Linux jupiter 6.1.6-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jan 14 13:18:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q chromium-browser-stable 

CC: (none) => mageia

Comment 6 christian squidf 2023-02-03 13:20:40 CET
(In reply to PC LX from comment #5)
> Dark mode still does not work but this is not a regression.
Hi. I understand it is not regression but I can look at it.
How do you activate the dark mode? I didn't find the option in Settings. Sorry, if I overlooked it.
Comment 7 PC LX 2023-02-05 11:35:40 CET
(In reply to christian barranco from comment #6)
> (In reply to PC LX from comment #5)
> How do you activate the dark mode?

I'm using --force-dark-mode CLI option.

> I didn't find the option in Settings.
> Sorry, if I overlooked it.

I don't think it is anywhere in the settings.
Comment 8 Morgan Leijström 2023-02-05 12:32:30 CET
$ chromium-browser --force-dark-mode

Works for me: window frame, menus etc are black with white text, but content seem to be controlled by the browsed site, but maybe I just do not know any site that respect it.

( Comparing to firefox: In settings ui choose dark mode and the settings go dark OK, but not menus etc, and no site I tried )
Comment 9 Brian Rockwell 2023-02-07 17:12:58 CET
Plasma, MGA8-64

$ uname -a
Linux localhost 5.15.88-desktop-1.mga8 #1 SMP Sat Jan 14 15:00:41 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

The following 2 packages are going to be installed:

- chromium-browser-stable-109.0.5414.119-1.mga8.x86_64
- lib64jsoncpp24-1.9.4-1.mga8.x86_64

549MB of additional disk space will be used.

- Using it for a few hours no issues

CC: (none) => brtians1

Comment 10 Morgan Leijström 2023-02-08 18:50:55 CET
OK mga8-32, xfce

Tested a couple video sites and banking

( In the launching terminal, lot of error messages at launch about EGL, but that is probably normal in such installation, running in VirtualBox on mga8 )

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK

Comment 11 David Walser 2023-02-09 17:46:46 CET
110.0.5481.77 has been released on February 7, fixing several security issues:
Comment 12 Brian Rockwell 2023-02-09 17:49:39 CET
okay will watch for it
Comment 13 Morgan Leijström 2023-02-09 18:03:05 CET
Assuming 109.... did not provide *critical* fix, waiting for 110.... to test

Whiteboard: MGA8-64-OK, MGA8-32-OK => (none)
Assignee: qa-bugs => chb0
Keywords: validated_update => feedback
CC: sysadmin-bugs => (none)

Comment 14 christian squidf 2023-02-10 05:28:56 CET
Hi. I am traveling and I will not be able to release 110 before about 2 weeks. 
I recommend to release this 109…119 addressing some vulnerabilities.
Comment 15 Morgan Leijström 2023-02-10 09:02:00 CET
Than you for the quick reply Cristian

Setting back flags for releasing.

Advisory proposal in Comment 2.

From Comment 11, I opened
Bug 31534 - Chromium updated to 110.0.5481.77 to fix vulnerabilities

Keywords: feedback => validated_update
Assignee: chb0 => qa-bugs
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK

Dave Hodgins 2023-02-14 21:17:16 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 16 Mageia Robot 2023-02-14 23:44:58 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.