UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome
Latest version: 90.0.4430.93-0ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "chromium-browser"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "chromium-browser" in Bionic

Repository Area Version
base universe 65.0.3325.181-0ubuntu1
updates universe 90.0.4430.93-0ubuntu0.18.04.1
PPA: Mint Upstream 2020.10.27
PPA: Mint Upstream 2020.10.27

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 90.0.4430.93-0ubuntu0.18.04.1 2021-05-10 22:07:45 UTC

  chromium-browser (90.0.4430.93-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 90.0.4430.93
    - CVE-2021-21227: Insufficient data validation in V8.
    - CVE-2021-21232: Use after free in Dev Tools.
    - CVE-2021-21233: Heap buffer overflow in ANGLE.
    - CVE-2021-21228: Insufficient policy enforcement in extensions.
    - CVE-2021-21229: Incorrect security UI in downloads.
    - CVE-2021-21230: Type Confusion in V8.
    - CVE-2021-21231: Insufficient data validation in V8.

 -- Olivier Tilloy <email address hidden> Wed, 28 Apr 2021 10:01:55 +0200
Source diff to previous version
CVE-2021-21227 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a craf
CVE-2021-21232 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM
CVE-2021-21233 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via
CVE-2021-21228 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious
CVE-2021-21229 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a craft
CVE-2021-21230 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21231 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a craf

Version: 90.0.4430.72-0ubuntu0.18.04.1 2021-04-20 19:07:18 UTC

  chromium-browser (90.0.4430.72-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 90.0.4430.72
    - CVE-2021-21201: Use after free in permissions.
    - CVE-2021-21202: Use after free in extensions.
    - CVE-2021-21203: Use after free in Blink.
    - CVE-2021-21204: Use after free in Blink.
    - CVE-2021-21205: Insufficient policy enforcement in navigation.
    - CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
    - CVE-2021-21207: Use after free in IndexedDB.
    - CVE-2021-21208: Insufficient data validation in QR scanner.
    - CVE-2021-21209: Inappropriate implementation in storage.
    - CVE-2021-21210: Inappropriate implementation in Network.
    - CVE-2021-21211: Inappropriate implementation in Navigation.
    - CVE-2021-21212: Incorrect security UI in Network Config UI.
    - CVE-2021-21213: Use after free in WebMIDI.
    - CVE-2021-21214: Use after free in Network API.
    - CVE-2021-21215: Inappropriate implementation in Autofill.
    - CVE-2021-21216: Inappropriate implementation in Autofill.
    - CVE-2021-21217: Uninitialized Use in PDFium.
    - CVE-2021-21218: Uninitialized Use in PDFium.
    - CVE-2021-21219: Uninitialized Use in PDFium.
  * debian/patches/build-with-old-libva.patch: refreshed and renamed to
    debian/patches/build-with-old-libva-missing-defines.patch
  * debian/patches/build-with-old-libva-no-av1.patch: added
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: removed, no longer needed
  * debian/patches/libaom-armhf-build-cpudetect.patch: added
  * debian/patches/revert-sequence-checker-capability-name.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed

 -- Olivier Tilloy <email address hidden> Thu, 15 Apr 2021 12:25:19 +0200
Source diff to previous version

Version: 89.0.4389.90-0ubuntu0.18.04.2 2021-03-24 21:07:07 UTC

  chromium-browser (89.0.4389.90-0ubuntu0.18.04.2) bionic; urgency=medium

  * debian/control: add an explicit runtime dependency on libx11-xcb1
    (LP: #1919146)

 -- Olivier Tilloy <email address hidden> Wed, 17 Mar 2021 18:52:33 +0100
Source diff to previous version
1919146 Missing runtime dependency on libx11-xcb1

Version: 89.0.4389.82-0ubuntu0.18.04.1 2021-03-13 13:07:08 UTC

  chromium-browser (89.0.4389.82-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 89.0.4389.82

 -- Olivier Tilloy <email address hidden> Sun, 07 Mar 2021 06:47:29 +0100
Source diff to previous version

Version: 87.0.4280.66-0ubuntu0.18.04.1 2020-12-02 11:07:13 UTC

  chromium-browser (87.0.4280.66-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 87.0.4280.66
    - CVE-2020-16018: Use after free in payments.
    - CVE-2020-16019: Inappropriate implementation in filesystem.
    - CVE-2020-16020: Inappropriate implementation in cryptohome.
    - CVE-2020-16021: Race in ImageBurner.
    - CVE-2020-16022: Insufficient policy enforcement in networking.
    - CVE-2020-16015: Insufficient data validation in WASM.
    - CVE-2020-16014: Use after free in PPAPI.
    - CVE-2020-16023: Use after free in WebCodecs.
    - CVE-2020-16024: Heap buffer overflow in UI.
    - CVE-2020-16025: Heap buffer overflow in clipboard.
    - CVE-2020-16026: Use after free in WebRTC.
    - CVE-2020-16027: Insufficient policy enforcement in developer tools.
    - CVE-2020-16028: Heap buffer overflow in WebRTC.
    - CVE-2020-16029: Inappropriate implementation in PDFium.
    - CVE-2020-16030: Insufficient data validation in Blink.
    - CVE-2019-8075: Insufficient data validation in Flash.
    - CVE-2020-16031: Incorrect security UI in tab preview.
    - CVE-2020-16032: Incorrect security UI in sharing.
    - CVE-2020-16033: Incorrect security UI in WebUSB.
    - CVE-2020-16034: Inappropriate implementation in WebRTC.
    - CVE-2020-16035: Insufficient data validation in cros-disks.
    - CVE-2020-16012: Side-channel information leakage in graphics.
    - CVE-2020-16036: Inappropriate implementation in cookies.
  * debian/rules: set chrome_pgo_phase build flag to 0 to disable PGO, because
    the upstream profile data is not compatible with the version of clang used
    to build chromium
  * debian/patches/default-allocator: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed

 -- Olivier Tilloy <email address hidden> Tue, 17 Nov 2020 23:14:09 +0100
CVE-2019-8075 Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Info


About   -   Send Feedback to @ubuntu_updates