Hi. Upstream just released a new update and new branch, including 40 security fixes!
(In reply to David Walser from comment #1)
Thanks David for the correction!
Ready for QA!
@Adelson, could you test it as well? Thanks.
mga8-64 OK here
Plasma, nvidia-current, intel i7, kernel desktop 5.15.98
Settings and tabs kept, Swedish localisation
Three different login methods to four banks, video sites, ...
ADVISORY NOTICE PROPOSAL
New chromium-browser-stable 111.0.5563.64 fixes bugs and vulnerabilities
The chromium-browser-stable package has been updated to the 111.0.5563.64 release, fixing 17 vulnerabilities.
Some of the security fixes are:
High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Tested OK by using
- newspaper site with text and video+sound
- logging in to government sites using eidcard identification.
No problems with my bank site and others. Validating the update. Advisory
committed to svn.
An update for this issue has been pushed to the Mageia Updates repository.