UbuntuUpdates.org

Package "chromium-browser"

This package belongs to a PPA: Ubuntu Mozilla Security




Name: chromium-browser

Description:

Chromium browser
Chromium is an open-source browser project that aims to build a safer, faster,
and more stable way for all Internet users to experience the web.

Chromium serves as a base for Google Chrome, which is Chromium rebranded (name
and logo) with very few additions such as usage tracking and an auto-updater
system.

This package contains the Chromium browser

Latest version: *DELETED*
Release: precise (12.04)
Level: base
Repository: main

Links


Download "chromium-browser"


Other versions of "chromium-browser" in Precise

Repository Area Version
base universe 18.0.1025.151~r130497-0ubuntu1
security universe 37.0.2062.120-0ubuntu0.12.04.4
updates universe 37.0.2062.120-0ubuntu0.12.04.4
PPA: Chromium Stable Channel 30.0.1599.114-0ubuntu0.12.04.4~cm0precise
PPA: WebApps Preview 20.0.1132.47~r144678-0precise1+webapps7
PPA: Mint Upstream 2020.06.15

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: *DELETED* 2013-08-06 21:10:25 UTC
No changelog for deleted or moved packages.

Version: 28.0.1500.71-0ubuntu1.12.04.1 2013-07-18 16:09:10 UTC

 chromium-browser (28.0.1500.71-0ubuntu1.12.04.1) precise-security; urgency=low
 .
   * New release 28.0.1500.71.
   * debian/chromium-browser.install: Include inspector resources in
     chromium-browser package.
   * debian/rules:
     - Remove tests for ancient versions of Ubuntu.
     - Return to using no explicity NEON fpu, and instead try to detect at
       runtime NEON caps. This effectively disables NEON, so far.
     - Build and run unit test suite as part of making a package. Abort if
       more than 15 out of ~1000 tests fail.
     - Clean up packaging sanity test that verifies everything we build is
       put into a package.
     - Set relative rpath to libs/ for chromium-browser executable, but . for
       libraries in libs/ ; that makes dpkg-shlibdeps happy and process run.
     - Strip out some ugly logic around keeping only one language in the main
       package, and keeping the contents verifier happy based on the
       architecture.
     - EXPERIMENT: Try not stripping enormous libraries' symbols explicitly.
     - Add more exceptions for packaging contents tests, this time to exclude
       files that are in package but not from the build tree.
     - Be more explicit about what files we set the rpath on. Get all
       executables. We missed chromedriver before.
     - Only one hardware arch builds the independent files, so in our sanity
       test that we install everything upstream built once and only once in
       packages, we have to consider whether this build didn't even try to
       take and use arch-independent files. Don't look for some file paths if
       we don't use them. (Also, if we match too much of what we used, also
       remove matches from the list of created. This should be better.)
   * debian/patches/arm-neon.patch:
     - Compile in NEON instructions for ARM, even if we can't reliably check for
       whether our CPU is capable of running them yet. The major problem
       remaining is that the sandbox security wrapper defeats any test of
       /proc/cpuinfo .
   * debian/source/lintian-overrides:
     - Supress warnings about known intentional decisions: Package name,
       statically linked bundled libraries, setuid root sandbox.
   * debian/chromium-browser.sh.in:
     - Detect at startup the features of the CPU that we might be intersted
       in and export info into the environment. This is step one of a longer
       workaround for sandbox /proc restrictions.
   * Make a fall-back for when upstream fails to release a Release. Package up
     as best we can from source control. debian/rules and
     debian/checkout-orig-source.mk .
   * debian/tests/:
     - Add smoketest to verify that chromium runs.
     - Add a empty webapps test file for notes about what parts of webapps will
       or should be tested.
   * debian/keep-alive.sh. Quit if disk environment disappears.
   * debian/chromium-browser.install
     - Conform to newer Ayatana standard for Desktop Actions.


Version: *DELETED* 2013-07-10 14:18:18 UTC
No changelog for deleted or moved packages.

