33974 – chromium-browser-stable new security issue CVE-2025-0762

Bug 33974 - chromium-browser-stable new security issue CVE-2025-0762

Summary: chromium-browser-stable new security issue CVE-2025-0762

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-01-31 07:57 CET by Nicolas Salguero
Modified:	2025-02-05 20:52 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	chromium-browser-stable-132.0.6834.110-1.mga9.tainted.src.rpm
CVE:	CVE-2025-0762
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-01-31 07:57:03 CET

Upstream has issued an advisory on January 28:
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html

Nicolas Salguero 2025-01-31 07:57:45 CET

Whiteboard: (none) => MGA9TOO
Source RPM: (none) => chromium-browser-stable-132.0.6834.110-1.mga9.tainted.src.rpm
CVE: (none) => CVE-2025-0762
Status comment: (none) => Fixed upstream in 132.0.6834.159

Comment 1 Lewis Smith 2025-02-02 20:37:21 CET

version 132.0.6834.110 has only just been put into Cauldron; but this update to v132.0.6834.159 is yet more recent.
Since you Nicolas have been nursing this SRPM for some time, assignng this bug to you. Please re-asign it if you wish, perhaps for the Mageia 9 bit.

Assignee: bugsquad => nicolas.salguero

Comment 2 Nicolas Salguero 2025-02-04 09:40:11 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Use after free in DevTools. (CVE-2025-0762)

References:
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html
========================

Updated packages in tainted/updates_testing:
========================
chromium-browser-132.0.6834.159-1.mga9.tainted
chromium-browser-stable-132.0.6834.159-1.mga9.tainted

from SRPM:
chromium-browser-stable-132.0.6834.159-1.mga9.tainted.src.rpm

Status comment: Fixed upstream in 132.0.6834.159 => (none)
Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

katnatek 2025-02-04 20:06:01 CET

Keywords: (none) => advisory

Comment 3 Morgan Leijström 2025-02-04 22:33:57 CET

Updated, tests OK
Plasma X11
Intel i7-840 CPU, AMD GPU RX6400

Restored previous tabs. 
Swedish localisation.
About dialogue say 
 "Version 132.0.6834.159 (Officiell version) Mageia.Org 9 (64 bitar)"
Shopping, banking, tax, office, sites - different login methods.
Saved a picture from a Nextcloud login.
Printed fetched pdf to network printer.

CC: (none) => andrewsfarm, fri

Comment 4 Thomas Andrews 2025-02-04 23:51:05 CET

Mga9-64 Plasma. No installation issues. My bank likes it OK, and so does the fussy seed company.

Looks good here.

Comment 5 katnatek 2025-02-05 18:15:59 CET

RH x86_64

installing chromium-browser-stable-132.0.6834.159-1.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: chromium-browser-stable
                                 ##################################################################################################
      1/1: removing chromium-browser-stable-132.0.6834.110-1.mga9.tainted.x86_64
                                 ##################################################################################################


Youtube OK
mail.com OK
webcam on zoom test page OK
Other sites looks good

Same messages in terminal as in bug#33609 comment#26
Looks good for normal use

Comment 6 Thomas Andrews 2025-02-05 18:29:34 CET

This looks good to go to me. Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK

Comment 7 Mageia Robot 2025-02-05 20:52:08 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0037.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.