New upstream release: https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
Ready for QA! ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 118.0.5993.70 fixes bugs and vulnerabilities Description The chromium-browser-stable package has been updated to the 118.0.5993.70 release, fixing bugs and 20 vulnerabilities. Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18 on 2023-09-27 Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17 Medium CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita on 2023-02-11 Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30 Medium CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-03-17 Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28 Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20 Medium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car] on 2023-09-15 Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09 Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02 Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12 Low CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs on 2023-08-13 Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29 Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18 References https://bugs.mageia.org/show_bug.cgi?id=32381 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html SRPMS 9/tainted chromium-browser-stable-118.0.5993.70-1.mga9.tainted.src.rpm PROVIDED PACKAGES ================= x86_64 chromium-browser-118.0.5993.70-1.mga9.tainted.x86_64.rpm chromium-browser-stable-118.0.5993.70-1.mga9.tainted.x86_64.rpm i586 chromium-browser-118.0.5993.70-1.mga9.tainted.i586.rpm chromium-browser-stable-118.0.5993.70-1.mga9.tainted.i586.rpm
Assignee: chb0 => qa-bugsCC: (none) => fri
Mageia9, x86_64. Working before update. Working afterwards. Site search -> APOD, Dust videos. Video and audio work OK. Used local file path as a URL and viewed a PDF journal without any glitches. Selected and printed a single page. Logged in to my bank and checked cash balances. Logged in to my NAS drive on the LAN - Windows interface - browsed files. Looks good here.
CC: (none) => tarazed25
OK here mga9-64, Plasma Nvidia470 on GTX750 kernel 6.4.16-desktop-3.mga9 on i7-870 Tabs from previous session preserved Swedish localisation Used three banking sites Used four video sites Printed to Boomaga
Advisory from comment 1 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete". I removed "20" from "fixing bugs and 20 vulnerabilities" in the description, because there were only 14 CVEs in comment 1.
Keywords: (none) => advisoryCC: (none) => marja11
Why the 22x22 icon is a dark one instead the traditional blue?
(In reply to Marja Van Waes from comment #4) > Advisory from comment 1 added to SVN. Please remove the "advisory" keyword > if it needs to be changed. It also helps when obsolete advisories are tagged > as "obsolete". > > I removed "20" from "fixing bugs and 20 vulnerabilities" in the description, > because there were only 14 CVEs in comment 1. Hi. Thanks. It is usual. Not all CVE are published. The number is then usually higher. It looks like though I have deleted by mistake the following sentence some time ago, before the list of CVEs : "Some of the security fixes are:"
(In reply to katnatek from comment #5) > Why the 22x22 icon is a dark one instead the traditional blue? Because for a reason I don't know, Chromium package does not include a 22x22 color icon. It does incluse a 22x22 monochrome. If I remember well, it is Wally who has found this monochrome icon and I have kept it since then. Arch does not ship any 22x22 icon. I just checked and Fedora neither. openSUSE uses only their own svg icon. I can remove it from next update (in about 2 weeks, usually), if you find this confusing.
(In reply to christian barranco from comment #7) > (In reply to katnatek from comment #5) > > Why the 22x22 icon is a dark one instead the traditional blue? > > Because for a reason I don't know, Chromium package does not include a 22x22 > color icon. It does incluse a 22x22 monochrome. > If I remember well, it is Wally who has found this monochrome icon and I > have kept it since then. > > Arch does not ship any 22x22 icon. I just checked and Fedora neither. > openSUSE uses only their own svg icon. > > I can remove it from next update (in about 2 weeks, usually), if you find > this confusing. Yes please, it's invisible on dark themes, I almost open a bug report thinking that the icon is missing, until I search on icon folders
MGA 9 64 GNOME Core I5, 16Go RAM Updated with QA Repo: No issue at installation: chromium-browser 118.0.5993.> 1.mga9.taint> x86_64 chromium-browser-stable 118.0.5993.> 1.mga9.taint> x86_64 Bank site OK, FaceBook OK Element Matrix web client OK Netflix OK
CC: (none) => guillaume.royer
Whiteboard: (none) => MGA9-64-OK
(In reply to christian barranco from comment #6) > (In reply to Marja Van Waes from comment #4) > > Advisory from comment 1 added to SVN. Please remove the "advisory" keyword > > if it needs to be changed. It also helps when obsolete advisories are tagged > > as "obsolete". > > > > I removed "20" from "fixing bugs and 20 vulnerabilities" in the description, > > because there were only 14 CVEs in comment 1. > > Hi. Thanks. It is usual. Not all CVE are published. The number is then > usually higher. > It looks like though I have deleted by mistake the following sentence some > time ago, before the list of CVEs : "Some of the security fixes are:" Complement from Chromium release notes: Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
@Marja see Comment 10 for advisory addition
Keywords: advisory => (none)
Cauldron is finally up to date. You can validate this update.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
(In reply to christian barranco from comment #6) > (In reply to Marja Van Waes from comment #4) > > > > I removed "20" from "fixing bugs and 20 vulnerabilities" in the description, > > because there were only 14 CVEs in comment 1. > > Hi. Thanks. It is usual. Not all CVE are published. The number is then > usually higher. > It looks like though I have deleted by mistake the following sentence some > time ago, before the list of CVEs : "Some of the security fixes are:" (In reply to Morgan Leijström from comment #11) > @Marja see Comment 10 for advisory addition Thanks Christian and Morgan. The advisory in SVN has been updated.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0289.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED