ADVISORY NOTICE PROPOSAL
========================

New chromium-browser-stable 125.0.6422.141 security update


Description
The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes.
Some of them are:

* High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11
* High CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01
* High CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01
* High CVE-2024-5496: Use after free in Media Session. Reported by Cassidy Kim(@cassidy6564) on 2024-05-06
* High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2024-05-07
* High CVE-2024-5498: Use after free in Presentation API. Reported by anymous on 2024-05-09
* High CVE-2024-5499: Out of bounds write in Streams API. Reported by anonymous on 2024-05-11

Please, do note, only x86_64 is supported from now on.
i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code.


References
https://bugs.mageia.org/show_bug.cgi?id=33261
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html

SRPMS
9/tainted
chromium-browser-stable-125.0.6422.141-1.mga9.tainted.src.rpm


PROVIDED PACKAGES
=================
x86_64
chromium-browser-125.0.6422.141-1.mga9.tainted.x86_64.rpm
chromium-browser-stable-125.0.6422.141-1.mga9.tainted.x86_64.rpm

Ready for QA!

Assignee: chb0 => qa-bugs

(In reply to christian barranco from comment #2)
> Ready for QA!

Is strange is not even in https://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/9/x86_64/media/tainted/updates_testing/

I'll wait some extra time and come to later

I confirm the build the over:
https://pkgsubmit.mageia.org/?user=squidf

Most mirrors do not yet have it https://mirrors.mageia.org/status

But https://ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/tainted/updates_testing/ have.

 LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing chromium-browser-stable-125.0.6422.141-1.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: chromium-browser-stable
                                 ##################################################################################################
      1/1: removing chromium-browser-stable-125.0.6422.112-1.mga9.tainted.x86_64
                                 ##################################################################################################

Facebook OK
Youtube OK
Mageia sites OK
Post this comment in chromium

Forget to comment that the warning about the api key is not present , thank you christian

mga9-64 Plasma X11, nvidia470, 4k Screen

Yes the api warning is gone.
Also, it seems like less warnings in launching terminal overall.

Swedish localisation
Restored previously open tabs
Tried two banks, tax office, some video sites
Printing

Looks good to me.

Installed on several machines including this one.

No API error messages.

Things are working properly.

My opinion, this is good to go.

Working well here, too.

Validating, before they issue another one...

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA9-64-OK

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0205.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED