UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome
Latest version: 83.0.4103.61-0ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "chromium-browser"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "chromium-browser" in Bionic

Repository Area Version
base universe 65.0.3325.181-0ubuntu1
updates universe 83.0.4103.61-0ubuntu0.18.04.1
PPA: Mint Upstream 2020.06.15

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 83.0.4103.61-0ubuntu0.18.04.1 2020-06-03 01:06:34 UTC

  chromium-browser (83.0.4103.61-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 83.0.4103.61
    - CVE-2020-6465: Use after free in reader mode.
    - CVE-2020-6466: Use after free in media.
    - CVE-2020-6467: Use after free in WebRTC.
    - CVE-2020-6468: Type Confusion in V8.
    - CVE-2020-6469: Insufficient policy enforcement in developer tools.
    - CVE-2020-6470: Insufficient validation of untrusted input in clipboard.
    - CVE-2020-6471: Insufficient policy enforcement in developer tools.
    - CVE-2020-6472: Insufficient policy enforcement in developer tools.
    - CVE-2020-6473: Insufficient policy enforcement in Blink.
    - CVE-2020-6474: Use after free in Blink.
    - CVE-2020-6475: Incorrect security UI in full screen.
    - CVE-2020-6476: Insufficient policy enforcement in tab strip.
    - CVE-2020-6477: Inappropriate implementation in installer.
    - CVE-2020-6478: Inappropriate implementation in full screen.
    - CVE-2020-6479: Inappropriate implementation in sharing.
    - CVE-2020-6480: Insufficient policy enforcement in enterprise.
    - CVE-2020-6481: Insufficient policy enforcement in URL formatting.
    - CVE-2020-6482: Insufficient policy enforcement in developer tools.
    - CVE-2020-6483: Insufficient policy enforcement in payments.
    - CVE-2020-6484: Insufficient data validation in ChromeDriver.
    - CVE-2020-6485: Insufficient data validation in media router.
    - CVE-2020-6486: Insufficient policy enforcement in navigations.
    - CVE-2020-6487: Insufficient policy enforcement in downloads.
    - CVE-2020-6488: Insufficient policy enforcement in downloads.
    - CVE-2020-6489: Inappropriate implementation in developer tools.
    - CVE-2020-6490: Insufficient data validation in loader.
    - CVE-2020-6491: Incorrect security UI in site information.
  * debian/control: add build dependency on python-pkg-resources (needed for
    jinja2, since https://chromium.googlesource.com/chromium/src/+/312b6bf)
  * debian/rules: copy missing source file for gn build
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-extra-arflags.patch: removed, no longer needed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed

 -- Olivier Tilloy <email address hidden> Thu, 21 May 2020 15:28:16 +0200
Source diff to previous version
CVE-2020-6465 Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to
CVE-2020-6466 Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perf
CVE-2020-6467 Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p
CVE-2020-6468 Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6469 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6470 Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts o
CVE-2020-6471 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6472 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6473 Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information
CVE-2020-6474 Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa
CVE-2020-6475 Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page
CVE-2020-6476 Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious e
CVE-2020-6477 Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via
CVE-2020-6478 Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML
CVE-2020-6479 Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page
CVE-2020-6480 Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via U
CVE-2020-6481 Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a c
CVE-2020-6482 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6483 Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6484 Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6485 Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer proces
CVE-2020-6486 Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via
CVE-2020-6487 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6488 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6489 Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take c
CVE-2020-6490 Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cr
CVE-2020-6491 Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted

Version: 81.0.4044.138-0ubuntu0.18.04.1 2020-05-12 19:07:37 UTC

  chromium-browser (81.0.4044.138-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 81.0.4044.138
    - CVE-2020-6831: Stack buffer overflow in SCTP.
    - CVE-2020-6464: Type Confusion in Blink.

 -- Olivier Tilloy <email address hidden> Wed, 06 May 2020 08:57:33 +0200
Source diff to previous version

Version: 81.0.4044.122-0ubuntu0.18.04.1 2020-05-01 00:07:10 UTC
No changelog available yet.
Source diff to previous version

Version: 80.0.3987.163-0ubuntu0.18.04.1 2020-04-07 16:07:10 UTC

  chromium-browser (80.0.3987.163-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 80.0.3987.163

 -- Olivier Tilloy <email address hidden> Sat, 04 Apr 2020 16:28:10 +0200
Source diff to previous version

Version: 80.0.3987.149-0ubuntu0.18.04.1 2020-03-30 20:06:20 UTC

  chromium-browser (80.0.3987.149-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 80.0.3987.149
    - CVE-2019-20503: Out of bounds read in usersctplib.
    - CVE-2020-6383: Type confusion in V8.
    - CVE-2020-6384: Use after free in WebAudio.
    - CVE-2020-6386: Use after free in speech.
    - CVE-2020-6407: Out of bounds memory access in streams.
    - CVE-2020-6418: Type confusion in V8.
    - CVE-2020-6420: Insufficient policy enforcement in media.
    - CVE-2020-6422: Use after free in WebGL.
    - CVE-2020-6424: Use after free in media.
    - CVE-2020-6425: Insufficient policy enforcement in extensions.
    - CVE-2020-6426: Inappropriate implementation in V8.
    - CVE-2020-6427: Use after free in audio.
    - CVE-2020-6428: Use after free in audio.
    - CVE-2020-6429: Use after free in audio.
    - CVE-2020-6449: Use after free in audio.

 -- Olivier Tilloy <email address hidden> Wed, 18 Mar 2020 22:16:10 +0100
CVE-2019-20503 usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
CVE-2020-6383 Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
CVE-2020-6384 Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM
CVE-2020-6386 Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML
CVE-2020-6407 Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a
CVE-2020-6418 Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
CVE-2020-6420 Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted
CVE-2020-6422 Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p
CVE-2020-6424 Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p
CVE-2020-6425 Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious
CVE-2020-6426 Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a cra
CVE-2020-6427 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p
CVE-2020-6428 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p
CVE-2020-6429 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p
CVE-2020-6449 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p


About   -   Send Feedback to @ubuntu_updates