Change log for chromium package in Debian
| 151 → 195 of 195 results | First • Previous • Next • Last |
| Superseded in sid-release |
chromium (80.0.3987.162-1) unstable; urgency=medium
* New upstream security release.
- CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo
- CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo
- CVE-2020-6452: Heap buffer overflow in media. Reported by asnine
-- Michael Gilbert <email address hidden> Wed, 01 Apr 2020 04:30:14 +0000
| Superseded in sid-release |
chromium (80.0.3987.149-1) unstable; urgency=medium
* New upstream security release.
- CVE-2019-20503: Out of bounds read in usersctplib. Reported by Natalie
Silvanovich
- CVE-2020-6422: Use after free in WebGL. Reported by David Manouchehri
- CVE-2020-6424: Use after free in media. Reported by Sergei Glazunov
- CVE-2020-6425: Insufficient policy enforcement in extensions. Reported by
Sergei Glazunov
- CVE-2020-6426: Inappropriate implementation in V8. Reported by Avihay
Cohen
- CVE-2020-6427: Use after free in audio. Reported by Man Yue Mo
- CVE-2020-6428: Use after free in audio. Reported by Man Yue Mo
- CVE-2020-6429: Use after free in audio. Reported by Man Yue Mo
- CVE-2020-6449: Use after free in audio. Reported by Man Yue Mo
-- Michael Gilbert <email address hidden> Fri, 20 Mar 2020 00:18:06 +0000
| Deleted in experimental-release (Reason: None provided.) |
chromium (81.0.4044.62-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Wed, 18 Mar 2020 04:39:17 +0000
| Superseded in sid-release |
chromium (80.0.3987.132-1) unstable; urgency=medium
* New upstream security release.
- CVE-2020-6420: Insufficient policy enforcement in media. Reported by
Taras Uzdenov
-- Michael Gilbert <email address hidden> Fri, 06 Mar 2020 16:40:19 +0000
| Superseded in sid-release |
chromium (80.0.3987.122-2) unstable; urgency=medium * Reduce debugging symbols to avoid memory exhaustion while linking. -- Michael Gilbert <email address hidden> Tue, 03 Mar 2020 04:15:34 +0000
| Superseded in sid-release |
chromium (80.0.3987.122-1) unstable; urgency=medium
* New upstream security release.
- CVE-2020-6407: Out of bounds memory access in streams. Reported by
Sergei Glazunov
- CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne
-- Michael Gilbert <email address hidden> Sun, 01 Mar 2020 01:25:59 +0000
| Superseded in sid-release |
chromium (80.0.3987.116-1) unstable; urgency=medium
* New upstream security release.
- CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov
- CVE-2020-6384: Use after free in WebAudio. Reported by David Manouchehri
- CVE-2020-6386: Use after free in speech. Reported by Zhe Jin
-- Michael Gilbert <email address hidden> Sat, 22 Feb 2020 03:01:15 +0000
| Superseded in sid-release |
chromium (80.0.3987.106-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2019-19923: Out of bounds memory access in SQLite. Reported by
Richard Lorenz
- CVE-2019-19925: Vulnerability in SQLite. Reported by Richard Lorenz
- CVE-2019-19926: Inappropriate implementation in SQLite. Reported by
Richard Lorenz
- CVE-2019-19880: Vulnerability in SQLite. Reported by Richard Lorenz
- CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's
National Cyber Security Centre
- CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and
Wen Xu
- CVE-2020-6385: Insufficient policy enforcement in storage. Reported by
Sergei Glazunov
- CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie
Silvanovich
- CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by
Sergei Glazunov
- CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie
Silvanovich
- CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei
Glazunov
- CVE-2020-6391: Insufficient validation of untrusted input in Blink.
Reported by Michał Bentkowski
- CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by
Microsoft Edge Team
- CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark
Amery
- CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil
Freo
- CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre
Langlois
- CVE-2020-6396: Inappropriate implementation in Skia. Reported by William
Luc Ritchie
- CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani
- CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk
- CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by
Luan Herrera
- CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi
Yoneuchi
- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox.