Version: 28.0.1500.52-0ubuntu1.12.04.2 2013-06-27 00:09:57 UTC

 chromium-browser (28.0.1500.52-0ubuntu1.12.04.2) precise-security; urgency=low
 .
   [Chad MILLER]
   * New stable release 28.0.1500.52
   * New stable release 28.0.1500.45
   * New stable release 27.0.1453.110:
     - CVE-2013-2855: Memory corruption in dev tools API.
     - CVE-2013-2856: Use-after-free in input handling.
     - CVE-2013-2857: Use-after-free in image handling.
     - CVE-2013-2858: Use-after-free in HTML5 Audio.
     - CVE-2013-2859: Cross-origin namespace pollution.
     - CVE-2013-2860: Use-after-free with workers accessing database APIs.
     - CVE-2013-2861: Use-after-free with SVG.
     - CVE-2013-2862: Memory corruption in Skia GPU handling.
     - CVE-2013-2863: Memory corruption in SSL socket handling.
     - CVE-2013-2864: Bad free in PDF viewer.
   * New stable release 27.0.1453.93:
     - CVE-2013-2837: Use-after-free in SVG.
     - CVE-2013-2838: Out-of-bounds read in v8.
     - CVE-2013-2839: Bad cast in clipboard handling.
     - CVE-2013-2840: Use-after-free in media loader.
     - CVE-2013-2841: Use-after-free in Pepper resource handling.
     - CVE-2013-2842: Use-after-free in widget handling.
     - CVE-2013-2843: Use-after-free in speech handling.
     - CVE-2013-2844: Use-after-free in style resolution.
     - CVE-2013-2845: Memory safety issues in Web Audio.
     - CVE-2013-2846: Use-after-free in media loader.
     - CVE-2013-2847: Use-after-free race condition with workers.
     - CVE-2013-2848: Possible data extraction with XSS Auditor.
     - CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
   * Drop unneeded patches,
       safe-browsing-sigbus.patch
       dont-assume-cross-compile-on-arm.patch
       struct-siginfo.patch
       ld-memory-32bit.patch
       dlopen_sonamed_gl.patch
   * Update arm-neon patch, format-flag patch, search-credit patch,
     title-bar-system-default patch.
   * Make get-orig-source nicer. Package tarball contents from upstream
     correctly.
   * Reenable dyn-linking of major components of chromium for 32-bit machines.
     Fix a libdir path bug in debian/chromium-browser.sh.in .
   * No longer try to use system libraries. Generally, Security Team would
     hate bundled libraries because they provide a wide liability, but
     Chromium Project is pretty good about maintaining their bundled-source
     libraries. We can not pull cr-required lib versions forward in older
     Ubuntus, and we can't guarantee all the distro versions of libraries work
     with chromium-browser. The default security policy might be worse. Bundled
     libraries is less work overall.
   * Exclude included XDG files even if they are built.
   * Use NEON instructions on ARM, optionally. This might use run-time checks
     for hardware capability, but even if it doesn't we can add it later.
   * Clean up difference checks in debian/rules that make sure that all files
     that the build makes are used in packages, and no longer hide any, and no
     longer consider it an error if some are unused. Treat it as a warning,
     not a fatality.
   * Use legible shell instead of make-generated shell in setting the rpath
     in rules.
   * Add new build-dep, "chrpath".
 .
   [Chris Coulson]
   * debian/rules: Disable tcmalloc on all component builds, not just on
     arm builds.
 .

Source diff to previous version
CVE-2013-2855 The Developer Tools API in Google Chrome before 27.0.1453.110 allows ...
CVE-2013-2856 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...
CVE-2013-2857 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...
CVE-2013-2858 Use-after-free vulnerability in the HTML5 Audio implementation in ...
CVE-2013-2859 Google Chrome before 27.0.1453.110 allows remote attackers to bypass ...
CVE-2013-2860 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...
CVE-2013-2861 Use-after-free vulnerability in the SVG implementation in Google ...
CVE-2013-2862 Skia, as used in Google Chrome before 27.0.1453.110, does not properly ...
CVE-2013-2863 Google Chrome before 27.0.1453.110 does not properly handle SSL ...
CVE-2013-2864 The PDF functionality in Google Chrome before 27.0.1453.110 allows ...
CVE-2013-2837 Use-after-free vulnerability in the SVG implementation in Google ...
CVE-2013-2838 Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...
CVE-2013-2839 Google Chrome before 27.0.1453.93 does not properly perform a cast of ...
CVE-2013-2840 Use-after-free vulnerability in the media loader in Google Chrome ...
CVE-2013-2841 Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...
CVE-2013-2842 Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...
CVE-2013-2843 Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...
CVE-2013-2844 Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...
CVE-2013-2845 The Web Audio implementation in Google Chrome before 27.0.1453.93 ...
CVE-2013-2846 Use-after-free vulnerability in the media loader in Google Chrome ...
CVE-2013-2847 Race condition in the workers implementation in Google Chrome before ...
CVE-2013-2848 The XSS Auditor in Google Chrome before 27.0.1453.93 might allow ...
CVE-2013-2849 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...

