Bug 34099 - chromium-browser-stable new security issues
Summary: chromium-browser-stable new security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-03-14 09:07 CET by Nicolas Salguero
Modified: 2025-03-20 00:45 CET (History)
5 users (show)

See Also:
Source RPM: chromium-browser-stable-134.0.6998.35-1.mga9.tainted.src.rpm
CVE: CVE-2025-1920, CVE-2025-2135, CVE-2025-2136, CVE-2025-2137
Status comment: Fixed upstream in 134.0.6998.88

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-03-14 09:07:28 CET 
Upstream has issued an advisory on March 10:
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html
Nicolas Salguero 2025-03-14 09:09:53 CET

Source RPM: (none) => chromium-browser-stable-134.0.6998.35-1.mga10.tainted.src.rpm, chromium-browser-stable-134.0.6998.35-1.mga9.tainted.src.rpm
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 134.0.6998.88
CVE: (none) => CVE-2025-1920, CVE-2025-2135, CVE-2025-2136, CVE-2025-2137

Nicolas Salguero 2025-03-14 09:35:45 CET

Assignee: bugsquad => nicolas.salguero

Comment 1 Morgan Leijström 2025-03-16 22:30:06 CET 
I see It is building on Cauldron

mga9-64 OK here

Swedish localisation OK
Settings and tabs restored.
Various banking sites, shop, video sites
printed a pdf to network printer.

CC: (none) => fri
Assignee: nicolas.salguero => qa-bugs

Comment 2 katnatek 2025-03-17 01:59:19 CET 
Packages:

x86_64:
chromium-browser-134.0.6998.88-1.mga9.tainted.x86_64.rpm
chromium-browser-stable-134.0.6998.88-1.mga9.tainted.x86_64.rpm


SRPM:
chromium-browser-stable-134.0.6998.88-1.mga9.tainted.src.rpm
Comment 3 Herman Viaene 2025-03-17 14:05:17 CET 
MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Played around newspaper site, youtube, no problems seen.

CC: (none) => herman.viaene

katnatek 2025-03-17 17:47:05 CET

Keywords: (none) => advisory

Comment 4 katnatek 2025-03-17 18:04:25 CET 
RH x86_64

Get it with other updates

installing /var/cache/urpmi/rpms/lib64quictls81.3-3.0.15-1.2.mga9.x86_64.rpm                          
/var/cache/urpmi/rpms/quictls-3.0.15-1.2.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/chromium-browser-stable-134.0.6998.88-1.mga9.tainted.x86_64.rpm
Preparing...                     ####################################################################
      1/3: lib64quictls81.3      ####################################################################
      2/3: quictls               ####################################################################
      3/3: chromium-browser-stable
                                 ####################################################################
      1/3: removing quictls-3.0.15-1.1.mga9.x86_64
                                 ####################################################################
      2/3: removing lib64quictls81.3-3.0.15-1.1.mga9.x86_64
                                 ####################################################################
      3/3: removing chromium-browser-stable-134.0.6998.35-1.mga9.tainted.x86_64
                                 ####################################################################

Youtube OK
mail.com OK

Get the traditional messages in terminal
Comment 5 katnatek 2025-03-17 18:05:10 CET 
Forget
Test webcam in zoom test page OK
Comment 6 Brian Rockwell 2025-03-18 19:08:53 CET 
MGA9-64, Xfce, Asus Laptop

AMD A6-9225 RADEON R4
RTL8723BE 
Bluetooth


Installed.

gmail, youtube, tomshardware sites all working as expected.


working as expected.

CC: (none) => brtians1

Nicolas Salguero 2025-03-19 09:25:35 CET

Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Source RPM: chromium-browser-stable-134.0.6998.35-1.mga10.tainted.src.rpm, chromium-browser-stable-134.0.6998.35-1.mga9.tainted.src.rpm => chromium-browser-stable-134.0.6998.35-1.mga9.tainted.src.rpm

Comment 7 Brian Rockwell 2025-03-19 13:47:02 CET 
I currently don't have any cauldron instances.  I'm giving Chromium an ok having lived with it in MGA9 for awhile

Whiteboard: (none) => MGA9-64-OK

Comment 8 Thomas Andrews 2025-03-19 23:19:27 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 9 Mageia Robot 2025-03-20 00:45:26 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0104.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.