Reported by Tzachy Horesh
- CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by
Vladimir Metnew
- CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani
- CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi
- CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen
and Rui Zhong
- CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov
- CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong
Zhaochen
- CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by
Divagar S and Bharathi V
- CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by
evi1m0
- CVE-2020-6411: Insufficient validation of untrusted input in Omnibox.
Reported by Khalil Zhani
- CVE-2020-6412: Insufficient validation of untrusted input in Omnibox.
Reported by Zihan Zheng
- CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał
Bentkowski
- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported
by Lijo A.T
- CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by
Avihay Cohen
- CVE-2020-6416: Insufficient data validation in streams. Reported by
Woojin Oh
- CVE-2020-6417: Inappropriate implementation in installer. Reported by
Renato Moraes and Altieres Rohr
* Remove --ignore-gpu-blacklist from the default flags (closes: #947207).
* Update standards version to 4.5.0.
* Build with clang instead of gcc.
-- Michael Gilbert <email address hidden> Sun, 16 Feb 2020 23:33:50 +0000
| Superseded in buster-release |
chromium (79.0.3945.130-1~deb10u1) buster-security; urgency=medium
* New upstream security release.
- CVE-2020-6377: Use after free in audio. Reported by Zhe Jin
- CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti
Levomäki and Christian Jalio
- CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang
Gong
- CVE-2020-6380: Extension message verification error. Reported by Sergei
Glazunov
- CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu and
Jianyu Chen
- CVE-2019-13726: Heap buffer overflow in password manager. Reported by
Sergei Glazunov
- CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported
by @piochu
- CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and
Guang Gong
- CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin
- CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu
- CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov
- CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian
- CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and
Zhen Feng
- CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu
- CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous
- CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported
by Mark Amery
- CVE-2019-13738: Insufficient policy enforcement in navigation. Reported
by Johnathan Norman and Daniel Clark
- CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr
- CVE-2019-13740: Incorrect security UI. Reported by Khalil Zhani
- CVE-2019-13741: Insufficient validation of untrusted input in Blink.
Reported by Michał Bentkowski
- CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13743: Incorrect security UI in external protocol handling.
Reported by Zhiyang Zeng
- CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by
Prakash
- CVE-2019-13745: Insufficient policy enforcement in audio. Reported by
Luan Herrera
- CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by
David Erceg
- CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan
Popelyshev and André Bonatti
- CVE-2019-13748: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13750: Insufficient data validation in SQLite. Reported by
Wenxiang Qian
- CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian
- CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian
- CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian
- CVE-2019-13754: Insufficient policy enforcement in extensions. Reported
by Cody Crews
- CVE-2019-13755: Insufficient policy enforcement in extensions. Reported
by Masato Kinugawa
- CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil
Zhani
- CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13758: Insufficient policy enforcement in navigation. Reported
by Khalil Zhani
- CVE-2019-13759: Incorrect security UI. Reported by Wenxu Wu
- CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by
csanuragjain
- CVE-2019-13763: Insufficient policy enforcement in payments. Reported by
weiwangpp93
- CVE-2019-13767: Use after free in media picker. Reported by Sergei
Glazunov
-- Michael Gilbert <email address hidden> Sun, 19 Jan 2020 15:22:38 +0000
| Superseded in sid-release |
chromium (79.0.3945.130-2) unstable; urgency=medium * Add libx11-xcb-dev as a build dependency. -- Michael Gilbert <email address hidden> Sun, 19 Jan 2020 08:42:14 +0000
| Superseded in sid-release |
chromium (79.0.3945.130-1) unstable; urgency=medium
* New upstream security release.
