Package "chromium-browser"

  chromium-browser (91.0.4472.101-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 91.0.4472.101
    - CVE-2021-30544: Use after free in BFCache.
    - CVE-2021-30545: Use after free in Extensions.
    - CVE-2021-30546: Use after free in Autofill.
    - CVE-2021-30547: Out of bounds write in ANGLE.
    - CVE-2021-30548: Use after free in Loader.
    - CVE-2021-30549: Use after free in Spell check.
    - CVE-2021-30550: Use after free in Accessibility.
    - CVE-2021-30551: Type Confusion in V8.
    - CVE-2021-30552: Use after free in Extensions.
    - CVE-2021-30553: Use after free in Network service.

 -- Olivier Tilloy <email address hidden> Thu, 10 Jun 2021 22:21:25 +0200

  chromium-browser (91.0.4472.77-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 91.0.4472.77
    - CVE-2021-30521: Heap buffer overflow in Autofill.
    - CVE-2021-30522: Use after free in WebAudio.
    - CVE-2021-30523: Use after free in WebRTC.
    - CVE-2021-30524: Use after free in TabStrip.
    - CVE-2021-30525: Use after free in TabGroups.
    - CVE-2021-30526: Out of bounds write in TabStrip.
    - CVE-2021-30527: Use after free in WebUI.
    - CVE-2021-30528: Use after free in WebAuthentication.
    - CVE-2021-30529: Use after free in Bookmarks.
    - CVE-2021-30530: Out of bounds memory access in WebAudio.
    - CVE-2021-30531: Insufficient policy enforcement in Content Security Policy.
    - CVE-2021-30532: Insufficient policy enforcement in Content Security Policy.
    - CVE-2021-30533: Insufficient policy enforcement in PopupBlocker.
    - CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox.
    - CVE-2021-30535: Double free in ICU.
    - CVE-2021-21212: Insufficient data validation in networking.
    - CVE-2021-30536: Out of bounds read in V8.
    - CVE-2021-30537: Insufficient policy enforcement in cookies.
    - CVE-2021-30538: Insufficient policy enforcement in content security policy.
    - CVE-2021-30539: Insufficient policy enforcement in content security policy.
    - CVE-2021-30540: Incorrect security UI in payments.
  * debian/control: add a build dependency on libcurl4-openssl-dev
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: updated
  * debian/patches/closure-compiler-use-system-wide-java.patch: added
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/node-use-system-wide.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden> Wed, 26 May 2021 13:02:18 +0200

  chromium-browser (90.0.4430.93-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 90.0.4430.93
    - CVE-2021-21227: Insufficient data validation in V8.
    - CVE-2021-21232: Use after free in Dev Tools.
    - CVE-2021-21233: Heap buffer overflow in ANGLE.
    - CVE-2021-21228: Insufficient policy enforcement in extensions.
    - CVE-2021-21229: Incorrect security UI in downloads.
    - CVE-2021-21230: Type Confusion in V8.
    - CVE-2021-21231: Insufficient data validation in V8.

 -- Olivier Tilloy <email address hidden> Wed, 28 Apr 2021 10:01:55 +0200

  chromium-browser (90.0.4430.72-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 90.0.4430.72
    - CVE-2021-21201: Use after free in permissions.
    - CVE-2021-21202: Use after free in extensions.
    - CVE-2021-21203: Use after free in Blink.
    - CVE-2021-21204: Use after free in Blink.
    - CVE-2021-21205: Insufficient policy enforcement in navigation.
    - CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
    - CVE-2021-21207: Use after free in IndexedDB.
    - CVE-2021-21208: Insufficient data validation in QR scanner.
    - CVE-2021-21209: Inappropriate implementation in storage.
    - CVE-2021-21210: Inappropriate implementation in Network.
    - CVE-2021-21211: Inappropriate implementation in Navigation.
    - CVE-2021-21212: Incorrect security UI in Network Config UI.
    - CVE-2021-21213: Use after free in WebMIDI.
    - CVE-2021-21214: Use after free in Network API.
    - CVE-2021-21215: Inappropriate implementation in Autofill.
    - CVE-2021-21216: Inappropriate implementation in Autofill.
    - CVE-2021-21217: Uninitialized Use in PDFium.
    - CVE-2021-21218: Uninitialized Use in PDFium.
    - CVE-2021-21219: Uninitialized Use in PDFium.
  * debian/patches/build-with-old-libva.patch: refreshed and renamed to
    debian/patches/build-with-old-libva-missing-defines.patch
  * debian/patches/build-with-old-libva-no-av1.patch: added
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: removed, no longer needed
  * debian/patches/libaom-armhf-build-cpudetect.patch: added
  * debian/patches/revert-sequence-checker-capability-name.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed

 -- Olivier Tilloy <email address hidden> Thu, 15 Apr 2021 12:25:19 +0200

  chromium-browser (89.0.4389.90-0ubuntu0.18.04.2) bionic; urgency=medium

  * debian/control: add an explicit runtime dependency on libx11-xcb1
    (LP: #1919146)

 -- Olivier Tilloy <email address hidden> Wed, 17 Mar 2021 18:52:33 +0100