FEDORA-2021-e13d0fc790 created by spot 8 months ago for Fedora 33
obsolete

Hi there. This is the latest release of the browser that Google doesn't want you to use.

It fixes a bag full of security issues: CVE-2021-21162 CVE-2021-21180 CVE-2021-21164 CVE-2021-21170 CVE-2021-21181 CVE-2021-21166 CVE-2021-21160 CVE-2021-21179 CVE-2021-21187 CVE-2021-21173 CVE-2021-21174 CVE-2021-21183 CVE-2021-21161 CVE-2021-21171 CVE-2021-21178 CVE-2021-21169 CVE-2021-21163 CVE-2021-21175 CVE-2021-21177 CVE-2021-21185 CVE-2021-21190 CVE-2021-21184 CVE-2021-21168 CVE-2021-21167 CVE-2021-21188 CVE-2021-21172 CVE-2021-21182 CVE-2021-21176 CVE-2021-21159 CVE-2021-21186 CVE-2021-21165 CVE-2021-21189

This update has been submitted for testing by spot.

8 months ago

This update's test gating status has been changed to 'ignored'.

8 months ago

This update's test gating status has been changed to 'waiting'.

8 months ago

This update's test gating status has been changed to 'ignored'.

8 months ago

This update has been pushed to testing.

8 months ago
User Icon kparal commented & provided feedback 8 months ago
karma

Immediately crashes on opening any web page. Tried with a completely clean config profile, no change.

[23793:23793:0315/225245.398149:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.
Received signal 11 SEGV_MAPERR 000000000054
#0 0x56237df96529 base::debug::CollectStackTrace()
#1 0x56237def9986 base::debug::StackTrace::StackTrace()
#2 0x56237df95f69 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f277f95b1e0 (/usr/lib64/libpthread-2.32.so+0x141df)
#4 0x7f277dc9a605 __strlen_avx2
#5 0x5623808762ea cast_channel::KeepAliveHandler::HandleMessage()
#6 0x562380875acc cast_channel::KeepAliveDelegate::OnMessage()
#7 0x562380874e6c cast_channel::CastTransportImpl::DoReadCallback()
#8 0x56238087527f cast_channel::CastTransportImpl::OnReadResult()
#9 0x56238087707e cast_channel::MojoDataPump::ReceiveMore()
#10 0x56237e8a694d mojo::SimpleWatcher::OnHandleReady()
#11 0x56237df5af72 base::TaskAnnotator::RunTask()
#12 0x56237df7012b base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl()
#13 0x56237df70e16 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()
#14 0x56237dfc05c1 base::MessagePumpLibevent::Run()
#15 0x56237df6f410 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run()
#16 0x56237df3d56c base::RunLoop::Run()
#17 0x56237bd1bc4a content::BrowserProcessSubThread::IOThreadRun()
#18 0x56237df80db8 base::Thread::ThreadMain()
#19 0x56237dfa91e6 base::(anonymous namespace)::ThreadFunc()
#20 0x7f277f9503f9 start_thread
#21 0x7f277dc39b53 __GI___clone
  r8: 0000000000000000  r9: 0000000000000000 r10: 00007ffcdb5fa080 r11: 00007ffcdb5fa090
 r12: 000020cdb2926510 r13: 0000000000000054 r14: 00007f276a2f9f30 r15: 00007f276a2fa198
  di: 0000000000000054  si: 000056238503f567  bp: 00007f276a2f9cc0  bx: 000020cdb2ee8e60
  dx: 0000000000000054  ax: 0000000000000100  cx: 0000000000000014  sp: 00007f276a2f9c88
  ip: 00007f277dc9a605 efl: 0000000000010283 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000054
[end of stack trace]
Calling _exit(1). Core file will not be generated.
[23795:23809:0315/225253.651115:ERROR:broker_posix.cc(40)] Recvmsg error: Connection reset by peer (104)

Downgrading back to chromium-88.0.4324.182-2.fc33.x86_64 fixes the problem.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

8 months ago
User Icon ibims commented & provided feedback 8 months ago

It works for me. Tested in a VM with a stock Installation of Fedora-Workstation (fully updated). Don't give karma here, because i can't test it for some days on a bare metal PC with e.g. nvidia-driver installed.