Version: 28.0.1500.52-0ubuntu1.12.04.1 2013-06-24 17:09:13 UTC

 chromium-browser (28.0.1500.52-0ubuntu1.12.04.1) precise-security; urgency=low
 .
   * New stable release 28.0.1500.52
   * New stable release 28.0.1500.45
   * New stable release 27.0.1453.110:
     - CVE-2013-2855: Memory corruption in dev tools API.
     - CVE-2013-2856: Use-after-free in input handling.
     - CVE-2013-2857: Use-after-free in image handling.
     - CVE-2013-2858: Use-after-free in HTML5 Audio.
     - CVE-2013-2859: Cross-origin namespace pollution.
     - CVE-2013-2860: Use-after-free with workers accessing database APIs.
     - CVE-2013-2861: Use-after-free with SVG.
     - CVE-2013-2862: Memory corruption in Skia GPU handling.
     - CVE-2013-2863: Memory corruption in SSL socket handling.
     - CVE-2013-2864: Bad free in PDF viewer.
   * New stable release 27.0.1453.93:
     - CVE-2013-2837: Use-after-free in SVG.
     - CVE-2013-2838: Out-of-bounds read in v8.
     - CVE-2013-2839: Bad cast in clipboard handling.
     - CVE-2013-2840: Use-after-free in media loader.
     - CVE-2013-2841: Use-after-free in Pepper resource handling.
     - CVE-2013-2842: Use-after-free in widget handling.
     - CVE-2013-2843: Use-after-free in speech handling.
     - CVE-2013-2844: Use-after-free in style resolution.
     - CVE-2013-2845: Memory safety issues in Web Audio.
     - CVE-2013-2846: Use-after-free in media loader.
     - CVE-2013-2847: Use-after-free race condition with workers.
     - CVE-2013-2848: Possible data extraction with XSS Auditor.
     - CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
   * Drop unneeded patches,
       safe-browsing-sigbus.patch
       dont-assume-cross-compile-on-arm.patch
       struct-siginfo.patch
       ld-memory-32bit.patch
       dlopen_sonamed_gl.patch
   * Update arm-neon patch, format-flag patch, search-credit patch,
     title-bar-system-default patch.
   * Make get-orig-source nicer. Package tarball contents from upstream
     correctly.
   * Reenable dyn-linking of major components of chromium for 32-bit machines.
     Fix a libdir path bug in debian/chromium-browser.sh.in .
   * No longer try to use system libraries. Generally, Security Team would
     hate bundled libraries because they provide a wide liability, but
     Chromium Project is pretty good about maintaining their bundled-source
     libraries. We can not pull cr-required lib versions forward in older
     Ubuntus, and we can't guarantee all the distro versions of libraries work
     with chromium-browser. The default security policy might be worse. Bundled
     libraries is less work overall.
   * Exclude included XDG files even if they are built.
   * Use NEON instructions on ARM, optionally. This might use run-time checks
     for hardware capability, but even if it doesn't we can add it later.
   * Clean up difference checks in debian/rules that make sure that all files
     that the build makes are used in packages, and no longer hide any, and no
     longer consider it an error if some are unused. Treat it as a warning,
     not a fatality.
   * Use legible shell instead of make-generated shell in setting the rpath
     in rules.
   * Add new build-dep, "chrpath".
 .

CVE-2013-2855 The Developer Tools API in Google Chrome before 27.0.1453.110 allows ...
CVE-2013-2856 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...
CVE-2013-2857 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...
CVE-2013-2858 Use-after-free vulnerability in the HTML5 Audio implementation in ...
CVE-2013-2859 Google Chrome before 27.0.1453.110 allows remote attackers to bypass ...
CVE-2013-2860 Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...
CVE-2013-2861 Use-after-free vulnerability in the SVG implementation in Google ...
CVE-2013-2862 Skia, as used in Google Chrome before 27.0.1453.110, does not properly ...
CVE-2013-2863 Google Chrome before 27.0.1453.110 does not properly handle SSL ...
CVE-2013-2864 The PDF functionality in Google Chrome before 27.0.1453.110 allows ...
CVE-2013-2837 Use-after-free vulnerability in the SVG implementation in Google ...
CVE-2013-2838 Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...
CVE-2013-2839 Google Chrome before 27.0.1453.93 does not properly perform a cast of ...
CVE-2013-2840 Use-after-free vulnerability in the media loader in Google Chrome ...
CVE-2013-2841 Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...
CVE-2013-2842 Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...
CVE-2013-2843 Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...
CVE-2013-2844 Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...
CVE-2013-2845 The Web Audio implementation in Google Chrome before 27.0.1453.93 ...
CVE-2013-2846 Use-after-free vulnerability in the media loader in Google Chrome ...
CVE-2013-2847 Race condition in the workers implementation in Google Chrome before ...
CVE-2013-2848 The XSS Auditor in Google Chrome before 27.0.1453.93 might allow ...
CVE-2013-2849 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...



About   -   Send Feedback to @ubuntu_updates