UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome

Latest version: 94.0.4606.71-0ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links


Download "chromium-browser"


Other versions of "chromium-browser" in Bionic

Repository Area Version
base universe 65.0.3325.181-0ubuntu1
updates universe 94.0.4606.71-0ubuntu0.18.04.1
PPA: Mint Upstream 2020.10.27
PPA: Mint Upstream 2020.10.27

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 94.0.4606.71-0ubuntu0.18.04.1 2021-10-07 03:06:23 UTC

  chromium-browser (94.0.4606.71-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 94.0.4606.71
    - CVE-2021-37974 : Use after free in Safe Browsing.
    - CVE-2021-37975 : Use after free in V8.
    - CVE-2021-37976 : Information leak in core.

 -- Olivier Tilloy <email address hidden> Fri, 01 Oct 2021 06:56:50 +0200

Source diff to previous version

Version: 93.0.4577.63-0ubuntu0.18.04.1 2021-09-20 23:06:17 UTC

  chromium-browser (93.0.4577.63-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 93.0.4577.63
    - CVE-2021-30606: Use after free in Blink.
    - CVE-2021-30607: Use after free in Permissions.
    - CVE-2021-30608: Use after free in Web Share.
    - CVE-2021-30609: Use after free in Sign-In.
    - CVE-2021-30610: Use after free in Extensions API.
    - CVE-2021-30611: Use after free in WebRTC.
    - CVE-2021-30612: Use after free in WebRTC.
    - CVE-2021-30613: Use after free in Base internals.
    - CVE-2021-30614: Heap buffer overflow in TabStrip.
    - CVE-2021-30615: Cross-origin data leak in Navigation.
    - CVE-2021-30616: Use after free in Media.
    - CVE-2021-30617: Policy bypass in Blink.
    - CVE-2021-30618: Inappropriate implementation in DevTools.
    - CVE-2021-30619: UI Spoofing in Autofill.
    - CVE-2021-30620: Insufficient policy enforcement in Blink.
    - CVE-2021-30621: UI Spoofing in Autofill.
    - CVE-2021-30622: Use after free in WebApp Installs.
    - CVE-2021-30623: Use after free in Bookmarks.
    - CVE-2021-30624: Use after free in Autofill.
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: refreshed
  * debian/patches/enable-chromecast-by-default.patch: removed, no longer needed
  * debian/patches/libaom-armhf-build-cpudetect.patch: refreshed
  * debian/patches/no-dirmd.patch: refreshed
  * debian/patches/qualify-ambiguous-name-lookup.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/v8-add-missing-constexpr-arm64.patch: removed, no longer
    needed (upstreamed)
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden> Wed, 25 Aug 2021 13:05:12 +0200

Source diff to previous version
CVE-2021-30606 Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-30607 Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-30608 Chromium: CVE-2021-30608 Use after free in Web Share
CVE-2021-30609 Chromium: CVE-2021-30609 Use after free in Sign-In
CVE-2021-30610 Chromium: CVE-2021-30610 Use after free in Extensions API
CVE-2021-30611 Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30612 Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30613 Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30614 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVE-2021-30615 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-30616 Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30617 Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-30618 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVE-2021-30619 Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVE-2021-30620 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVE-2021-30621 Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-30622 Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-30623 Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30624 Chromium: CVE-2021-30624 Use after free in Autofill

Version: 92.0.4515.159-0ubuntu0.18.04.1 2021-08-19 15:06:19 UTC

  chromium-browser (92.0.4515.159-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 92.0.4515.159
    - CVE-2021-30598: Type Confusion in V8.
    - CVE-2021-30599: Type Confusion in V8.
    - CVE-2021-30600: Use after free in Printing.
    - CVE-2021-30601: Use after free in Extensions API.
    - CVE-2021-30602: Use after free in WebRTC.
    - CVE-2021-30603: Race in WebAudio.
    - CVE-2021-30604: Use after free in ANGLE.

 -- Olivier Tilloy <email address hidden> Tue, 17 Aug 2021 09:23:53 +0200

Source diff to previous version

Version: 91.0.4472.101-0ubuntu0.18.04.1 2021-06-14 17:06:24 UTC

  chromium-browser (91.0.4472.101-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 91.0.4472.101
    - CVE-2021-30544: Use after free in BFCache.
    - CVE-2021-30545: Use after free in Extensions.
    - CVE-2021-30546: Use after free in Autofill.
    - CVE-2021-30547: Out of bounds write in ANGLE.
    - CVE-2021-30548: Use after free in Loader.
    - CVE-2021-30549: Use after free in Spell check.
    - CVE-2021-30550: Use after free in Accessibility.
    - CVE-2021-30551: Type Confusion in V8.
    - CVE-2021-30552: Use after free in Extensions.
    - CVE-2021-30553: Use after free in Network service.

 -- Olivier Tilloy <email address hidden> Thu, 10 Jun 2021 22:21:25 +0200

Source diff to previous version

Version: 91.0.4472.77-0ubuntu0.18.04.1 2021-06-01 23:06:20 UTC

  chromium-browser (91.0.4472.77-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 91.0.4472.77
    - CVE-2021-30521: Heap buffer overflow in Autofill.
    - CVE-2021-30522: Use after free in WebAudio.
    - CVE-2021-30523: Use after free in WebRTC.
    - CVE-2021-30524: Use after free in TabStrip.
    - CVE-2021-30525: Use after free in TabGroups.
    - CVE-2021-30526: Out of bounds write in TabStrip.
    - CVE-2021-30527: Use after free in WebUI.
    - CVE-2021-30528: Use after free in WebAuthentication.
    - CVE-2021-30529: Use after free in Bookmarks.
    - CVE-2021-30530: Out of bounds memory access in WebAudio.
    - CVE-2021-30531: Insufficient policy enforcement in Content Security Policy.
    - CVE-2021-30532: Insufficient policy enforcement in Content Security Policy.
    - CVE-2021-30533: Insufficient policy enforcement in PopupBlocker.
    - CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox.
    - CVE-2021-30535: Double free in ICU.
    - CVE-2021-21212: Insufficient data validation in networking.
    - CVE-2021-30536: Out of bounds read in V8.
    - CVE-2021-30537: Insufficient policy enforcement in cookies.
    - CVE-2021-30538: Insufficient policy enforcement in content security policy.
    - CVE-2021-30539: Insufficient policy enforcement in content security policy.
    - CVE-2021-30540: Incorrect security UI in payments.
  * debian/control: add a build dependency on libcurl4-openssl-dev
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: updated
  * debian/patches/closure-compiler-use-system-wide-java.patch: added
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/node-use-system-wide.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden> Wed, 26 May 2021 13:02:18 +0200

CVE-2021-21212 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiF



About   -   Send Feedback to @ubuntu_updates