UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome

Latest version: 69.0.3497.81-0ubuntu0.16.04.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links

Save this URL for the latest version of "chromium-browser": https://www.ubuntuupdates.org/chromium-browser


Download "chromium-browser"


Other versions of "chromium-browser" in Xenial

Repository Area Version
base universe 49.0.2623.108-0ubuntu1.1233
security universe 69.0.3497.81-0ubuntu0.16.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 69.0.3497.81-0ubuntu0.16.04.1 2018-09-12 00:06:37 UTC

  chromium-browser (69.0.3497.81-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 69.0.3497.81
    - CVE-2018-16065: Out of bounds write in V8.
    - CVE-2018-16066: Out of bounds read in Blink.
    - CVE-2018-16067: Out of bounds read in WebAudio.
    - CVE-2018-16068: Out of bounds write in Mojo.
    - CVE-2018-16069: Out of bounds read in SwiftShader.
    - CVE-2018-16070: Integer overflow in Skia.
    - CVE-2018-16071: Use after free in WebRTC.
    - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
      Android's MediaPlayer.
    - CVE-2018-16073: Site Isolation bypass after tab restore.
    - CVE-2018-16074: Site Isolation bypass using Blob URLS.
    - CVE-2018-16075: Local file access in Blink.
    - CVE-2018-16076: Out of bounds read in PDFium.
    - CVE-2018-16077: Content security policy bypass in Blink.
    - CVE-2018-16078: Credit card information leak in Autofill.
    - CVE-2018-16079: URL spoof in permission dialogs.
    - CVE-2018-16080: URL spoof in full screen mode.
    - CVE-2018-16081: Local file access in DevTools.
    - CVE-2018-16082: Stack buffer overflow in SwiftShader.
    - CVE-2018-16083: Out of bounds read in WebRTC.
    - CVE-2018-16084: User confirmation bypass in external protocol handling.
    - CVE-2018-16085: Use after free in Memory Instrumentation.
  * debian/control: add uuid-dev as a build dependency (needed by fontconfig)
  * debian/rules: specify AR=llvm-ar-6.0 to build gn
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-add-missing-arm-impl-files.patch: added
  * debian/patches/last-commit-position: replaced by
    debian/patches/gn-no-last-commit-position.patch
  * debian/patches/no-new-ninja-flag.patch: updated
  * debian/patches/relax-ninja-version-requirement.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed

 -- Olivier Tilloy <email address hidden> Wed, 05 Sep 2018 13:47:36 +0200

Source diff to previous version

Version: 68.0.3440.106-0ubuntu0.16.04.1 2018-08-17 02:33:37 UTC

  chromium-browser (68.0.3440.106-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 68.0.3440.106

 -- Olivier Tilloy <email address hidden> Thu, 09 Aug 2018 00:10:42 +0200

Source diff to previous version

Version: 68.0.3440.75-0ubuntu0.16.04.1 2018-07-31 16:06:34 UTC

  chromium-browser (68.0.3440.75-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 68.0.3440.75
    - CVE-2018-6153: Stack buffer overflow in Skia.
    - CVE-2018-6154: Heap buffer overflow in WebGL.
    - CVE-2018-6155: Use after free in WebRTC.
    - CVE-2018-6156: Heap buffer overflow in WebRTC.
    - CVE-2018-6157: Type confusion in WebRTC.
    - CVE-2018-6158: Use after free in Blink.
    - CVE-2018-6159: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6160: URL spoof in Chrome on iOS.
    - CVE-2018-6161: Same origin policy bypass in WebAudio.
    - CVE-2018-6162: Heap buffer overflow in WebGL.
    - CVE-2018-6163: URL spoof in Omnibox.
    - CVE-2018-6164: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6165: URL spoof in Omnibox.
    - CVE-2018-6166: URL spoof in Omnibox.
    - CVE-2018-6167: URL spoof in Omnibox.
    - CVE-2018-6168: CORS bypass in Blink.
    - CVE-2018-6169: Permissions bypass in extension installation.
    - CVE-2018-6170: Type confusion in PDFium.
    - CVE-2018-6171: Use after free in WebBluetooth.
    - CVE-2018-6172: URL spoof in Omnibox.
    - CVE-2018-6173: URL spoof in Omnibox.
    - CVE-2018-6174: Integer overflow in SwiftShader.
    - CVE-2018-6175: URL spoof in Omnibox.
    - CVE-2018-6176: Local user privilege escalation in Extensions.
    - CVE-2018-6177: Cross origin information leak in Blink.
    - CVE-2018-6178: UI spoof in Extensions.
    - CVE-2018-6179: Local file information leak in Extensions.
    - CVE-2018-6044: Request privilege escalation in Extensions.
    - CVE-2018-4117: Cross origin information leak in Blink.
  * debian/rules:
    - remove enable_webrtc build flag
    - make ninja less verbose to reduce build log size
  * debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
    (LP: #1772448)
  * debian/patches/add-missing-base-namespace.patch: added
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
  * debian/patches/fix-extra-arflags.patch: updated
  * debian/patches/fix-ffmpeg-ia32-build.patch: updated
  * debian/patches/last-commit-position: refreshed
  * debian/patches/no-new-ninja-flag.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/known_gn_gen_args-*: remove enable_webrtc build flag

 -- Olivier Tilloy <email address hidden> Wed, 25 Jul 2018 10:51:24 +0200

Source diff to previous version
1772448 launcher script runs Python 2 despite checking for /usr/bin/python3
CVE-2018-4117 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affec

Version: 67.0.3396.99-0ubuntu0.16.04.2 2018-07-17 21:06:40 UTC

  chromium-browser (67.0.3396.99-0ubuntu0.16.04.2) xenial; urgency=medium

  * debian/patches/libcxxabi-arm-ehabi-fix.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden> Wed, 11 Jul 2018 10:22:52 +0200

Source diff to previous version

Version: 66.0.3359.181-0ubuntu0.16.04.1 2018-05-24 23:06:47 UTC

  chromium-browser (66.0.3359.181-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 66.0.3359.181

 -- Olivier Tilloy <email address hidden> Tue, 15 May 2018 22:36:44 +0200




About   -   Send Feedback to @ubuntu_updates