- CVE-2020-6377: Use after free in audio. Reported by Zhe Jin
- CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti
Levomäki and Christian Jalio
- CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang
Gong
- CVE-2020-6380: Extension message verification error. Reported by Sergei
Glazunov
- CVE-2019-13767: Use after free in media picker. Reported by Sergei
Glazunov
* Fix memory instrumentation singleton initialization errors caused by
tracing patch included in the previous upload (closes: #945920).
-- Michael Gilbert <email address hidden> Sat, 18 Jan 2020 20:26:26 +0000
| Superseded in sid-release |
chromium (79.0.3945.79-1) unstable; urgency=medium * New upstream stable release. -- Michael Gilbert <email address hidden> Thu, 12 Dec 2019 04:36:09 +0000
| Deleted in experimental-release (Reason: None provided.) |
chromium (79.0.3945.56-1) experimental; urgency=medium * New upstream beta release. * Update standards version to 4.4.1. * Ignore the gpu blacklist by default again. -- Michael Gilbert <email address hidden> Wed, 27 Nov 2019 23:59:29 +0000
| Superseded in sid-release |
chromium (78.0.3904.108-1) unstable; urgency=medium
* New upstream security release.
- CVE-2019-13723: Use-after-free in Bluetooth. Reported by Yuxiang Li
- CVE-2019-13724: Out-of-bounds in Bluetooth. Reported by Yuxiang Li
* Disable vaapi on armhf (closes: #944627).
-- Michael Gilbert <email address hidden> Wed, 20 Nov 2019 23:46:06 +0000
chromium (78.0.3904.97-1~deb10u1) buster-security; urgency=medium
* New upstream stable release.
- CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin
- CVE-2019-5870: Use-after-free in media. Reported by Guang Gong
- CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous
- CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin
- CVE-2019-5874: External URIs may trigger other browsers. Reported by
James Lee
- CVE-2019-5875: URL bar spoof. Reported by Khalil
Zhani
- CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong
- CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong
- CVE-2019-5879: Extensions can read some local files. Reported by Jinseo
Kim
- CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu
- CVE-2019-13659: URL spoof. Reported by Lnyas Zhang
- CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu
- CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu
- CVE-2019-13662: CSP bypass. Reported by David Erceg
- CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang
- CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell
- CVE-2019-13665: Multiple file download protection bypass. Reported by
Jun Kokatsu
- CVE-2019-13666: Side channel using storage size estimate. Reported by
Tom Van Goethem
- CVE-2019-13667: URI bar spoof when using external app URIs. Reported by
Khalil Zhani
- CVE-2019-13668: Global window leak via console. Reported by David Erceg
- CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani
- CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong
- CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr
- CVE-2019-13673: Cross-origin information leak using devtools. Reported
by David Erceg
- CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani
- CVE-2019-13675: Extensions can be disabled by trailing slash. Reported
by Jun Kokatsu
- CVE-2019-13676: Google URI shown for certificate warning. Reported by
Wenxu Wu
- CVE-2019-13677: Chrome web store origin needs to be isolated. Reported
by Jun Kokatsu
- CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing
- CVE-2019-13679: User gesture needed for printing. Reported by Conrad
Irwin
- CVE-2019-13680: IP address spoofing to servers. Reported by Thijs
Alkemade
- CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg
- CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu
- CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg
- CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani
- CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon
- CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo
Tiszka
- CVE-2019-13691: Omnibox spoof. Reported by David Erceg
- CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu
- CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong
- CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin
- CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo
- CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong
- CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera
- CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo
- CVE-2019-13701: URL spoof in navigation. Reported by David Erceg
- CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip
Langlois and Edward Torkington
- CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani
- CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu
- CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera
- CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk
- CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo
- CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani
- CVE-2019-13709: File download protection bypass. Reported by Zhong
Zhaochen
- CVE-2019-13710: File download protection bypass. Reported by
bernardo.mrod
- CVE-2019-13711: Cross-context information leak. Reported by David Erceg
- CVE-2019-13713: Cross-origin data leak. Reported by David Erceg
- CVE-2019-13714: CSS injection. Reported by Jun Kokatsu
- CVE-2019-13715: Address bar spoofing. Reported by xisigr
- CVE-2019-13716: Service worker state error. Reported by Barron Hagerman
- CVE-2019-13717: Notification obscured. Reported by xisigr
- CVE-2019-13718: IDN spoof. Reported by Khalil Zhani
- CVE-2019-13719: Notification obscured. Reported by Khalil Zhani
- CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and
Alexey Kulaev
- CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin
-- Michael Gilbert <email address hidden> Sat, 09 Nov 2019 19:01:23 +0000
| Superseded in sid-release |
chromium (78.0.3904.97-1) unstable; urgency=medium * New upstream security release. * Enable vaapi (closes: #940074). * Fix crash during profile manager shutdown. * Drop libglewmx-dev build dependency (closes: #941050). -- Michael Gilbert <email address hidden> Sat, 09 Nov 2019 03:33:52 +0000
| Superseded in sid-release |
chromium (78.0.3904.87-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin
- CVE-2019-5870: Use-after-free in media. Reported by Guang Gong
- CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous
- CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin
- CVE-2019-5874: External URIs may trigger other browsers. Reported by
James Lee
- CVE-2019-5875: URL bar spoof. Reported by Khalil
Zhani
- CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong
- CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong
- CVE-2019-5879: Extensions can read some local files. Reported by Jinseo
Kim
- CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu
- CVE-2019-13659: URL spoof. Reported by Lnyas Zhang
- CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu
- CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu
- CVE-2019-13662: CSP bypass. Reported by David Erceg
- CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang
- CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell
- CVE-2019-13665: Multiple file download protection bypass. Reported by
Jun Kokatsu
- CVE-2019-13666: Side channel using storage size estimate. Reported by
Tom Van Goethem
- CVE-2019-13667: URI bar spoof when using external app URIs. Reported by
Khalil Zhani
- CVE-2019-13668: Global window leak via console. Reported by David Erceg
- CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani
- CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong
- CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr
- CVE-2019-13673: Cross-origin information leak using devtools. Reported
by David Erceg
- CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani
- CVE-2019-13675: Extensions can be disabled by trailing slash. Reported
by Jun Kokatsu
- CVE-2019-13676: Google URI shown for certificate warning. Reported by
Wenxu Wu
- CVE-2019-13677: Chrome web store origin needs to be isolated. Reported
by Jun Kokatsu
- CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing
- CVE-2019-13679: User gesture needed for printing. Reported by Conrad
Irwin
- CVE-2019-13680: IP address spoofing to servers. Reported by Thijs
Alkemade
- CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg
- CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu
- CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg
- CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani
- CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon
- CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo
Tiszka
- CVE-2019-13691: Omnibox spoof. Reported by David Erceg
- CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu
- CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong
- CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin
- CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo
- CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong
- CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera
- CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo
- CVE-2019-13701: URL spoof in navigation. Reported by David Erceg
- CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip
Langlois and Edward Torkington
- CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani
- CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu
- CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera
- CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk
- CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo
- CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani
- CVE-2019-13709: File download protection bypass. Reported by Zhong
Zhaochen
- CVE-2019-13710: File download protection bypass. Reported by
bernardo.mrod
- CVE-2019-13711: Cross-context information leak. Reported by David Erceg
- CVE-2019-13713: Cross-origin data leak. Reported by David Erceg
- CVE-2019-13714: CSS injection. Reported by Jun Kokatsu
- CVE-2019-13715: Address bar spoofing. Reported by xisigr
- CVE-2019-13716: Service worker state error. Reported by Barron Hagerman
- CVE-2019-13717: Notification obscured. Reported by xisigr
- CVE-2019-13718: IDN spoof. Reported by Khalil Zhani
- CVE-2019-13719: Notification obscured. Reported by Khalil Zhani
- CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and
Alexey Kulaev
- CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin
* Drop support for building with gcc 6 and gtk 2.
-- Michael Gilbert <email address hidden> Sat, 02 Nov 2019 22:30:42 +0000
| Superseded in sid-release |
chromium (76.0.3809.100-1) unstable; urgency=medium
* New upstream security release.
- CVE-2019-5867: Out-of-bounds read in V8. Reported by Lucas Pinheiro
- CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction. Reported by
banananapenguin
-- Michael Gilbert <email address hidden> Fri, 09 Aug 2019 19:58:55 +0000
| Superseded in sid-release |
chromium (76.0.3809.87-2) unstable; urgency=medium * Fix inverted logic in enum comparison (closes: #933598). -- Michael Gilbert <email address hidden> Sat, 03 Aug 2019 14:31:59 +0000
| Superseded in sid-release |
chromium (76.0.3809.87-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2019-5847: V8 sealed/frozen elements cause crash. Reported by m3plex
- CVE-2019-5848: Font sizes may expose sensitive information. Reported by
Mark Amery
- CVE-2019-5850: Use-after-free in offline page fetcher. Reported by
Brendon Tiszka
- CVE-2019-5851: Use-after-poison in offline audio context. Reported by Zhe
Jin
- CVE-2019-5852: Object leak of utility functions. Reported by David Erceg
- CVE-2019-5853: Memory corruption in regexp length check. Reported by
yngwei and sakura
- CVE-2019-5854: Integer overflow in PDFium text rendering. Reported by
Zhen Zhou
- CVE-2019-5855: Integer overflow in PDFium. Reported by Zhen Zhou
- CVE-2019-5856: Insufficient checks on filesystem: URI permissions.
Reported by Yongke Wang
- CVE-2019-5857: Comparison of -0 and null yields crash. Reported by
cloudfuzzer
- CVE-2019-5858: Insufficient filtering of Open URL service parameters.
Reported by evi1m0
- CVE-2019-5859: res: URIs can load alternative browsers. Reported by James
Lee
- CVE-2019-5860: Use-after-free in PDFium. Reported by Anonymous
- CVE-2019-5861: Click location incorrectly checked. Reported by Robin Linus
- CVE-2019-5862: AppCache not robust to compromised renderers. Reported by
Jun Kokatsu
- CVE-2019-5864: Insufficient port filtering in CORS for extensions.
Reported by Devin Grindle
- CVE-2019-5865: Site isolation bypass from compromised renderer. Reported
by Ivan Fratric
* Use legacy call to avoid error in icu 6.3 (closes: #932049).
-- Michael Gilbert <email address hidden> Mon, 29 Jul 2019 23:22:44 +0000
| Superseded in sid-release |
chromium (76.0.3809.71-1) unstable; urgency=medium * New upstream beta release. * Recommend system-config-printer (closes: #929106). * Add -fno-delete-null-pointer-checks back into the build flags. -- Michael Gilbert <email address hidden> Wed, 24 Jul 2019 22:51:41 +0000
| Superseded in sid-release |
chromium (76.0.3809.62-1) unstable; urgency=medium
* New upstream beta release.
- Fixes error restoring multiple profiles on startup (closes: #930469).
* Update standards version to 4.4.0.
-- Michael Gilbert <email address hidden> Wed, 10 Jul 2019 23:52:45 +0000
| Superseded in sid-release |
chromium (75.0.3770.90-1) unstable; urgency=medium
[ Riku Voipio ]
* Fix build on armhf (closes: #930348).
[ Michael Gilbert ]
* New upstream security release.
- CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE
* Disable hardware accelerated video (closes: #926032).
* Fix signedness error when built with gcc (closes: #914886).
- Thanks to Maciej S. Szmigiero.
