Bug 34340 - chromium-browser-stable new security issues CVE-2025-506[3-8], CVE-2025-528[013], CVE-2025-5419, CVE-2025-595[89]
Summary: chromium-browser-stable new security issues CVE-2025-506[3-8], CVE-2025-528[0...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO,MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-06-03 09:29 CEST by Nicolas Salguero
Modified: 2025-06-20 18:37 CEST (History)
6 users (show)

See Also:
Source RPM: chromium-browser-stable-134.0.6998.117-1.mga10.tainted.src.rpm, chromium-browser-stable-136.0.7103.113-1.mga9.tainted
CVE: CVE-2025-5063, CVE-2025-5064, CVE-2025-5065, CVE-2025-5066, CVE-2025-5067, CVE-2025-5068, CVE-2025-5280, CVE-2025-5281, CVE-2025-5283, CVE-2025-5419, CVE-2025-5958, CVE-2025-5959
Status comment: To build in Cauldron

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-06-03 09:29:23 CEST 
Upstream has issued an advisory on May 27:
https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html

Upstream has issued an advisory on June 2:
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
Nicolas Salguero 2025-06-03 09:31:54 CEST

Status comment: (none) => Fixed upstream in 137.0.7151.68
Source RPM: (none) => chromium-browser-stable-134.0.6998.117-1.mga10.tainted.src.rpm, chromium-browser-stable-136.0.7103.113-1.mga9.tainted.src.rpm
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2025-5063, CVE-2025-5064, CVE-2025-5065, CVE-2025-5066, CVE-2025-5067, CVE-2025-5068, CVE-2025-5280, CVE-2025-5281, CVE-2025-5283, CVE-2025-5419

Comment 1 Marja Van Waes 2025-06-05 21:03:47 CEST 
Assigning to the registered maintainer.

Assignee: bugsquad => cjw
CC: (none) => marja11

Comment 2 Nicolas Salguero 2025-06-12 09:28:09 CEST 
Upstream has issued an advisory on June 10:
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html

Status comment: Fixed upstream in 137.0.7151.68 => Fixed upstream in 137.0.7151.103
Summary: chromium-browser-stable new security issues CVE-2025-506[3-8], CVE-2025-528[013], CVE-2025-5419 => chromium-browser-stable new security issues CVE-2025-506[3-8], CVE-2025-528[013], CVE-2025-5419, CVE-2025-595[89]
CVE: CVE-2025-5063, CVE-2025-5064, CVE-2025-5065, CVE-2025-5066, CVE-2025-5067, CVE-2025-5068, CVE-2025-5280, CVE-2025-5281, CVE-2025-5283, CVE-2025-5419 => CVE-2025-5063, CVE-2025-5064, CVE-2025-5065, CVE-2025-5066, CVE-2025-5067, CVE-2025-5068, CVE-2025-5280, CVE-2025-5281, CVE-2025-5283, CVE-2025-5419, CVE-2025-5958, CVE-2025-5959

Comment 3 Morgan Leijström 2025-06-14 22:00:38 CEST 
mga9-64, Plasma, X11

Quick check on my workstation OK

§ Clean update
§ Settings kept, tabs restored automatically *)
§ Swedish localisation
Surfing some sites, incl video and banking *2), writing this
§ Downloaded some pdf, opened one in chromium and printed it using built in dialogue, and another using system print dialogue.
§ In terminal from where i launched it, about the same soup of same messages as usual

*) Weird, two tabs of sites got restored, but not open pdf:s opened from sites.
*2) Weirdness 2: one bank did not let me in at all, but worked in previous version, and stil works in Firefox ESR.  That is a problem of the bank possibly chromium upstream.


[morgan@svarten ~]$ inxi -SCG
System:
  Host: svarten.tribun Kernel: 6.6.93-desktop-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
CPU:
  Info: quad core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 1427 min/max: 1200/2934 cores: 1: 1427 2: 1427 3: 1427
    4: 1427 5: 1427 6: 1427 7: 1427 8: 1427
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,radeonsi,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 vendor: amd mesa v: 25.0.6 renderer: AMD Radeon RX
    6400 (radeonsi navi24 LLVM 15.0.6 DRM 3.54 6.6.93-desktop-1.mga9)

CC: (none) => fri

Comment 4 Morgan Leijström 2025-06-14 22:04:34 CEST 
$ chromium-browser --version
Chromium 136.0.7103.113 Mageia.Org 9

CC: (none) => cjw
Status comment: Fixed upstream in 137.0.7151.103 => To build in Cauldron
Assignee: cjw => qa-bugs

Comment 5 katnatek 2025-06-15 04:04:27 CEST 
RPMS:
chromium-browser-136.0.7103.113-2.mga9.tainted.x86_64.rpm
chromium-browser-stable-136.0.7103.113-2.mga9.tainted.x86_64.rpm

SRPM:
chromium-browser-stable-136.0.7103.113-2.mga9.tainted

Source RPM: chromium-browser-stable-134.0.6998.117-1.mga10.tainted.src.rpm, chromium-browser-stable-136.0.7103.113-1.mga9.tainted.src.rpm => chromium-browser-stable-134.0.6998.117-1.mga10.tainted.src.rpm, chromium-browser-stable-136.0.7103.113-1.mga9.tainted

Comment 6 katnatek 2025-06-15 04:31:52 CEST 
RH x86_64

installing chromium-browser-stable-136.0.7103.113-2.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: chromium-browser-stable
                                 ##################################################################################################
      1/1: removing chromium-browser-stable-136.0.7103.113-1.mga9.tainted.x86_64
                                 ##################################################################################################


youtube OK
mail.com OK
Webcam on zoom test page OK

Look good
katnatek 2025-06-15 22:23:30 CEST

Keywords: (none) => advisory

Comment 7 Herman Viaene 2025-06-16 11:22:08 CEST 
MGA9+-64 server Plasma Wayland on Compaq H000SB.
No installation issues.
Quick test showed no problems.

CC: (none) => herman.viaene

Comment 8 Thomas Andrews 2025-06-18 13:24:07 CEST 
Used several times over the last few days, mostly for banking. No issues noted.

I see no reason to hold this back. Validating for Mageia 9.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: MGA9TOO => MGA9TOO,MGA9-64-OK

Comment 9 Mageia Robot 2025-06-20 18:37:58 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0187.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.