Change log for chromium package in Debian
| 76 → 150 of 195 results | First • Previous • Next • Last |
| Superseded in sid-release |
chromium (108.0.5359.71-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-4174: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2022-4175: Use after free in Camera Capture.
Reported by Leecraso and Guang Gong of 360 Alpha Lab.
- CVE-2022-4176: Out of bounds write in Lacros Graphics.
Reported by @ginggilBesel.
- CVE-2022-4177: Use after free in Extensions.
Reported by Chaoyuan Peng (@ret2happy).
- CVE-2022-4178: Use after free in Mojo.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-4179: Use after free in Audio.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-4180: Use after free in Mojo. Reported by Anonymous.
- CVE-2022-4181: Use after free in Forms. Reported by Aviv A.
- CVE-2022-4182: Inappropriate implementation in Fenced Frames.
Reported by Peter Nemeth.
- CVE-2022-4183: Insufficient policy enforcement in Popup Blocker.
Reported by David Sievers.
- CVE-2022-4184: Insufficient policy enforcement in Autofill.
Reported by Ahmed ElMasry.
- CVE-2022-4185: Inappropriate implementation in Navigation.
Reported by James Lee (@Windowsrcer).
- CVE-2022-4186: Insufficient validation of untrusted input in Downloads.
Reported by Luan Herrera (@lbherrera_).
- CVE-2022-4187: Insufficient policy enforcement in DevTools.
Reported by Axel Chong.
- CVE-2022-4188: Insufficient validation of untrusted input in CORS.
Reported by Philipp Beer (TU Wien).
- CVE-2022-4189: Insufficient policy enforcement in DevTools.
Reported by NDevTK.
- CVE-2022-4190: Insufficient data validation in Directory.
Reported by Axel Chong.
- CVE-2022-4191: Use after free in Sign-In.
Reported by Jaehun Jeong(@n3sk) of Theori.
- CVE-2022-4192: Use after free in Live Caption.
Reported by Samet Bekmezci @sametbekmezci.
- CVE-2022-4193: Insufficient policy enforcement in File System API.
Reported by Axel Chong.
- CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous.
- CVE-2022-4195: Insufficient policy enforcement in Safe Browsing.
Reported by Eric Lawrence of Microsoft.
* d/copyright:
- drop multiple ninja executables from upstream tarball.
- Stop deleting chrome/test/data/*, since it's all just empty directories
except for one BUILD.gn that is required to build.
* d/scripts/unbundle: build against the bundled absl_utility.
* d/patches:
- upstream/fix-missing-cmath.patch: drop, merged upstream.
- fixes/angle-wayland.patch: drop, merged upstream.
- fixes/fix-arm-vfpv3-d16-libaom.patch: drop, merged upstream.
- disable/unrar.patch: refresh due to 7z support added.
- ppc64le/workarounds/HACK-third_party-libvpx-use-generic-gnu.patch:
refresh for loongarch update.
- ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: drop half of
patch as upstream removed duplicate code.
- fixes/disable-cxx20.patch: switch clang complication back to the c++17
standard, as c++20 breaks linking.
-- Andres Salomon <email address hidden> Thu, 01 Dec 2022 22:23:10 -0500
| Superseded in sid-release |
chromium (107.0.5304.121-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne
of Google's Threat Analysis Group on 2022-11-22
-- Timothy Pearson <email address hidden> Sat, 26 Nov 2022 12:34:00 -0600
| Superseded in sid-release |
chromium (107.0.5304.110-2) unstable; urgency=high * Fix bullseye/mulodic.patch to actually work right. Sigh. -- Andres Salomon <email address hidden> Thu, 10 Nov 2022 13:48:01 -0500
| Superseded in sid-release |
chromium (107.0.5304.110-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-3885: Use after free in V8. Reported by gzobqq@.
- CVE-2022-3886: Use after free in Speech Recognition.
- CVE-2022-3887: Use after free in Web Workers. Reported by anonymous.
- CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth.
- CVE-2022-3889: Type Confusion in V8. Reported by anonymous.
- CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous.
* Clean up old crash dump files on launch (closes: #1015931).
-- Andres Salomon <email address hidden> Wed, 09 Nov 2022 19:57:34 -0500
| Superseded in sid-release |
chromium (107.0.5304.87-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek,
and Przemek Gmerek of Avast.
* Revert v4l2 enable for arm platforms until a build error is fixed.
-- Andres Salomon <email address hidden> Fri, 28 Oct 2022 07:02:02 -0400
| Superseded in sid-release |
chromium (107.0.5304.68-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at
S.S.L Team.
- CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park
(SeHwa).
- CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of
Google Project Zero.
- CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by
koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2022-3656: Insufficient data validation in File System. Reported by
Ron Masas, Imperva.
- CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari,
Talon Cyber Security.
- CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported
by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research
Institute.
- CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel.
- CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported
by Irvan Kurniawan (sourc7).
- CVE-2022-3661: Insufficient data validation in Extensions. Reported by
Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University.
* Disable building against QT5 (for now).
https://groups.google.com/a/chromium.org/g/chromium-packagers/c/-2VGexQAK6w
* debian/copyright:
- delete third_party/dawn/tools/golang binaries.
* debian/patches:
- upstream/armhf-ftbfs.patch: drop, merged upstream.
- upstream/fix-nullptr-qual.patch: drop, merged upstream.
- disable/catapult.patch: delete add'l blink reference to catapult.
- bullseye/clang13.patch: refresh for minor upstream changes.
- ppc64le/workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
- disable/clang-version-check.patch: added to fix build failure. Needs
to go upstream.
- ppc64le/workarounds/HACK-debian-clang-disable-skia-musttail.patch:
drop, upstream skia stopped using clang::musttail.
- upstream/re-fix-tflite.patch: re-add a build fix that upstream lost.
[ Timothy Pearson ]
* regenerate libaom configuration on ppc64el systems.
-- Andres Salomon <email address hidden> Tue, 25 Oct 2022 17:40:14 -0400
| Superseded in sid-release |
chromium (106.0.5249.119-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-3445: Use after free in Skia. Reported by Nan Wang
(@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on
2022-09-16
- CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu
(@kaijieguigui) on 2022-09-26
- CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by
Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
- CVE-2022-3448: Use after free in Permissions API. Reported by raven at
KunLun lab on 2022-09-13
- CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on
2022-09-17
- CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on
2022-09-30
-- Timothy Pearson <email address hidden> Tue, 11 Oct 2022 19:42:00 -0500
| Superseded in sid-release |
chromium (106.0.5249.103-2) unstable; urgency=low
* Reduce baseline compatibility for ppc64el builds from POWER9
to POWER8. This matches the current Debian build farm.
-- Timothy Pearson <email address hidden> Sat, 08 Oct 2022 14:35:00 -0500
| Superseded in sid-release |
chromium (106.0.5249.103-1) unstable; urgency=medium
* New upstream release.
* Add ppc64el patches maintained by me, and enable builds for ppc64el
(closes #1005083).
-- Timothy Pearson <email address hidden> Fri, 07 Oct 2022 17:54:00 -0500
| Superseded in sid-release |
chromium (106.0.5249.91-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-3370: Use after free in Custom Elements.
Reported by Aviv A.
- CVE-2022-3373: Out of bounds write in V8.
Reported by Tibor Klajnscek.
-- Andres Salomon <email address hidden> Sat, 01 Oct 2022 03:21:58 -0400
| Superseded in sid-release |
chromium (106.0.5249.61-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-3304: Use after free in CSS. Reported by Anonymous.
- CVE-2022-3201: Insufficient validation of untrusted input in
Developer Tools. Reported by NDevTK.
- CVE-2022-3305: Use after free in Survey. Reported by Nan
Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
Research Institute.
- CVE-2022-3306: Use after free in Survey. Reported by Nan
Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
Research Institute.
- CVE-2022-3307: Use after free in Media.
Reported by Anonymous Telecommunications Corp. Ltd.
- CVE-2022-3308: Insufficient policy enforcement in Developer Tools.
Reported by Andrea Cappa (zi0Black) @ Shielder.
- CVE-2022-3309: Use after free in Assistant.
Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
- CVE-2022-3310: Insufficient policy enforcement in Custom Tabs.
Reported by Ashwin Agrawal from Optus, Sydney.
- CVE-2022-3311: Use after free in Import.
Reported by Samet Bekmezci @sametbekmezci.
- CVE-2022-3312: Insufficient validation of untrusted input in VPN.
Reported by Andr.Ess.
- CVE-2022-3313: Incorrect security UI in Full Screen.
Reported by Irvan Kurniawan (sourc7).
- CVE-2022-3314: Use after free in Logging. Reported by Anonymous.
- CVE-2022-3315: Type confusion in Blink. Reported by Anonymous.
- CVE-2022-3316: Insufficient validation of untrusted input in Safe
Browsing. Reported by Sven Dysthe (@svn_dy).
- CVE-2022-3317: Insufficient validation of untrusted input in
Intents. Reported by Hafiizh.
- CVE-2022-3318: Use after free in ChromeOS Notifications.
Reported by GraVity0.
* debian/patches:
- disable/angle-perftests.patch: drop most of patch.
build_angle_perftests=false is set in d/rules, so no need to patch
it and its dependencies.
- upstream/browser-finder.patch: drop, merged upstream.
- upstream/disk-cache.patch: drop, merged upstream.
- upstream/masklayer-geom.patch: drop, merged upstream.
- fixes/tflite.patch: drop, merged upstream.
- bullseye/clang13.patch: update for upstream switching from one
unsupported clang warning flag to another.
- disable/catapult.patch: refresh.
- disable/installer.patch: drop, as there's no real need to delete
chrome/install_static; there's no licensing issues and it's only
actually built on windows.
- upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs.
- upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs.
- fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that
was currently papered over by disabling libaom on arm. This new
patch (hopefully) allows libaom to be built for the armhf arch.
- disable/libaom-arm.patch: drop now that we've fixed libaom on arm.
- system/event.patch: remove some old unused bits that patch gn.
* Stop deleting chrome/install_static in d/copyright, and also start
deleting third party libraries that we began linking to in v105 as
well as tools/gn.
* Remove mgilbert as an uploader; thanks for all your work on chromium
packaging!
-- Andres Salomon <email address hidden> Tue, 27 Sep 2022 14:14:44 -0400
| Superseded in sid-release |
chromium (105.0.5195.125-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-3195: Out of bounds write in Storage. Reported by
Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability
Research Institute.
- CVE-2022-3196: Use after free in PDF. Reported by triplepwns.
- CVE-2022-3197: Use after free in PDF. Reported by triplepwns.
- CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG.
- CVE-2022-3199: Use after free in Frames. Reported by Anonymous.
- CVE-2022-3200: Heap buffer overflow in Internals.
Reported by Richard Lorenz, SAP.
- CVE-2022-3201: Insufficient validation of untrusted input in
DevTools. Reported by NDevTK
-- Andres Salomon <email address hidden> Wed, 14 Sep 2022 12:43:31 -0400
| Published in buster-release |
chromium (90.0.4430.212-1~deb10u1) buster-security; urgency=medium
* New upstream security release.
- CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by
@retsew0x01
- CVE-2021-30507: Inappropriate implementation in Offline. Reported by
Alison Huffman
- CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso
and Guang Gong
- CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg
- CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang
- CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg
- CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song
- CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo
- CVE-2021-30514: Use after free in Autofill. Reported by koocola and Wang
- CVE-2021-30515: Use after free in File API. Reported by Rong Jian and
Guang Gong
- CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song
- CVE-2021-30517: Type Confusion in V8. Reported by laural
- CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun
Kokatsu
- CVE-2021-30519: Use after free in Payments. Reported by asnine
- CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani
-- Michael Gilbert <email address hidden> Sat, 15 May 2021 20:39:40 +0000
| Superseded in bullseye-release |
chromium (104.0.5112.79-1~deb11u1) bullseye-security; urgency=high
* Build with Clang 13 instead of the bullseye default of Clang 11.
* New upstream stable release.
- CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous
- CVE-2022-2604: Use after free in Safe Browsing. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang
- CVE-2022-2606: Use after free in Managed devices API. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel
- CVE-2022-2608: Use after free in Overview Mode.
Reported by Khalil Zhani
- CVE-2022-2609: Use after free in Nearby Share. Reported by koocola
(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
Reported by Maurice Dauer
- CVE-2022-2611: Inappropriate implementation in Fullscreen API.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-2612: Side-channel information leakage in Keyboard input.
Reported by Erik Kraft (<email address hidden>),
Martin Schwarzl (<email address hidden>)
- CVE-2022-2613: Use after free in Input.
Reported by Piotr Tworek (Vewd)
- CVE-2022-2614: Use after free in Sign-In Flow.
Reported by raven at KunLun lab
- CVE-2022-2615: Insufficient policy enforcement in Cookies.
Reported by Maurice Dauer
- CVE-2022-2616: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-2617: Use after free in Extensions API.
Reported by @ginggilBesel
- CVE-2022-2618: Insufficient validation of untrusted input in
Internals. Reported by asnine
- CVE-2022-2619: Insufficient validation of untrusted input in Settings.
Reported by Oliver Dunk
- CVE-2022-2620: Use after free in WebUI. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2621: Use after free in Extensions.
Reported by Huyna at Viettel Cyber Security
- CVE-2022-2622: Insufficient validation of untrusted input in
Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean
- CVE-2022-2623: Use after free in Offline. Reported by
raven at KunLun lab
- CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG
CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program
* debian/patches:
- bullseye/nomerge.patch: drop, was only needed for clang-11.
- bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch.
- bullseye/blink-constexpr.patch: drop, only needed for clang-11.
- bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11.
- disable/angle-perftests.patch: refresh
- disable/catapult.patch: refresh & drop some no longer needed bits.
- fixes/tflite.patch: fix a build error.
* debian/copyright:
- upstream dropped perfetto/ui/src/gen/.
-- Andres Salomon <email address hidden> Thu, 04 Aug 2022 21:39:17 -0400
| Superseded in sid-release |
chromium (105.0.5195.102-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-3075: Insufficient data validation in Mojo.
* Update the cpu check to allow pni instead of sse3 (closes: #1018937).
* Enable v4l2 for arm platforms. This also disables VA-API on arm64, so
if that breaks things let me know. Thanks
<email address hidden> for the patch (#1011346).
* debian/patches:
- upstream/armhf-ftbfs.patch: fix FTBFS introduced with v105 on armhf.
-- Andres Salomon <email address hidden> Mon, 05 Sep 2022 15:57:26 -0400
| Superseded in sid-release |
chromium (105.0.5195.52-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-3038: Use after free in Network Service.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-3039: Use after free in WebSQL. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
Research Institute.
- CVE-2022-3040: Use after free in Layout. Reported by Anonymous.
- CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and
Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute.
- CVE-2022-3042: Use after free in PhoneHub. Reported by koocola
(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2022-3043: Heap buffer overflow in Screen Capture.
Reported by @ginggilBesel.
- CVE-2022-3044: Inappropriate implementation in Site Isolation.
Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research
- CVE-2022-3045: Insufficient validation of untrusted input in V8.
Reported by Ben Noordhuis <email address hidden>.
- CVE-2022-3046: Use after free in Browser Tag.
Reported by Rong Jian of VRI.
- CVE-2022-3071: Use after free in Tab Strip.
Reported by @ginggilBesel.
- CVE-2022-3047: Insufficient policy enforcement in Extensions API.
Reported by Maurice Dauer.
- CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen.
Reported by Andr.Ess.
- CVE-2022-3049: Use after free in SplitScreen.
Reported by @ginggilBesel.
- CVE-2022-3050: Heap buffer overflow in WebUI.
Reported by Zhihua Yao of KunLun Lab.
- CVE-2022-3051: Heap buffer overflow in Exosphere.
Reported by @ginggilBesel.
- CVE-2022-3052: Heap buffer overflow in Window Manager.
Reported by Khalil Zhani.
- CVE-2022-3053: Inappropriate implementation in Pointer Lock.
Reported by Jesper van den Ende (Pelican Party Studios).
- CVE-2022-3054: Insufficient policy enforcement in DevTools.
Reported by Kuilin Li.
- CVE-2022-3055: Use after free in Passwords. Reported by Weipeng
Jiang (@Krace) and Guang Gong of 360 Vulnerability Research
Institute.
- CVE-2022-3056: Insufficient policy enforcement in Content
Security Policy. Reported by Anonymous.
- CVE-2022-3057: Inappropriate implementation in iframe Sandbox.
Reported by Gareth Heyes.
- CVE-2022-3058: Use after free in Sign-In Flow.
Reported by raven at KunLun lab.
* Drop workaround for lack of older clang's -ffile-prefix-map. This
should make reproducible builds happy.
* debian/copyright:
- Update for new libevent location (moved out of base/).
- libopenjpeg20 -> libopenjpeg
* debian/patches:
- debianization/support-i386.patch: refresh.
- disable/catapult.patch: refresh.
- disable/libaom-arm.patch: refresh.
- system/event.patch: update for new libevent location.
- system/openjpeg.patch: refresh.
- bullseye/clang13.patch: drop part of patch dropped upstream.
- upstream/disk-cache.patch: build fix pulled from upstream.
- upstream/browser-finder.patch: build fix pulled from upstream.
- upstream/masklayer-geom.patch: build fix pulled from upstream.
- system/jsoncpp.patch: drop, merged upstream.
- fixes/angle-wayland: build fix due to mismatched wayland headers
on sid. Only needed until angle updates its copy of wayland.
- disable/welcome-page.patch: drop. Upstream fixed the original
issue some time ago, and this new version finally cleaned up
the workaround.
- fixes/connection-message.patch: drop it. I looked at sending this
upstream, but the original extension doesn't exist any more,
and chromium properly prints an error if a proxy is unreachable.
If you can still reproduce the issue (described in
http://bugs.debian.org/864539), let me know so I can get it fixed
upstream.
* debian/scripts/unbundle: upstream tripled the number of (previously
vendored) libraries that we can use system versions of. However,
the majority of them are either not in bullseye or are too old, so
we'll have to wait to use the debian versions for the ones not newly
added as build-deps.
* Disable optimize_webui, due to a build failure using nodejs from
bullseye. I'll reenable this when it either gets fixed or we're done
with bullseye security support.
* Remove sse3-support dependency and just refuse to run if SSE3 is
not present. Breaking via preinst script isn't appropriate for
packages that might be installed by default (eg, by Debian Edu).
* debian/control: add build-deps for brotli, libdouble-conversion-dev,
libwoff-dev, and libxnvctrl-dev (closes: #987292).
* Rework default search engine stuff. People did not like the "Your
browser is managed" and "Your administrator can change your browser
setup remotely" messages, which are admittedly alarming.
Instead of using /etc/chromium/policies/recommended/duckduckgo.json,
delete that and use /etc/chromium/master_preferences instead.
-- Andres Salomon <email address hidden> Wed, 31 Aug 2022 20:48:11 -0400
| Superseded in sid-release |
chromium (104.0.5112.101-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-2852: Use after free in FedCM.
Reported by Sergei Glazunov of Google Project Zero
- CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy
Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim
of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-2857: Use after free in Blink. Reported by Anonymous
- CVE-2022-2858: Use after free in Sign-In Flow.
Reported by raven at KunLun lab
- CVE-2022-2853: Heap buffer overflow in Downloads.
Reported by Sergei Glazunov of Google Project Zero
- CVE-2022-2856: Insufficient validation of untrusted input in Intents
Reported by Ashley Shen and Christian Resell of Google Threat
Analysis Group
- CVE-2022-2859: Use after free in Chrome OS Shell. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2860: Insufficient policy enforcement in Cookies.
Reported by Axel Chong
- CVE-2022-2861: Inappropriate implementation in Extensions API.
Reported by Rong Jian of VRI
* Change default search engine to DuckDuckGo for privacy reasons.
Set a different search engine under Settings -> Search Engine
(closes: #956012).
* Drop a bunch of versioned build-deps that have been satisfied
since at least oldoldstable.
* debian/NEWS.Debian:
- Document upstream dropping support for older TLSv1 and TLSv1.1
protocols (closes: #1005808).
- Document upstream dropping support for older x86 CPUs without
SSE3 instruction support (closes: #1010407).
- Document the Google to DuckDuckGo change.
- Document upstream's config renaming of AuthServerWhitelist to
AuthServerAllowlist (closes: #1013268).
-- Andres Salomon <email address hidden> Tue, 16 Aug 2022 17:29:29 -0400
| Superseded in sid-release |
chromium (104.0.5112.79-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous
- CVE-2022-2604: Use after free in Safe Browsing. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang
- CVE-2022-2606: Use after free in Managed devices API. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel
- CVE-2022-2608: Use after free in Overview Mode.
Reported by Khalil Zhani
- CVE-2022-2609: Use after free in Nearby Share. Reported by koocola
(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
Reported by Maurice Dauer
- CVE-2022-2611: Inappropriate implementation in Fullscreen API.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-2612: Side-channel information leakage in Keyboard input.
Reported by Erik Kraft (<email address hidden>),
Martin Schwarzl (<email address hidden>)
- CVE-2022-2613: Use after free in Input.
Reported by Piotr Tworek (Vewd)
- CVE-2022-2614: Use after free in Sign-In Flow.
Reported by raven at KunLun lab
- CVE-2022-2615: Insufficient policy enforcement in Cookies.
Reported by Maurice Dauer
- CVE-2022-2616: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-2617: Use after free in Extensions API.
Reported by @ginggilBesel
- CVE-2022-2618: Insufficient validation of untrusted input in
Internals. Reported by asnine
- CVE-2022-2619: Insufficient validation of untrusted input in Settings.
Reported by Oliver Dunk
- CVE-2022-2620: Use after free in WebUI. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2621: Use after free in Extensions.
Reported by Huyna at Viettel Cyber Security
- CVE-2022-2622: Insufficient validation of untrusted input in
Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean
- CVE-2022-2623: Use after free in Offline. Reported by
raven at KunLun lab
- CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG
CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program
* debian/patches:
- bullseye/nomerge.patch: drop, was only needed for clang-11.
- bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch.
- bullseye/blink-constexpr.patch: drop, only needed for clang-11.
- bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11.
- disable/angle-perftests.patch: refresh
- disable/catapult.patch: refresh & drop some no longer needed bits.
- fixes/tflite.patch: fix a build error.
* debian/copyright:
- upstream dropped perfetto/ui/src/gen/.
-- Andres Salomon <email address hidden> Thu, 04 Aug 2022 11:31:44 -0400
| Superseded in sid-release |
chromium (103.0.5060.134-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-2477 : Use after free in Guest View. Reported by anonymous
- CVE-2022-2478 : Use after free in PDF. Reported by triplepwns
- CVE-2022-2479 : Insufficient validation of untrusted input in File.
Reported by anonymous
- CVE-2022-2480 : Use after free in Service Worker API.
Reported by Sergei Glazunov of Google Project Zero
- CVE-2022-2481: Use after free in Views. Reported by
YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University
- CVE-2022-2163: Use after free in Cast UI and Toolbar.
Reported by Chaoyuan Peng (@ret2happy)
-- Andres Salomon <email address hidden> Wed, 20 Jul 2022 00:51:39 -0400
| Superseded in sid-release |
chromium (103.0.5060.114-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by
Jan Vojtesek from the Avast Threat Intelligence team
- CVE-2022-2295: Type Confusion in V8.
Reported by avaue and Buff3tts at S.S.L.
- CVE-2022-2296: Use after free in Chrome OS Shell.
Reported by Khalil Zhani
-- Andres Salomon <email address hidden> Sun, 10 Jul 2022 12:44:03 -0400
| Superseded in bullseye-release |
chromium (103.0.5060.53-1~deb11u1) bullseye-security; urgency=high
* New upstream stable release.
- CVE-2022-2156: Use after free in Base.
Reported by Mark Brand of Google Project Zero
- CVE-2022-2157: Use after free in Interest groups. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2158: Type Confusion in V8. Reported by
Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab
- CVE-2022-2160: Insufficient policy enforcement in DevTools.
Reported by David Erceg
- CVE-2022-2161: Use after free in WebApp Provider.
Reported by Zhihua Yao of KunLun Lab
- CVE-2022-2162: Insufficient policy enforcement in File System API.
Reported by Abdelhamid Naceri (halov)
- CVE-2022-2163: Use after free in Cast UI and Toolbar.
Reported by Chaoyuan Peng (@ret2happy)
- CVE-2022-2164: Inappropriate implementation in Extensions API.
Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M
- CVE-2022-2165: Insufficient data validation in URL formatting.
Reported by Rayyan Bijoora
* debian/patches:
- upstream/dawn-version-fix.patch: drop merged upstream.
- upstream/blink-ftbfs.patch: drop, merged upstream.
- upstream/libxml.patch: drop, merged upstream.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch:
drop, merged upstream.
- upstream/byteswap-constexpr.patch: drop, merged upstream.
- bullseye/byteswap-constexpr2.patch: sys_byteswap.h moved directories.
- disable/angle-perftests.patch: simple refresh.
- disable/catapult.patch: simple refresh.
- bullseye/clang11.patch: minor update for some code dropped upstream.
- system/openjpeg.patch: update for libopenjp2-7-dev's 2.4 -> 2.5 path
change.
-- Andres Salomon <email address hidden> Tue, 21 Jun 2022 21:40:12 -0400
| Superseded in sid-release |
chromium (103.0.5060.53-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-2156: Use after free in Base.
Reported by Mark Brand of Google Project Zero
- CVE-2022-2157: Use after free in Interest groups. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2158: Type Confusion in V8. Reported by
Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab
- CVE-2022-2160: Insufficient policy enforcement in DevTools.
Reported by David Erceg
- CVE-2022-2161: Use after free in WebApp Provider.
Reported by Zhihua Yao of KunLun Lab
- CVE-2022-2162: Insufficient policy enforcement in File System API.
Reported by Abdelhamid Naceri (halov)
- CVE-2022-2163: Use after free in Cast UI and Toolbar.
Reported by Chaoyuan Peng (@ret2happy)
- CVE-2022-2164: Inappropriate implementation in Extensions API.
Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M
- CVE-2022-2165: Insufficient data validation in URL formatting.
Reported by Rayyan Bijoora
* debian/patches:
- upstream/dawn-version-fix.patch: drop merged upstream.
- upstream/blink-ftbfs.patch: drop, merged upstream.
- upstream/libxml.patch: drop, merged upstream.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch:
drop, merged upstream.
- upstream/byteswap-constexpr.patch: drop, merged upstream.
- bullseye/byteswap-constexpr2.patch: sys_byteswap.h moved directories.
- disable/angle-perftests.patch: simple refresh.
- disable/catapult.patch: simple refresh.
- bullseye/clang11.patch: minor update for some code dropped upstream.
- system/openjpeg.patch: update for libopenjp2-7-dev's 2.4 -> 2.5 path
change.
-- Andres Salomon <email address hidden> Tue, 21 Jun 2022 02:59:01 +0000
| Superseded in sid-release |
chromium (102.0.5005.115-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri
- CVE-2022-2008: Out of bounds memory access in WebGL.
Reported by khangkito - Tran Van Khang (VinCSS)
- CVE-2022-2010: Out of bounds read in compositing.
Reported by Mark Brand of Google Project Zero
- CVE-2022-2011: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa)
* debian/patches:
- bullseye/byteswap-constexpr2.patch - additional fix for bullseye
builds on 32-bit platforms (closes: #1011096).
- debianization/support-i386.patch - re-enable support for i386 builds.
Upstream no longer officially supports i386 builds on linux, so we
are on our own here.
-- Andres Salomon <email address hidden> Fri, 10 Jun 2022 02:37:57 +0000
| Superseded in sid-release |
chromium (102.0.5005.61-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous
- CVE-2022-1854: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa)
- CVE-2022-1855: Use after free in Messaging. Reported by Anonymous
- CVE-2022-1856: Use after free in User Education. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1857: Insufficient policy enforcement in File System API.
Reported by Daniel Rhea
- CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad
- CVE-2022-1859: Use after free in Performance Manager. Reported by
Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab
- CVE-2022-1860: Use after free in UI Foundations.
Reported by @ginggilBesel
- CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani
- CVE-2022-1862: Inappropriate implementation in Extensions.
Reported by Alesandro Ortiz
- CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg
- CVE-2022-1864: Use after free in WebApp Installs.
Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab
- CVE-2022-1865: Use after free in Bookmarks.
Reported by Rong Jian of VRI
- CVE-2022-1866: Use after free in Tablet Mode.
Reported by @ginggilBesel
- CVE-2022-1867: Insufficient validation of untrusted input in
Data Transfer. Reported by Michał Bentkowski of Securitum
- CVE-2022-1868: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-1869: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab
- CVE-2022-1870: Use after free in App Service. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1871: Insufficient policy enforcement in File System API.
Reported by Thomas Orlita
- CVE-2022-1872: Insufficient policy enforcement in Extensions API.
Reported by ChaobinZhang
- CVE-2022-1873: Insufficient policy enforcement in COOP.
Reported by NDevTK
- CVE-2022-1874: Insufficient policy enforcement in Safe Browsing.
Reported by hjy79425575
- CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK
- CVE-2022-1876: Heap buffer overflow in DevTools.
Reported by @ginggilBesel
* debian/patches:
- system/jpeg.patch - straight refresh.
- disable/swiftshader.patch - straight refresh.
- disable/swiftshader-2.patch - refresh for upstream dropping of legacy
swiftshader GL stuff; they now use ANGLE.
- disable/angle-perftests.patch - refresh.
- system/jsoncpp.patch - refresh for jsoncpp_no_deprecated_declarations
argument change.
- bullseye/clang11.patch - merge cast-call.patch into it, as well as
dropping additional unsupported clang arguments.
- bullseye/cast-call.patch - drop.
- upstream/dawn-version-fix.patch - add patch to deal w/ FTBFS.
- upstream/blink-ftbfs.patch - another FTBFS patch.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch -
fix a build failure that only happens with clang + GNU's libstdc++.
- upstream/byteswap-constexpr.patch - add this to fix bullsye builds on
32-bit platforms (closes: #1011096).
* Don't build unneccessary dawn build tests.
-- Andres Salomon <email address hidden> Wed, 25 May 2022 02:09:10 -0400
| Superseded in sid-release |
chromium (101.0.4951.64-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani
- CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani
- CVE-2022-1635: Use after free in Permission Prompts.
Reported by Anonymous
- CVE-2022-1636: Use after free in Performance APIs.
Reported by Seth Brenith, Microsoft
- CVE-2022-1637: Inappropriate implementation in Web Contents.
Reported by Alesandro Ortiz
- CVE-2022-1638: Heap buffer overflow in V8 Internationalization.
Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University
- CVE-2022-1639: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa)
- CVE-2022-1640: Use after free in Sharing. Reported by Weipeng
Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-1641: Use after free in Web UI Diagnostics.
Reported by Rong Jian of VRI
-- Andres Salomon <email address hidden> Tue, 10 May 2022 21:52:11 -0400
| Superseded in sid-release |
chromium (101.0.4951.54-1) unstable; urgency=low
* Depend on sse3-support to ensure that chromium is only installed on
machines that support the SSE3 instruction set. Otherwise we crash,
as described in #1010407. We can also remove the manual sse2 check now.
Upstream describes the SSE3 requirement @ http://crbug.com/1123353
* New upstream stable release.
-- Andres Salomon <email address hidden> Tue, 03 May 2022 12:16:07 -0400
| Superseded in sid-release |
chromium (101.0.4951.41-2) unstable; urgency=high
* No changes, just the CVE list. The original blog post *did not*
have CVEs. >:(
- CVE-2022-1477: Use after free in Vulkan.
Reported by SeongHwan Park (SeHwa)
- CVE-2022-1478: Use after free in SwiftShader.
Reported by SeongHwan Park (SeHwa)
- CVE-2022-1479: Use after free in ANGLE.
Reported by Jeonghoon Shin of Theori
- CVE-2022-1480: Use after free in Device API. Reported by @uwu7586
- CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang
(@Krace) and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-1482: Inappropriate implementation in WebGL.
Reported by Christoph Diehl, Microsoft
- CVE-2022-1483: Heap buffer overflow in WebGPU.
Reported by Mark Brand of Google Project Zero
- CVE-2022-1484: Heap buffer overflow in Web UI Settings.
Reported by Chaoyuan Peng (@ret2happy)
- CVE-2022-1485: Use after free in File System API.
- CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka
- CVE-2022-1487: Use after free in Ozone. Reported by Sri
- CVE-2022-1488: Inappropriate implementation in Extensions API.
Reported by Thomas Beverley from Wavebox.io
- CVE-2022-1489: Out of bounds memory access in UI Shelf.
Reported by Khalil Zhani
- CVE-2022-1490: Use after free in Browser Switcher.
Reported by raven at KunLun lab
- CVE-2022-1491: Use after free in Bookmarks.
Reported by raven at KunLun lab
- CVE-2022-1492: Insufficient data validation in Blink Editing.
Reported by Michał Bentkowski of Securitum
- CVE-2022-1493: Use after free in Dev Tools.
Reported by Zhihua Yao of KunLun Lab
- CVE-2022-1494: Insufficient data validation in Trusted Types.
Reported by Masato Kinugawa
- CVE-2022-1495: Incorrect security UI in Downloads.
Reported by Umar Farooq
- CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi
Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2022-1497: Inappropriate implementation in Input. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2022-1498: Inappropriate implementation in HTML Parser.
Reported by SeungJu Oh (@real_as3617)
- CVE-2022-1499: Inappropriate implementation in WebAuthentication.
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2022-1500: Insufficient data validation in Dev Tools.
Reported by Hoang Nguyen
- CVE-2022-1501: Inappropriate implementation in iframe.
Reported by Oriol Brufau
-- Andres Salomon <email address hidden> Tue, 26 Apr 2022 18:06:08 -0400
| Superseded in sid-release |
chromium (100.0.4896.127-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-1364: Type Confusion in V8.
Reported by Clément Lecigne of Google's Threat Analysis Group
-- Andres Salomon <email address hidden> Thu, 14 Apr 2022 20:51:15 -0400
| Superseded in sid-release |
chromium (100.0.4896.88-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-1305: Use after free in storage. Reported by Anonymous
- CVE-2022-1306: Inappropriate implementation in compositing.
Reported by Sven Dysthe
- CVE-2022-1307: Inappropriate implementation in full screen.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-1308: Use after free in BFCache.
Reported by Samet Bekmezci @sametbekmezci
- CVE-2022-1309: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2022-1310: Use after free in regular expressions.
Reported by Brendon Tiszka
- CVE-2022-1311: Use after free in Chrome OS shell.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1312: Use after free in storage. Reported by
Leecraso and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita
- CVE-2022-1314: Type Confusion in V8.
Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab
-- Andres Salomon <email address hidden> Mon, 11 Apr 2022 23:45:07 -0400
| Superseded in sid-release |
chromium (100.0.4896.75-1) unstable; urgency=high
* debian/copyright:
- Stop dropping third_party/zlib/contrib/, which is just source code
with acceptable licenses.
- Replace the rule that dropped third_party/depot_tools with a more
specific rule that drops just the ninja binaries. Also delete some
unused png files to work around a bug in our scripts.
- Replace a rule that dropped third_party/devtools-frontend/src/test
with just dropping all wasm files ('*.wasm'), as well as
third_party/devtools-frontend/src/test/screenshots/image_diff/.
* debian/patches:
- upstream/rvo-workaround.patch - added to fix FTBFS w/ clang-11. Pulled
from upstream git.
- disable/swiftshader-2.patch - drop most of it that's wrapped in a
check for windows.
- disable/fuzzers.patch - drop it; with the last release modifying
fuzzer inclusion, we can now configure the build without this.
- disable/owners.patch - drop it; no longer needed with depot_tools
remaining in the source tree.
- disable/devtools-unittests.patch - drop it; no longer needed if
we keep third_party/devtools-frontend/src/test in the source tree.
- disable/tests.patch - drop half of it; the media/gpu changes aren't
needed, while keeping stuff in third_party/devtools-frontend/src/test
from building is still necessary.
* Drop enable_nacl_nonsfi=false from debian/rules, as upstream got rid
of the variable.
* New upstream security release.
- CVE-2022-1232: Type Confusion in V8.
Reported by Sergei Glazunov of Google Project Zero.
-- Andres Salomon <email address hidden> Wed, 06 Apr 2022 04:24:45 -0400
| Superseded in sid-release |
chromium (100.0.4896.60-1) unstable; urgency=high
* Fix debian/watch to find the correct upstream version.
* Ensure xz uses all available cpu cores when preparing orig.tar.gz
* Switch to bundled ICU, since Debian's ICU is 2 years old at this point
and upstream depends on a bunch of new API in ICU 69.1.
* debian/copyright:
- ensure all *.dlls are dropped from source.
- Stop dropping '*fuzz' directories. It was too aggressive, resulting
in build errors for perfectly fine BSD-3-clause and similar code.
- Instead, drop '*corpus' and '*corpora' directories. Some of it is
fine (lots generated by oss-fuzz with .dict files provided), but
not all of it is and it's easier to just drop it.
- Drop an esbuild binary.
- The full upstream tarball includes additional stuff we don't want,
so drop *.jar, tools/win, and some other stuff in third_party/.
* debian/rules:
- Disabling & deleting swiftshader now also needs to add
dawn_use_swiftshader=false.
- Switch from -lite upstream tarball to the full tarball in order to
include ICU sources.
* debian/patches:
- upstream/libdrm.patch - drop, merged upstream.
- debianization/manpage.patch - drop a small chunk merged upstream.
- system/icu.patch - drop now that we're bundling ICU.
- bullseye/icu-types.patch - drop now that we're bundling ICU.
- system/convertutf.patch - update build for bundled ICU path.
- fixes/closure.patch - drop now that we're no longer using lite tarball.
- disable/driver-chrome-path.patch - refresh for BUILDFLAG() macro.
- system/jsoncpp.patch - refresh for unrelated ios change.
- disable/catapult.patch - refresh due to moving around of .pak files.
* New upstream stable release.
- CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani
- CVE-2022-1127: Use after free in QR Code Generator.
Reported by anonymous
- CVE-2022-1128: Inappropriate implementation in Web Share API.
Reported by Abdel Adim (@smaury92) Oisfi of Shielder
- CVE-2022-1129: Inappropriate implementation in Full Screen Mode.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-1130: Insufficient validation of untrusted input in WebOTP.
Reported by Sergey Toshin of Oversecurity Inc.
- CVE-2022-1131: Use after free in Cast UI. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2022-1132: Inappropriate implementation in Virtual Keyboard.
Reported by Andr.Ess
- CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous
- CVE-2022-1134: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab
- CVE-2022-1135: Use after free in Shopping Cart.
Reported by Wei Yuan of MoyunSec VLab
- CVE-2022-1136: Use after free in Tab Strip . Reported by Krace
- CVE-2022-1137: Inappropriate implementation in Extensions.
Reported by Thomas Orlita
- CVE-2022-1138: Inappropriate implementation in Web Cursor.
Reported by Alesandro Ortiz
- CVE-2022-1139: Inappropriate implementation in Background Fetch API.
Reported by Maurice Dauer
- CVE-2022-1141: Use after free in File Manager.
Reported by raven at KunLun lab
- CVE-2022-1142: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab
- CVE-2022-1143: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab
- CVE-2022-1144: Use after free in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab
- CVE-2022-1145: Use after free in Extensions.
Reported by Yakun Zhang of Baidu Security
- CVE-2022-1146: Inappropriate implementation in Resource Timing.
Reported by Sohom Datta
-- Andres Salomon <email address hidden> Fri, 01 Apr 2022 15:02:16 -0400
| Superseded in sid-release |
chromium (99.0.4844.84-1) unstable; urgency=high
* New upstream security ("just *ONE* security hole, that's it?!") release.
- CVE-2022-1096: Type Confusion in V8. Reported by anonymous.
-- Andres Salomon <email address hidden> Sat, 26 Mar 2022 00:16:52 -0500
| Superseded in bullseye-release |
chromium (99.0.4844.74-1~deb11u1) bullseye-security; urgency=high
* New upstream security release.
- CVE-2022-0971: Use after free in Blink Layout.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0972: Use after free in Extensions.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0973: Use after free in Safe Browsing.
Reported by avaue and Buff3tts at S.S.L.
- CVE-2022-0974 : Use after free in Splitscreen.
Reported by @ginggilBesel.
- CVE-2022-0975: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa).
- CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair.
- CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani.
- CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of
Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous.
- CVE-2022-0980: Use after free in New Tab Page. Reported by Krace.
-- Andres Salomon <email address hidden> Wed, 16 Mar 2022 13:51:21 -0500
| Superseded in sid-release |
chromium (99.0.4844.74-1) unstable; urgency=high
* New upstream security release.
- CVE-2022-0971: Use after free in Blink Layout.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0972: Use after free in Extensions.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0973: Use after free in Safe Browsing.
Reported by avaue and Buff3tts at S.S.L.
- CVE-2022-0974 : Use after free in Splitscreen.
Reported by @ginggilBesel.
- CVE-2022-0975: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa).
- CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair.
- CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani.
- CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of
Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous.
- CVE-2022-0980: Use after free in New Tab Page. Reported by Krace.
-- Andres Salomon <email address hidden> Wed, 16 Mar 2022 13:30:00 -0500
| Superseded in sid-release |
chromium (99.0.4844.51-2) unstable; urgency=medium
* Change dependency on xdg-desktop-portal-* packages to be
libgtk-3-0|xdg-desktop-portal-backend. Some folks don't want all
the dependencies of the xdg portal packages, and chromium really just
requires gtk unless runnning under KDE (closes: #1006267).
* Disable fieldtrial testing config to fix some sandboxing issues. We
used to do this, but the config flag was renamed (closes: #1003622).
* Adjust patches:
+ system/zlib.patch: drop part of it that is unnecessary.
-- Andres Salomon <email address hidden> Sun, 06 Mar 2022 12:46:55 -0500
| Superseded in sid-release |
chromium (99.0.4844.51-1) unstable; urgency=high
* Embed harfbuzz instead of using the system harfbuzz. Debian doesn't
yet package harfbuzz-subset (see #988781). Once it is packaged, we
can go back to using it.
* Build against Debian's rapidjson-dev package instead of ANGLE's
bundled rapidjson.
* Adjust patches:
+ system/harfbuzz.patch - drop, we're using bundled harfbuzz now.
+ upstream/quiche-include.patch - drop, merged upstream.
+ upstream/restrict.patch - drop, merged upstream.