-- Michael Gilbert <email address hidden> Fri, 14 Jun 2019 00:10:43 +0000
| Superseded in sid-release |
chromium (75.0.3770.80-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2019-5824: Parameter passing error in media player. Reported by
leecraso and Guang Gong
- CVE-2019-5825: Out-of-bounds write in V8. Reported by Gengming Liu,
Jianyu Chen, Zhen Feng, and Jessica Liu
- CVE-2019-5826: Use-after-free in IndexedDB. Reported by Gengming Liu,
Jianyu Chen, Zhen Feng, and Jessica Liu
- CVE-2019-5827: Out-of-bounds access issue in SQLite. Reported by
mlfbrown
- CVE-2019-5828: Use after free in ServiceWorker. Reported by leecraso and
Guang Gong
- CVE-2019-5829: Use after free in Download Manager. Reported by Lucas
Pinheiro
- CVE-2019-5830: Incorrectly credentialed requests in CORS. Reported by
Andrew Krasichkov
- CVE-2019-5831: Incorrect map processing in V8. Reported by yngwei
- CVE-2019-5832: Incorrect CORS handling in XHR. Reported by Sergey Shekyan
- CVE-2019-5833: Inconsistent security UI placement. Reported by Khalil
Zhani
- CVE-2019-5834: URL spoof in Omnibox on iOS. Reported by Khalil Zhani
- CVE-2019-5835: Out of bounds read in Swiftshader. Reported by Wenxiang
Qian
- CVE-2019-5836: Heap buffer overflow in Angle. Reported by Omair
- CVE-2019-5837: Cross-origin resources size disclosure in Appcache.
Reported by Adam Iwaniuk
- CVE-2019-5838: Overly permissive tab access in Extensions. Reported by
David Erceg
- CVE-2019-5839: Incorrect handling of certain code points in Blink.
Reported by Masato Kinugawa
- CVE-2019-5840: Popup blocker bypass. Reported by Eliya Stein and Jerome
Dangu
-- Michael Gilbert <email address hidden> Sun, 09 Jun 2019 18:59:50 +0000
| Deleted in experimental-release (Reason: None provided.) |
chromium (75.0.3770.10-1) experimental; urgency=medium
* New upstream development release.
- Fixes crash when launching chromium a second time (closes: #927913).
* Document how to use widevine in README.debian (closes: #929026).
* Apply vaapi update from the Fedora chromium 73 package (closes: #926032).
-- Michael Gilbert <email address hidden> Sun, 09 Jun 2019 18:35:36 +0000
| Superseded in sid-release |
chromium (74.0.3729.108-1) unstable; urgency=medium
* New upstream stable release.
- Eliminates flood of vsync error messages (closes: #901831).
- Correctly shuts down when SIGTERM is recieved (closes: #924901).
- Fixes regression in hardware accelerated video (closes: #926032).
- CVE-2019-5805: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5806: Integer overflow in Angle. Reported by Wen Xu
- CVE-2019-5807: Memory corruption in V8. Reported by TimGMichaud
- CVE-2019-5808: Use after free in Blink. Reported by cloudfuzzer
- CVE-2019-5809: Use after free in Blink. Reported by Mark Brand
- CVE-2019-5810: User information disclosure in Autofill. Reported by Mark
Amery
- CVE-2019-5811: CORS bypass in Blink. Reported by Jun Kokatsu
- CVE-2019-5813: Out of bounds read in V8. Reported by Aleksandar Nikolic
- CVE-2019-5814: CORS bypass in Blink. Reported by @AaylaSecura1138
- CVE-2019-5815: Heap buffer overflow in Blink. Reported by Nicolas
Grégoire
- CVE-2019-5818: Uninitialized value in media reader. Reported by Adrian
Tolbaru
- CVE-2019-5819: Incorrect escaping in developer tools. Reported by Svyat
Mitin
- CVE-2019-5820: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5821: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5822: CORS bypass in download manager. Reported by Jun Kokatsu
- CVE-2019-5823: Forced navigation from service worker. Reported by David
Erceg
-- Michael Gilbert <email address hidden> Wed, 24 Apr 2019 00:08:54 +0000
chromium (73.0.3683.75-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin
- CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand
- CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand
- CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny
- CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han
- CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5793: Excessive permissions for private API in Extensions.
Reported by Jun Kokatsu
- CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori
- CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand
- CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand
- CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung
- CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt
- CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu
- CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing
- CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew
Comminos
-- Michael Gilbert <email address hidden> Tue, 19 Mar 2019 02:19:17 +0000
| Deleted in experimental-release (Reason: None provided.) |
chromium (73.0.3683.56-2) experimental; urgency=medium * Fix build failure on armhf. -- Michael Gilbert <email address hidden> Sun, 10 Mar 2019 04:35:32 +0000
| Superseded in sid-release |
chromium (72.0.3626.122-1) unstable; urgency=medium * New upstream stable release. -- Michael Gilbert <email address hidden> Thu, 07 Mar 2019 14:05:20 +0000
| Superseded in experimental-release |
chromium (73.0.3683.56-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sat, 02 Mar 2019 18:02:02 +0000
| Superseded in sid-release |
chromium (72.0.3626.121-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2019-5786: Use-after-free in FileReader
-- Michael Gilbert <email address hidden> Sat, 02 Mar 2019 16:28:16 +0000
| Superseded in experimental-release |
chromium (73.0.3683.39-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sat, 16 Feb 2019 08:40:14 +0000
chromium (72.0.3626.109-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2019-5784: Inappropriate implementation in V8. Reported by Lucas
Pinheiro
* Build pdfium using system lcms.
* Renable support for kerberos (closes: #916684).
* Fix 32-bit type error in the vaapi implementation (closes: #921823).
-- Michael Gilbert <email address hidden> Mon, 04 Feb 2019 04:27:06 +0000
| Superseded in sid-release |
chromium (72.0.3626.81-1) unstable; urgency=medium
* New upstream stable release.
- Stack buffer overflow in Skia. Reported by Ivan Fratric
- Use after free in Mojo, FileAPI, and Payments. Reported by Mark Brand
- CVE-2018-17481: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported
by Klzgrad
- CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay
Bosamiya
- CVE-2019-5756: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis
- CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin
- CVE-2019-5759: Use after free in HTML select elements. Reported by Almog
Benin
- CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin
- CVE-2019-5762: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5763: Insufficient validation of untrusted input in V8.
Reported by Guang Gong
- CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin
- CVE-2019-5765: Insufficient policy enforcement in the browser. Reported
by Sergey Toshin
- CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by
David Erceg
- CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu,
Yifan Zhang, Luyi Xing, and Xiaojing Liao
- CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by
Rob Wu
- CVE-2019-5769: Insufficient validation of untrusted input in Blink.
Reported by Guy Eshel
- CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt
- CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou
- CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by
Yongke Wang
- CVE-2019-5774: Insufficient validation of untrusted input in
SafeBrowsing. Reported by Junghwan Kang and Juno Im
- CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by
evi1m0
- CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by
Lnyas Zhang
- CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by
Khalil Zhani
- CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported
by David Erceg
- CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
Reported by David Erceg
- CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas
Hegenberg
- CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by
evi1m0
- CVE-2019-5782: Inappropriate implementation in V8 reported by Qixun Zhao
- CVE-2019-5783: Insufficient validation of untrusted input in DevTools.
Reported by Shintaro Kobori
* Opt out of all Google web service options by default (closes: #916320).
* Enable support for hardware accelerated video decoding (closes: #856255).
- Thanks to Akarshan Biswas.
-- Michael Gilbert <email address hidden> Sat, 02 Feb 2019 05:05:43 +0000
chromium (72.0.3626.53-1) unstable; urgency=medium * New upstream beta release. * Organize the gcc 6 patches. * Update standards version to 4.3.0. * Drop libsrtp from the build dependencies (closes: #918542). -- Michael Gilbert <email address hidden> Sat, 12 Jan 2019 07:17:20 +0000
| Superseded in sid-release |
chromium (72.0.3626.7-6) unstable; urgency=medium * Upload to unstable: fix FTBFS on arm64 and armhf -- Riku Voipio <email address hidden> Tue, 08 Jan 2019 14:41:13 +0200
| Deleted in experimental-release (Reason: None provided.) |
chromium (72.0.3626.7-5) experimental; urgency=medium * Fix armhf and arm64 builds -- Riku Voipio <email address hidden> Fri, 04 Jan 2019 16:17:43 +0200
chromium (72.0.3626.7-4) unstable; urgency=medium * Reenable support for widevine (closes: #916058). * Update maintainer to <email address hidden> (closes: #915988). -- Michael Gilbert <email address hidden> Mon, 24 Dec 2018 19:41:02 +0000
| Superseded in sid-release |
chromium (72.0.3626.7-3) unstable; urgency=medium * Remove unintended extra brace in arm patch. -- Michael Gilbert <email address hidden> Sun, 16 Dec 2018 22:37:19 +0000
| Deleted in experimental-release (Reason: None provided.) |
chromium (72.0.3626.7-2) experimental; urgency=medium * Fix build failures on arm. -- Michael Gilbert <email address hidden> Fri, 14 Dec 2018 02:50:58 +0000
| Deleted in experimental-release (Reason: None provided.) |
chromium (72.0.3626.7-1) experimental; urgency=medium * New upstream developmental release. -- Michael Gilbert <email address hidden> Tue, 11 Dec 2018 03:31:15 +0000
| Superseded in sid-release |
chromium (71.0.3578.80-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong
- CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous
- CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2018-18336: Use after free in PDFium. Reported by Huyna
- CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer
- CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin
- CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer
- CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous
- CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer
- CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong
- CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung
- CVE-2018-18344: Inappropriate implementation in Extensions. Reported by
Jann Horn
- CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported
by Masato Kinugawa and Jun Kokatsu
- CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera
- CVE-2018-18347: Inappropriate implementation in Navigation. Reported by
Luan Herrera
- CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by
Ahmed Elsobky
- CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by
David Erceg
- CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by
Jun Kokatsu
- CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported
by Jun Kokatsu
- CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun
Kokatsu
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
Reported by Wenxu Wu
- CVE-2018-18354: Insufficient data validation in Shell Integration.
Reported by Wenxu Wu
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
Reported by evi1m0
- CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
Reported by evi1m0
- CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by
Jann Horn
- CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu
- Inappropriate implementation in PDFium. Reported by Salem Faisal
Elmrayed
- Use after free in Extensions. Reported by Zhe Jin
- Inappropriate implementation in Navigation. Reported by Luan Herrera
- Inappropriate implementation in Navigation. Reported by Jesper van den
Ende
- Insufficient policy enforcement in Navigation. Reported by Ryan Pickren
- Insufficient policy enforcement in URL Formatter. Reported by evi1m0
-- Michael Gilbert <email address hidden> Wed, 05 Dec 2018 00:45:35 +0000
| Superseded in sid-release |
chromium (71.0.3578.62-1) unstable; urgency=medium
* New upstream beta release.
* Rename the source package to chromium.
* Build using the system jsoncpp library.
* Remove non-free unrar source from the upstream tarball (closes: #914487).
- Requires safe browsing inspection of rar files to be disabled.
-- Michael Gilbert <email address hidden> Wed, 21 Nov 2018 02:37:35 +0000
chromium (0.9.13.3-1) unstable; urgency=low
* New upstream release
- Using the CDROM for music is off by default and
the manual page documents the use_cdrom option (Closes: #492446)
- bindir/datadir customisations were removed so use ./configure args
* Improve the descriptions for the chromium & chromium-data packages.
-- Paul Wise <email address hidden> Thu, 19 Feb 2009 14:01:45 +0900
chromium (0.9.13.2-1) unstable; urgency=low * New upstream bugfix release -- Paul Wise <email address hidden> Fri, 25 Jul 2008 18:23:45 +0800
| 151 → 195 of 195 results | First • Previous • Next • Last |
