UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome

Latest version: 73.0.3683.75-0ubuntu0.18.10.1
Release: cosmic (18.10)
Level: updates
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links

Save this URL for the latest version of "chromium-browser": https://www.ubuntuupdates.org/chromium-browser


Download "chromium-browser"


Other versions of "chromium-browser" in Cosmic

Repository Area Version
base universe 69.0.3497.100-0ubuntu1
security universe 73.0.3683.75-0ubuntu0.18.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 73.0.3683.75-0ubuntu0.18.10.1 2019-03-18 16:06:36 UTC

  chromium-browser (73.0.3683.75-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 73.0.3683.75
    - CVE-2019-5787: Use after free in Canvas.
    - CVE-2019-5788: Use after free in FileAPI.
    - CVE-2019-5789: Use after free in WebMIDI.
    - CVE-2019-5790: Heap buffer overflow in V8.
    - CVE-2019-5791: Type confusion in V8.
    - CVE-2019-5792: Integer overflow in PDFium.
    - CVE-2019-5793: Excessive permissions for private API in Extensions.
    - CVE-2019-5794: Security UI spoofing.
    - CVE-2019-5795: Integer overflow in PDFium.
    - CVE-2019-5796: Race condition in Extensions.
    - CVE-2019-5797: Race condition in DOMStorage.
    - CVE-2019-5798: Out of bounds read in Skia.
    - CVE-2019-5799: CSP bypass with blob URL.
    - CVE-2019-5800: CSP bypass with blob URL.
    - CVE-2019-5801: Incorrect Omnibox display on iOS.
    - CVE-2019-5802: Security UI spoofing.
    - CVE-2019-5803: CSP bypass with Javascript URLs'.
    - CVE-2019-5804: Command line command injection on Windows.
  * debian/patches/additional-search-engines.patch: removed, no longer needed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: updated
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden> Tue, 12 Mar 2019 21:46:04 +0100

Source diff to previous version

Version: 72.0.3626.121-0ubuntu0.18.10.1 2019-03-07 17:07:03 UTC

  chromium-browser (72.0.3626.121-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 72.0.3626.121
    - CVE-2019-5786: Use-after-free in FileReader
  * debian/patches/gn-fix-link-pthread.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden> Tue, 05 Mar 2019 16:04:35 +0100

Source diff to previous version

Version: 72.0.3626.119-0ubuntu0.18.10.1 2019-03-05 19:08:55 UTC

  chromium-browser (72.0.3626.119-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 72.0.3626.119
  * debian/patches/gn-fix-link-pthread.patch: added

 -- Olivier Tilloy <email address hidden> Mon, 25 Feb 2019 12:00:37 +0100

Source diff to previous version

Version: 71.0.3578.98-0ubuntu0.18.10.1 2019-01-07 15:07:06 UTC

  chromium-browser (71.0.3578.98-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 71.0.3578.98
    - CVE-2018-17481: Use after free in PDFium.
  * debian/patches/suppress-newer-clang-warning-flags.patch: added back

 -- Olivier Tilloy <email address hidden> Thu, 13 Dec 2018 11:54:08 +0100

Source diff to previous version
CVE-2018-17481 Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a cr

Version: 71.0.3578.80-0ubuntu0.18.10.1 2018-12-11 00:08:51 UTC

  chromium-browser (71.0.3578.80-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 71.0.3578.80
    - CVE-2018-17480: Out of bounds write in V8.
    - CVE-2018-17481: Use after frees in PDFium.
    - CVE-2018-18335: Heap buffer overflow in Skia.
    - CVE-2018-18336: Use after free in PDFium.
    - CVE-2018-18337: Use after free in Blink.
    - CVE-2018-18338: Heap buffer overflow in Canvas.
    - CVE-2018-18339: Use after free in WebAudio.
    - CVE-2018-18340: Use after free in MediaRecorder.
    - CVE-2018-18341: Heap buffer overflow in Blink.
    - CVE-2018-18342: Out of bounds write in V8.
    - CVE-2018-18343: Use after free in Skia.
    - CVE-2018-18344: Inappropriate implementation in Extensions.
    - CVE-2018-18345: Inappropriate implementation in Site Isolation.
    - CVE-2018-18346: Incorrect security UI in Blink.
    - CVE-2018-18347: Inappropriate implementation in Navigation.
    - CVE-2018-18348: Inappropriate implementation in Omnibox.
    - CVE-2018-18349: Insufficient policy enforcement in Blink.
    - CVE-2018-18350: Insufficient policy enforcement in Blink.
    - CVE-2018-18351: Insufficient policy enforcement in Navigation.
    - CVE-2018-18352: Inappropriate implementation in Media.
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18356: Use after free in Skia.
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18358: Insufficient policy enforcement in Proxy.
    - CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
    needed
  * debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
    debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

 -- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 22:21:47 +0100




About   -   Send Feedback to @ubuntu_updates