This update can be pushed to stable now if the maintainer wishes

8 months ago
User Icon frantisekz commented & provided feedback 8 months ago
karma

Works well

User Icon bcotton commented & provided feedback 8 months ago
karma

Works fine for me.

User Icon stefanb commented & provided feedback 8 months ago
karma

Works for me.

karma

This update has been obsoleted by chromium-89.0.4389.90-3.fc33.

8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 months ago
in testing
8 months ago
BZ#1935934 CVE-2021-21162 chromium-browser: Use after free in WebRTC
0
0
BZ#1935935 CVE-2021-21180 chromium-browser: Use after free in tab search
0
0
BZ#1935936 CVE-2021-21164 chromium-browser: Insufficient data validation in Chrome for iOS
0
0
BZ#1935937 CVE-2021-21170 chromium-browser: Incorrect security UI in Loader
0
0
BZ#1935938 CVE-2021-21181 chromium-browser: Side-channel information leakage in autofill
0
0
BZ#1935939 CVE-2021-21166 chromium-browser: Object lifecycle issue in audio
0
0
BZ#1935940 CVE-2021-21160 chromium-browser: Heap buffer overflow in WebAudio
0
0
BZ#1935941 CVE-2021-21179 chromium-browser: Use after free in Network Internals
0
0
BZ#1935942 CVE-2021-21187 chromium-browser: Insufficient data validation in URL formatting
0
0
BZ#1935943 CVE-2021-21173 chromium-browser: Side-channel information leakage in Network Internals
0
0
BZ#1935944 CVE-2021-21174 chromium-browser: Inappropriate implementation in Referrer
0
0
BZ#1935945 CVE-2021-21183 chromium-browser: Inappropriate implementation in performance APIs
0
0
BZ#1935946 CVE-2021-21161 chromium-browser: Heap buffer overflow in TabStrip
0
0
BZ#1935947 CVE-2021-21171 chromium-browser: Incorrect security UI in TabStrip and Navigation
0
0
BZ#1935948 CVE-2021-21178 chromium-browser: Inappropriate implementation in Compositing
0
0
BZ#1935950 CVE-2021-21169 chromium-browser: Out of bounds memory access in V8
0
0
BZ#1935951 CVE-2021-21163 chromium-browser: Insufficient data validation in Reader Mode
0
0
BZ#1935952 CVE-2021-21175 chromium-browser: Inappropriate implementation in Site isolation
0
0
BZ#1935953 CVE-2021-21177 chromium-browser: Insufficient policy enforcement in Autofill
0
0
BZ#1935954 CVE-2021-21185 chromium-browser: Insufficient policy enforcement in extensions
0
0
BZ#1935955 CVE-2021-21190 chromium-browser: Uninitialized Use in PDFium
0
0
BZ#1935956 CVE-2021-21184 chromium-browser: Inappropriate implementation in performance APIs
0
0
BZ#1935958 CVE-2021-21168 chromium-browser: Insufficient policy enforcement in appcache
0
0
BZ#1935959 CVE-2021-21167 chromium-browser: Use after free in bookmarks
0
0
BZ#1935960 CVE-2021-21188 chromium-browser: Use after free in Blink
0
0
BZ#1935961 CVE-2021-21172 chromium-browser: Insufficient policy enforcement in File System API
0
0
BZ#1935962 CVE-2021-21182 chromium-browser: Insufficient policy enforcement in navigations
0
0
BZ#1935963 CVE-2021-21176 chromium-browser: Inappropriate implementation in full screen mode
0
0
BZ#1935964 CVE-2021-21159 chromium-browser: Heap buffer overflow in TabStrip
0
0
BZ#1935965 CVE-2021-21186 chromium-browser: Insufficient policy enforcement in QR scanning
0
0
BZ#1935966 CVE-2021-21165 chromium-browser: Object lifecycle issue in audio
0
0
BZ#1935967 CVE-2021-21189 chromium-browser: Insufficient policy enforcement in payments
0
0
BZ#1935971 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21164 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 ... chromium: various flaws [fedora-all]
0
0

Automated Test Results