UbuntuUpdates.org

Package "chromium-browser"

Name: chromium-browser

Description:

Chromium web browser, open-source version of Chrome

Latest version: 71.0.3578.80-0ubuntu0.16.04.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/

Links

Save this URL for the latest version of "chromium-browser": https://www.ubuntuupdates.org/chromium-browser


Download "chromium-browser"


Other versions of "chromium-browser" in Xenial

Repository Area Version
base universe 49.0.2623.108-0ubuntu1.1233
security universe 71.0.3578.80-0ubuntu0.16.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 71.0.3578.80-0ubuntu0.16.04.1 2018-12-11 00:08:10 UTC

  chromium-browser (71.0.3578.80-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 71.0.3578.80
    - CVE-2018-17480: Out of bounds write in V8.
    - CVE-2018-17481: Use after frees in PDFium.
    - CVE-2018-18335: Heap buffer overflow in Skia.
    - CVE-2018-18336: Use after free in PDFium.
    - CVE-2018-18337: Use after free in Blink.
    - CVE-2018-18338: Heap buffer overflow in Canvas.
    - CVE-2018-18339: Use after free in WebAudio.
    - CVE-2018-18340: Use after free in MediaRecorder.
    - CVE-2018-18341: Heap buffer overflow in Blink.
    - CVE-2018-18342: Out of bounds write in V8.
    - CVE-2018-18343: Use after free in Skia.
    - CVE-2018-18344: Inappropriate implementation in Extensions.
    - CVE-2018-18345: Inappropriate implementation in Site Isolation.
    - CVE-2018-18346: Incorrect security UI in Blink.
    - CVE-2018-18347: Inappropriate implementation in Navigation.
    - CVE-2018-18348: Inappropriate implementation in Omnibox.
    - CVE-2018-18349: Insufficient policy enforcement in Blink.
    - CVE-2018-18350: Insufficient policy enforcement in Blink.
    - CVE-2018-18351: Insufficient policy enforcement in Navigation.
    - CVE-2018-18352: Inappropriate implementation in Media.
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18356: Use after free in Skia.
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18358: Insufficient policy enforcement in Proxy.
    - CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/no-new-ninja-flag.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
    debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

 -- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 23:08:03 +0100

Source diff to previous version

Version: 70.0.3538.110-0ubuntu0.16.04.1 2018-12-05 00:06:14 UTC

  chromium-browser (70.0.3538.110-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.110
    - CVE-2018-17479: Use-after-free in GPU.
  * debian/patches/relax-ninja-version-requirement.patch: refreshed

 -- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 12:13:30 +0100

Source diff to previous version

Version: 70.0.3538.77-0ubuntu0.16.04.1 2018-10-30 18:06:21 UTC

  chromium-browser (70.0.3538.77-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.77

 -- Olivier Tilloy <email address hidden> Thu, 25 Oct 2018 07:33:53 +0200

Source diff to previous version

Version: 70.0.3538.67-0ubuntu0.16.04.1 2018-10-24 16:07:13 UTC

  chromium-browser (70.0.3538.67-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.67
    - CVE-2018-17462: Sandbox escape in AppCache.
    - CVE-2018-17463: Remote code execution in V8.
    - CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
    - CVE-2018-17464: URL spoof in Omnibox.
    - CVE-2018-17465: Use after free in V8.
    - CVE-2018-17466: Memory corruption in Angle.
    - CVE-2018-17467: URL spoof in Omnibox.
    - CVE-2018-17468: Cross-origin URL disclosure in Blink.
    - CVE-2018-17469: Heap buffer overflow in PDFium.
    - CVE-2018-17470: Memory corruption in GPU Internals.
    - CVE-2018-17471: Security UI occlusion in full screen mode.
    - CVE-2018-17472: iframe sandbox escape on iOS.
    - CVE-2018-17473: URL spoof in Omnibox.
    - CVE-2018-17474: Use after free in Blink.
    - CVE-2018-17475: URL spoof in Omnibox.
    - CVE-2018-17476: Security UI occlusion in full screen mode.
    - CVE-2018-5179: Lack of limits on update() in ServiceWorker.
    - CVE-2018-17477: UI spoof in Extensions.
  * debian/rules:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag
  * debian/patches/arm-neon.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed
  * debian/known_gn_gen_args-*:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag

 -- Olivier Tilloy <email address hidden> Tue, 16 Oct 2018 22:54:27 +0200

Source diff to previous version

Version: 69.0.3497.81-0ubuntu0.16.04.1 2018-09-12 00:06:37 UTC

  chromium-browser (69.0.3497.81-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 69.0.3497.81
    - CVE-2018-16065: Out of bounds write in V8.
    - CVE-2018-16066: Out of bounds read in Blink.
    - CVE-2018-16067: Out of bounds read in WebAudio.
    - CVE-2018-16068: Out of bounds write in Mojo.
    - CVE-2018-16069: Out of bounds read in SwiftShader.
    - CVE-2018-16070: Integer overflow in Skia.
    - CVE-2018-16071: Use after free in WebRTC.
    - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
      Android's MediaPlayer.
    - CVE-2018-16073: Site Isolation bypass after tab restore.
    - CVE-2018-16074: Site Isolation bypass using Blob URLS.
    - CVE-2018-16075: Local file access in Blink.
    - CVE-2018-16076: Out of bounds read in PDFium.
    - CVE-2018-16077: Content security policy bypass in Blink.
    - CVE-2018-16078: Credit card information leak in Autofill.
    - CVE-2018-16079: URL spoof in permission dialogs.
    - CVE-2018-16080: URL spoof in full screen mode.
    - CVE-2018-16081: Local file access in DevTools.
    - CVE-2018-16082: Stack buffer overflow in SwiftShader.
    - CVE-2018-16083: Out of bounds read in WebRTC.
    - CVE-2018-16084: User confirmation bypass in external protocol handling.
    - CVE-2018-16085: Use after free in Memory Instrumentation.
  * debian/control: add uuid-dev as a build dependency (needed by fontconfig)
  * debian/rules: specify AR=llvm-ar-6.0 to build gn
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-add-missing-arm-impl-files.patch: added
  * debian/patches/last-commit-position: replaced by
    debian/patches/gn-no-last-commit-position.patch
  * debian/patches/no-new-ninja-flag.patch: updated
  * debian/patches/relax-ninja-version-requirement.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed

 -- Olivier Tilloy <email address hidden> Wed, 05 Sep 2018 13:47:36 +0200




About   -   Send Feedback to @ubuntu_updates