Updated packages are available for testing.

Source RPM: chromium-browser-stable-128.0.6613.137-2.mga9.tainted.src.rpm

Binary RPMs:

x86_64:
chromium-browser-128.0.6613.137-2.mga9.tainted.x86_64.rpm
chromium-browser-stable-128.0.6613.137-2.mga9.tainted.x86_64.rpm


proposed advisory:


Updated chromium-browser-stable packages fix security vulnerabilities


Integer overflow in Layout. (CVE-2024-7025)
Insufficient data validation in Mojo. (CVE-2024-9369)
Inappropriate implementation in V8. (CVE-2024-9370)
Type Confusion in V8. (CVE-2024-9602)
Type Confusion in V8. (CVE-2024-9603)

Status: NEW => ASSIGNED
CC: (none) => cjw
Assignee: cjw => qa-bugs

RH x86_64

installing chromium-browser-stable-128.0.6613.137-2.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: chromium-browser-stable
                                 ##################################################################################################
      1/1: removing chromium-browser-stable-128.0.6613.137-1.mga9.tainted.x86_64
                                 ##################################################################################################

Webcam OK
Youtube OK
mail.com OK

I wonder if we should include CVEs in bug#33609 ?

I just downloaded and installed the latest Chromium browser
(chromium-browser-stable-128.0.6613.137-2.mga9.tainted.x86_64.rpm)

The streaming problem (I think bug #33498) is still there.   :-(

CC: (none) => lloyd.osten

Is there a reason why Chromium browser does not get updated properly to the latest version? Browsers should be updated instead of applying countless patches for CVEs. The spec already contains a lot of patches, but now commits for CVEs gets added additionaly ( which are not even properly documented in the spec).
 
Btw, this Frankenstein browser version from this bugreport lags 3 upstream versions and 23! security issues behind!

(In reply to sturmvogel from comment #4)
> Is there a reason why Chromium browser does not get updated properly to the
> latest version? Browsers should be updated instead of applying countless
> patches for CVEs. The spec already contains a lot of patches, but now
> commits for CVEs gets added additionaly ( which are not even properly
> documented in the spec).
>  
> Btw, this Frankenstein browser version from this bugreport lags 3 upstream
> versions and 23! security issues behind!

This is a good question, we have now llvm19-suite packages in case is needed for build new versions

If we want to skip this security-only update and go to M130 right away, that's fine with me, someone just has to prepare that version update. I hope to have it ready by next week, but it may take longer. Note that all security issues patched here are labeled "High" by upstream.

(In reply to Christiaan Welvaart from comment #6)
> If we want to skip this security-only update and go to M130 right away,
> that's fine with me, someone just has to prepare that version update. I hope
> to have it ready by next week, but it may take longer. Note that all
> security issues patched here are labeled "High" by upstream.

Then we can live with this update for now, I think

MGA9-64, Xfce, Intel celeron

$ chromium-browser -version
Chromium 128.0.6613.137 Mageia.Org 9

----

email
sites work

CC: (none) => brtians1

Working well in my usual tests:

Restored previous tabs.

Swedish localisation.

Shopping, banking, tax, office, sites - different login methods.

Saved a picture from a Nextcloud login.

Print page to network printer

Opened local pdf and printed it to boomaga using both internal and system print dialogue.

Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update
CC: (none) => fri, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0341.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED