UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome
Latest version: 85.0.4183.83-0ubuntu0.18.04.2
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "chromium-browser"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "chromium-browser" in Bionic

Repository Area Version
base universe 65.0.3325.181-0ubuntu1
updates universe 85.0.4183.83-0ubuntu0.18.04.2
PPA: Mint Upstream 2020.06.15

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 85.0.4183.83-0ubuntu0.18.04.2 2020-09-08 13:06:22 UTC

  chromium-browser (85.0.4183.83-0ubuntu0.18.04.2) bionic; urgency=medium

  * debian/rules: install libEGL.so and libGLESv2.so, needed for
    hardware-accelerated rendering

 -- Olivier Tilloy <email address hidden> Mon, 31 Aug 2020 15:19:38 +0200
Source diff to previous version

Version: 84.0.4147.105-0ubuntu0.18.04.1 2020-08-04 20:06:38 UTC

  chromium-browser (84.0.4147.105-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 84.0.4147.105
    - CVE-2020-6537: Type Confusion in V8.
    - CVE-2020-6538: Inappropriate implementation in WebView.
    - CVE-2020-6532: Use after free in SCTP.
    - CVE-2020-6539: Use after free in CSS.
    - CVE-2020-6540: Heap buffer overflow in Skia.
    - CVE-2020-6541: Use after free in WebUSB.

 -- Olivier Tilloy <email address hidden> Tue, 28 Jul 2020 11:28:16 +0200
Source diff to previous version

Version: 83.0.4103.61-0ubuntu0.18.04.1 2020-06-03 01:06:34 UTC

  chromium-browser (83.0.4103.61-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 83.0.4103.61
    - CVE-2020-6465: Use after free in reader mode.
    - CVE-2020-6466: Use after free in media.
    - CVE-2020-6467: Use after free in WebRTC.
    - CVE-2020-6468: Type Confusion in V8.
    - CVE-2020-6469: Insufficient policy enforcement in developer tools.
    - CVE-2020-6470: Insufficient validation of untrusted input in clipboard.
    - CVE-2020-6471: Insufficient policy enforcement in developer tools.
    - CVE-2020-6472: Insufficient policy enforcement in developer tools.
    - CVE-2020-6473: Insufficient policy enforcement in Blink.
    - CVE-2020-6474: Use after free in Blink.
    - CVE-2020-6475: Incorrect security UI in full screen.
    - CVE-2020-6476: Insufficient policy enforcement in tab strip.
    - CVE-2020-6477: Inappropriate implementation in installer.
    - CVE-2020-6478: Inappropriate implementation in full screen.
    - CVE-2020-6479: Inappropriate implementation in sharing.
    - CVE-2020-6480: Insufficient policy enforcement in enterprise.
    - CVE-2020-6481: Insufficient policy enforcement in URL formatting.
    - CVE-2020-6482: Insufficient policy enforcement in developer tools.
    - CVE-2020-6483: Insufficient policy enforcement in payments.
    - CVE-2020-6484: Insufficient data validation in ChromeDriver.
    - CVE-2020-6485: Insufficient data validation in media router.
    - CVE-2020-6486: Insufficient policy enforcement in navigations.
    - CVE-2020-6487: Insufficient policy enforcement in downloads.
    - CVE-2020-6488: Insufficient policy enforcement in downloads.
    - CVE-2020-6489: Inappropriate implementation in developer tools.
    - CVE-2020-6490: Insufficient data validation in loader.
    - CVE-2020-6491: Incorrect security UI in site information.
  * debian/control: add build dependency on python-pkg-resources (needed for
    jinja2, since https://chromium.googlesource.com/chromium/src/+/312b6bf)
  * debian/rules: copy missing source file for gn build
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-extra-arflags.patch: removed, no longer needed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed

 -- Olivier Tilloy <email address hidden> Thu, 21 May 2020 15:28:16 +0200
Source diff to previous version
CVE-2020-6465 Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to
CVE-2020-6466 Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perf
CVE-2020-6467 Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p
CVE-2020-6468 Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6469 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6470 Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts o
CVE-2020-6471 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6472 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6473 Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information
CVE-2020-6474 Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa
CVE-2020-6475 Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page
CVE-2020-6476 Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious e
CVE-2020-6477 Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via
CVE-2020-6478 Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML
CVE-2020-6479 Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page
CVE-2020-6480 Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via U
CVE-2020-6481 Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a c
CVE-2020-6482 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malic
CVE-2020-6483 Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6484 Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6485 Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer proces
CVE-2020-6486 Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via
CVE-2020-6487 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6488 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a
CVE-2020-6489 Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take c
CVE-2020-6490 Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cr
CVE-2020-6491 Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted

Version: 81.0.4044.138-0ubuntu0.18.04.1 2020-05-12 19:07:37 UTC

  chromium-browser (81.0.4044.138-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 81.0.4044.138
    - CVE-2020-6831: Stack buffer overflow in SCTP.
    - CVE-2020-6464: Type Confusion in Blink.

 -- Olivier Tilloy <email address hidden> Wed, 06 May 2020 08:57:33 +0200
Source diff to previous version

Version: 81.0.4044.122-0ubuntu0.18.04.1 2020-05-01 00:07:10 UTC
No changelog available yet.


About   -   Send Feedback to @ubuntu_updates