Package "chromium-browser"

Name: chromium-browser


Chromium web browser, open-source version of Chrome

Latest version: 63.0.3239.84-0ubuntu0.17.04.1
Release: zesty (17.04)
Level: updates
Repository: universe
Homepage: https://chromium.googlesource.com/chromium/src/


Save this URL for the latest version of "chromium-browser": https://www.ubuntuupdates.org/chromium-browser

Download "chromium-browser"

Other versions of "chromium-browser" in Zesty

Repository Area Version
base universe 57.0.2987.98-0ubuntu1.1348
security universe 63.0.3239.84-0ubuntu0.17.04.1

Packages in group

Deleted packages are displayed in grey.

chromium-browser-l10n chromium-chromedriver chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra


Version: 63.0.3239.84-0ubuntu0.17.04.1 2017-12-11 23:06:43 UTC

  chromium-browser (63.0.3239.84-0ubuntu0.17.04.1) zesty; urgency=medium

  * Upstream release: 63.0.3239.84
    - CVE-2017-15407: Out of bounds write in QUIC.
    - CVE-2017-15408: Heap buffer overflow in PDFium.
    - CVE-2017-15409: Out of bounds write in Skia.
    - CVE-2017-15410: Use after free in PDFium.
    - CVE-2017-15411: Use after free in PDFium.
    - CVE-2017-15412: Use after free in libXML.
    - CVE-2017-15413: Type confusion in WebAssembly.
    - CVE-2017-15415: Pointer information disclosure in IPC call.
    - CVE-2017-15416: Out of bounds read in Blink.
    - CVE-2017-15417: Cross origin information disclosure in Skia.
    - CVE-2017-15418: Use of uninitialized value in Skia.
    - CVE-2017-15419: Cross origin leak of redirect URL in Blink.
    - CVE-2017-15420: URL spoofing in Omnibox.
    - CVE-2017-15422: Integer overflow in ICU.
    - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
    - CVE-2017-15424: URL Spoof in Omnibox.
    - CVE-2017-15425: URL Spoof in Omnibox.
    - CVE-2017-15426: URL Spoof in Omnibox.
    - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
  * debian/rules:
    - replace allow_posix_link_time_opt=false by use_lld=false, is_cfi=false
      and use_thin_lto=false
    - rename use_vulcanize GN flag to optimize_webui
    - generate the man page as it's not being built with chromium any
      longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa)
    - build gn with clang
  * debian/patches/arm-neon.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-gn-bootstrap.patch: removed, no longer needed
  * debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: updated
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-other-locations: updated (LP: #1652110)
  * debian/patches/widevine-revision.patch: added (LP: #1652110)

 -- Olivier Tilloy <email address hidden> Thu, 07 Dec 2017 13:35:57 +0100

Source diff to previous version
1652110 Chromium 55+ doesn't support Widevine library
CVE-2017-15412 use after free
CVE-2017-15422 integer overflow in icu

Version: 62.0.3202.94-0ubuntu0.17.04.1388 2017-11-24 03:06:54 UTC

  chromium-browser (62.0.3202.94-0ubuntu0.17.04.1388) zesty; urgency=medium

  * Upstream release: 62.0.3202.94

 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:39:47 +0100

Source diff to previous version

Version: 62.0.3202.89-0ubuntu0.17.04.1386 2017-11-14 15:06:52 UTC

  chromium-browser (62.0.3202.89-0ubuntu0.17.04.1386) zesty; urgency=medium

  * Upstream release: 62.0.3202.89
    - CVE-2017-15398: Stack buffer overflow in QUIC.
    - CVE-2017-15399: Use after free in V8.

 -- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:49:46 +0100

Source diff to previous version

Version: 62.0.3202.75-0ubuntu0.17.04.1384 2017-11-02 23:07:03 UTC

  chromium-browser (62.0.3202.75-0ubuntu0.17.04.1384) zesty; urgency=medium

  * Upstream release: 62.0.3202.75
    - CVE-2017-15396: Stack overflow in V8.
  * debian/control: bump Standards-Version to 4.1.1
  * debian/patches/set-rpath-on-chromium-executables.patch: updated
  * debian/tests/*:
    - removed stale autopkgtests
    - added new autopkgtests based on chromium's new headless mode
  * debian/source/include-binaries: updated to reflect new binary data in tests

 -- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 19:22:48 +0200

Source diff to previous version

Version: 62.0.3202.62-0ubuntu0.17.04.1379 2017-10-24 21:06:41 UTC

  chromium-browser (62.0.3202.62-0ubuntu0.17.04.1379) zesty; urgency=medium

  * Upstream release: 62.0.3202.62
    - CVE-2017-5124: UXSS with MHTML.
    - CVE-2017-5125: Heap overflow in Skia.
    - CVE-2017-5126: Use after free in PDFium.
    - CVE-2017-5127: Use after free in PDFium.
    - CVE-2017-5128: Heap overflow in WebGL.
    - CVE-2017-5129: Use after free in WebAudio.
    - CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
    - CVE-2017-5130: Heap overflow in libxml2.
    - CVE-2017-5131: Out of bounds write in Skia.
    - CVE-2017-5133: Out of bounds write in Skia.
    - CVE-2017-15386: UI spoofing in Blink.
    - CVE-2017-15387: Content security bypass.
    - CVE-2017-15388: Out of bounds read in Skia.
    - CVE-2017-15389: URL spoofing in OmniBox.
    - CVE-2017-15390: URL spoofing in OmniBox.
    - CVE-2017-15391: Extension limitation bypass in Extensions.
    - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
    - CVE-2017-15393: Referrer leak in Devtools.
    - CVE-2017-15394: URL spoofing in extensions UI.
    - CVE-2017-15395: Null pointer dereference in ImageCapture.
  * debian/control: bump Standards-Version to 4.1.0
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-compilation-for-atk.patch: removed, no longer needed
  * debian/patches/fix-gn-bootstrap.patch: updated
  * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
  * debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer
  * debian/patches/revert-clang-nostdlib++.patch: added
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/widevine-other-locations: refreshed

 -- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 22:19:17 +0200

About   -   Send Feedback to @ubuntu_updates