Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Integer overflow in V8. (CVE-2025-6191)

Use after free in Profiler. (CVE-2025-6192)

References:
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html
========================

Updated packages in tainted/updates_testing:
========================
chromium-browser-136.0.7103.113-3.mga9.tainted
chromium-browser-stable-136.0.7103.113-3.mga9.tainted

from SRPM:
chromium-browser-stable-136.0.7103.113-3.mga9.tainted.src.rpm

Status: NEW => ASSIGNED
Source RPM: (none) => chromium-browser-stable-136.0.7103.113-2.mga9.tainted
CVE: (none) => CVE-2025-6191, CVE-2025-6192
Assignee: bugsquad => qa-bugs
Severity: normal => major

RH x86_64 

installing chromium-browser-stable-136.0.7103.113-3.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: chromium-browser-stable
                                 ##################################################################################################
      1/1: removing chromium-browser-stable-136.0.7103.113-2.mga9.tainted.x86_64
                                 ##################################################################################################


Webcam in zoom test page OK
mail.com OK
Youtube.com OK
Telegram web OK

mga9-64, Plasma, X11

Quick check on my workstation OK

§ Clean update
§ Settings kept, tabs restored automatically
§ Swedish localisation
Surfing some sites, incl video and banking *), writing this
§ local pdf in chromium and printed it using built in dialogue, and another using system print dialogue.
§ In terminal from where i launched it, about the same soup of same messages as usual


*) https://www.icabanken.se/ bank do not let me in at all, also not previous version. Stil works in Firefox ESR.  That is a problem of the bank and/or possibly chromium upstream, and as I am irritated on both parties already for other reasons, I am not inclined to dig.


[morgan@svarten ~]$ inxi -SCG
System:
  Host: svarten.tribun Kernel: 6.6.93-desktop-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
CPU:
  Info: quad core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 1233 min/max: 1200/2934 cores: 1: 1233 2: 1233 3: 1233
    4: 1233 5: 1233 6: 1233 7: 1233 8: 1233
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,radeonsi,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 vendor: amd mesa v: 25.0.7 renderer: AMD Radeon RX
    6400 (radeonsi navi24 LLVM 15.0.6 DRM 3.54 6.6.93-desktop-1.mga9)

CC: (none) => fri

Looks like should recommend qtwayland6 to people that set ozone platform to wayland

chromium-browser 
qt.qpa.plugin: Could not find the Qt platform plugin "wayland" in ""
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: minimalegl, linuxfb, vkkhrdisplay, minimal, offscreen, xcb, eglfs, vnc.

[0623/164130.632439:ERROR:third_party/crashpad/crashpad/snapshot/elf/elf_dynamic_array_reader.h:64] tag not found
Abortado (`core' generado)

After install, qtwayland6 works without issue

MGA9-64, Xfce, Intel celeron

usual suspects installed

$ chromium-browser -version
Chromium 136.0.7103.113 Mageia.Org 9

----



email
sites work

CC: (none) => brtians1

MGA9-64, Xfce, Intel celeron

usual suspects installed

$ chromium-browser -version
Chromium 136.0.7103.113 Mageia.Org 9

----



email
sites work

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Tested sites with sound, video .... All OK.

CC: (none) => herman.viaene

MGA9-64 Plasma. No installation issues.

Did some banking, removed Ablock Plus extension because of frequent requests to upgrade to paid version, installed uBlock Origin Lite to replace it.

No issues to report.

CC: (none) => andrewsfarm

This is about how much we use to test it.
Can be validated, i think.


(In reply to katnatek from comment #4)
> Looks like should recommend qtwayland6 to people that set ozone platform to
> wayland

What is ozone platform?


> After install, qtwayland6 works without issue

I guess it is not a good idea to have the chromium package blindly suggest a wayland package - the user may not want to use wayland, and it may pull in much dependencies?

Whiteboard: (none) => MGA9-64-OK

If it was a Recommends and not Requires, it wouldn't force installation of wayland packages.

(In reply to Morgan Leijström from comment #9)
> This is about how much we use to test it.
> Can be validated, i think.
> 
> 
> (In reply to katnatek from comment #4)
> > Looks like should recommend qtwayland6 to people that set ozone platform to
> > wayland
> 
> What is ozone platform?
> 
Is the way the developer name the mode in which chromium-browser runs

You can find in chrome://flags/

The values are auto, x11 and wayland

We can publish an Errata but the packagers need to be informed that  qtwayland6 need to be recommendation as minimum

I not want to block the update due this topic because this software take a lot to build

Keywords: (none) => FOR_ERRATA9

Agreed. Validating the update.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0196.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED