UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome
Latest version: 79.0.3945.79-0ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links

Save this URL for the latest version of "chromium-browser": https://www.ubuntuupdates.org/chromium-browser

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "chromium-browser"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "chromium-browser" in Bionic

Repository Area Version
base universe 65.0.3325.181-0ubuntu1
updates universe 79.0.3945.79-0ubuntu0.18.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 79.0.3945.79-0ubuntu0.18.04.1 2019-12-16 22:07:04 UTC

  chromium-browser (79.0.3945.79-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 79.0.3945.79
    - CVE-2019-13725: Use after free in Bluetooth.
    - CVE-2019-13726: Heap buffer overflow in password manager.
    - CVE-2019-13727: Insufficient policy enforcement in WebSockets.
    - CVE-2019-13728: Out of bounds write in V8.
    - CVE-2019-13729: Use after free in WebSockets.
    - CVE-2019-13730: Type Confusion in V8.
    - CVE-2019-13732: Use after free in WebAudio.
    - CVE-2019-13734: Out of bounds write in SQLite.
    - CVE-2019-13735: Out of bounds write in V8.
    - CVE-2019-13764: Type Confusion in V8.
    - CVE-2019-13736: Integer overflow in PDFium.
    - CVE-2019-13737: Insufficient policy enforcement in autocomplete.
    - CVE-2019-13738: Insufficient policy enforcement in navigation.
    - CVE-2019-13739: Incorrect security UI in Omnibox.
    - CVE-2019-13740: Incorrect security UI in sharing.
    - CVE-2019-13741: Insufficient validation of untrusted input in Blink.
    - CVE-2019-13742: Incorrect security UI in Omnibox.
    - CVE-2019-13743: Incorrect security UI in external protocol handling.
    - CVE-2019-13744: Insufficient policy enforcement in cookies.
    - CVE-2019-13745: Insufficient policy enforcement in audio.
    - CVE-2019-13746: Insufficient policy enforcement in Omnibox.
    - CVE-2019-13747: Uninitialized Use in rendering.
    - CVE-2019-13748: Insufficient policy enforcement in developer tools.
    - CVE-2019-13749: Incorrect security UI in Omnibox.
    - CVE-2019-13750: Insufficient data validation in SQLite.
    - CVE-2019-13751: Uninitialized Use in SQLite.
    - CVE-2019-13752: Out of bounds read in SQLite.
    - CVE-2019-13753: Out of bounds read in SQLite.
    - CVE-2019-13754: Insufficient policy enforcement in extensions.
    - CVE-2019-13755: Insufficient policy enforcement in extensions.
    - CVE-2019-13756: Incorrect security UI in printing.
    - CVE-2019-13757: Incorrect security UI in Omnibox.
    - CVE-2019-13758: Insufficient policy enforcement in navigation.
    - CVE-2019-13759: Incorrect security UI in interstitials.
    - CVE-2019-13761: Incorrect security UI in Omnibox.
    - CVE-2019-13762: Insufficient policy enforcement in downloads.
    - CVE-2019-13763: Insufficient policy enforcement in payments.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/default-allocator: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-enable-version-string.patch: updated
  * debian/patches/widevine-other-locations: updated

 -- Olivier Tilloy <email address hidden> Wed, 11 Dec 2019 10:17:07 +0100
Source diff to previous version
CVE-2019-13725 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2019-13726 Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML pag
CVE-2019-13727 Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a cra
CVE-2019-13728 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a craft
CVE-2019-13729 Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HT
CVE-2019-13730 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HT
CVE-2019-13732 Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML
CVE-2019-13734 Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted H
CVE-2019-13735 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a c
CVE-2019-13764 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HT
CVE-2019-13736 Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF
CVE-2019-13737 Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive info
CVE-2019-13738 Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted
CVE-2019-13739 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homogr
CVE-2019-13740 Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-13741 Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via
CVE-2019-13742 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL ba
CVE-2019-13743 Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a craft
CVE-2019-13744 Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted H
CVE-2019-13745 Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTM
CVE-2019-13746 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL
CVE-2019-13747 Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption vi
CVE-2019-13748 Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive in
CVE-2019-13749 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL ba
CVE-2019-13750 Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a cra
CVE-2019-13751 Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from proces
CVE-2019-13752 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from proces
CVE-2019-13753 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from proces
CVE-2019-13754 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via
CVE-2019-13755 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HT
CVE-2019-13756 Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page
CVE-2019-13757 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a
CVE-2019-13758 Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restri
CVE-2019-13759 Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML
CVE-2019-13761 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a
CVE-2019-13762 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via
CVE-2019-13763 Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process

Version: 78.0.3904.108-0ubuntu0.18.04.1 2019-11-21 22:07:06 UTC

  chromium-browser (78.0.3904.108-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 78.0.3904.108 (LP: #1853149)
    - CVE-2019-13723: Use-after-free in Bluetooth.
    - CVE-2019-13724: Out-of-bounds access in Bluetooth.

 -- Olivier Tilloy <email address hidden> Tue, 19 Nov 2019 16:31:49 +0100
Source diff to previous version
1853149 78.0.3904.108-1 released for stable channel; fixes CVEs

Version: 78.0.3904.97-0ubuntu0.18.04.1 2019-11-15 04:06:19 UTC

  chromium-browser (78.0.3904.97-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 78.0.3904.97

 -- Olivier Tilloy <email address hidden> Thu, 07 Nov 2019 06:44:09 +0100
Source diff to previous version

Version: 78.0.3904.70-0ubuntu0.18.04.2 2019-11-06 02:06:52 UTC

  chromium-browser (78.0.3904.70-0ubuntu0.18.04.2) bionic; urgency=medium

  * debian/patches/widevine-other-locations: updated

 -- Olivier Tilloy <email address hidden> Fri, 01 Nov 2019 10:09:29 +0100
Source diff to previous version

Version: 77.0.3865.90-0ubuntu0.18.04.1 2019-09-30 21:06:56 UTC

  chromium-browser (77.0.3865.90-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 77.0.3865.90
    - CVE-2019-13685: Use-after-free in UI.
    - CVE-2019-13688: Use-after-free in media.
    - CVE-2019-13687: Use-after-free in media.
    - CVE-2019-13686: Use-after-free in offline pages.

 -- Olivier Tilloy <email address hidden> Fri, 20 Sep 2019 11:35:45 +0200


About   -   Send Feedback to @ubuntu_updates