+ upstream/sequence-point.patch - drop, merged upstream.
+ disable/installer.patch - use new BUILDFLAG() macro.
+ disable/unrar.patch - use new BUILDFLAG() macro.
+ disable/welcome-page.patch - use new BUILDFLAG() macro.
+ disable/widevine-cdm.cu.patch - use new BUILDFLAG() macro.
+ disable/tests.patch - drop unnecessary parts of the patch (which ends
up being most of it).
+ disable/angle-perftests.patch - drop config disabling ANGLE's rapidjson.
+ disable/swiftshader.patch - drop removal of rapidjson dependency.
* New upstream stable release.
- CVE-2022-0789: Heap buffer overflow in ANGLE.
Reported by SeongHwan Park (SeHwa).
- CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous.
- CVE-2022-0791: Use after free in Omnibox.
Reported by Zhihua Yao of KunLun Lab.
- CVE-2022-0792: Out of bounds read in ANGLE.
Reported by Jaehun Jeong(@n3sk) of Theori.
- CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita.
- CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani.
- CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960.
- CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim
of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-0797: Out of bounds memory access in Mojo.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0798: Use after free in MediaStream.
Reported by Samet Bekmezci @sametbekmezci.
- CVE-2022-0799: Insufficient policy enforcement in Installer.
Reported by Abdelhamid Naceri (halov).
- CVE-2022-0800: Heap buffer overflow in Cast UI.
Reported by Khalil Zhani.
- CVE-2022-0801: Inappropriate implementation in HTML parser.
Reported by Michał Bentkowski of Securitum.
- CVE-2022-0802: Inappropriate implementation in Full screen mode.
Reported by Irvan Kurniawan (sourc7).
- CVE-2022-0803: Inappropriate implementation in Permissions.
Reported by Abdulla Aldoseri.
- CVE-2022-0804: Inappropriate implementation in Full screen mode.
Reported by Irvan Kurniawan (sourc7).
- CVE-2022-0805: Use after free in Browser Switcher.
Reported by raven at KunLun Lab.
- CVE-2022-0806: Data leak in Canvas. Reported by Paril.
- CVE-2022-0807: Inappropriate implementation in Autofill.
Reported by Alesandro Ortiz.
- CVE-2022-0808: Use after free in Chrome OS Shell.
Reported by @ginggilBesel.
- CVE-2022-0809: Out of bounds memory access in WebXR.
Reported by @uwu7586.
-- Andres Salomon <email address hidden> Wed, 02 Feb 2022 21:53:14 -0500
| Superseded in sid-release |
chromium (98.0.4758.102-1) unstable; urgency=high
* Enable pipewire support in webrtc (closes: #954824).
* Enable optimize_webui. This UI speed improvement was originally
disabled due to nodejs deps, but recent upstream changes makes those
deps necessary either way (closes: #970571).
* Switch to using bundled node modules, to deal with (frequent) build
failures (closes: #1005466).
* Manually depend on xdg-desktop-portal-* packages. The file saving
dialog needs a UI toolkit (closes: #1005230).
* New upstream security release.
- CVE-2022-0603: Use after free in File Manager.
Reported by Chaoyuan Peng (@ret2happy).
- CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace.
- CVE-2022-0605: Use after free in Webstore API.
Reported by Thomas Orlita.
- CVE-2022-0606: Use after free in ANGLE.
- CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of
Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-0607: Use after free in GPU. Reported by 0x74960.
- CVE-2022-0608: Integer overflow in Mojo.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0609: Use after free in Animation. Reported by
Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group.
- CVE-2022-0610: Inappropriate implementation in Gamepad API.
Reported by Anonymous.
-- Andres Salomon <email address hidden> Tue, 15 Feb 2022 15:37:54 -0500
| Superseded in sid-release |
chromium (98.0.4758.80-1) unstable; urgency=high
* Update manpage for package rename and everyone moving to https.
* Drop libnpsr4-dev versioned dep.
* Drop a bunch of patches (changes shouldn't affect chromium users).
See https://salsa.debian.org/chromium-team/chromium/-/commits/master/
for the dropped patches.
* New upstream stable release.
- CVE-2022-0452: Use after free in Safe Browsing.
Reported by avaue at S.S.L.
- CVE-2022-0453: Use after free in Reader Mode.
Reported by Rong Jian of VRI.
- CVE-2022-0454: Heap buffer overflow in ANGLE.
Reported by Seong-Hwan Park (SeHwa).
- CVE-2022-0455: Inappropriate implementation in Full Screen Mode.
Reported by Irvan Kurniawan (sourc7).
- CVE-2022-0456: Use after free in Web Search.
Reported by Zhihua Yao of KunLun Lab.
- CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58.
- CVE-2022-0458: Use after free in Thumbnail Tab Strip.
Reported by Anonymous.
- CVE-2022-0459: Use after free in Screen Capture.
Reported by raven (@raid_akame).
- CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960.
- CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK.
- CVE-2022-0462: Inappropriate implementation in Scroll.
Reported by Youssef Sammouda.
- CVE-2022-0463: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab.
- CVE-2022-0464: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab.
- CVE-2022-0465: Use after free in Extensions.
Reported by Samet Bekmezci @sametbekmezci.
- CVE-2022-0466: Inappropriate implementation in Extensions Platform.
Reported by David Erceg.
- CVE-2022-0467: Inappropriate implementation in Pointer Lock.
Reported by Alesandro Ortiz.
- CVE-2022-0468: Use after free in Payments. Reported by Krace.
- CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita.
- CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang.
-- Andres Salomon <email address hidden> Sat, 05 Feb 2022 01:12:10 -0500
| Superseded in sid-release |
chromium (97.0.4692.99-1) unstable; urgency=high
* Add myself as an uploader.
* Ack my NMU (closes: #1003440).
* Remove Riku Voipio from uploaders at the request of the Debian MIA team -
thanks for all your past work on chromium, Riku! (closes: #1001562)
* Build-dep on terser | uglifyjs.terser (closes: #1001036).
* Revert automatic wayland detection for now (closes: #1003689).
We'll try again in chromium v98 or v99.
* New upstream stable release.
- CVE-2022-0289: Use after free in Safe browsing.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0290: Use after free in Site isolation. Reported by
Brendon Tiszka and Sergei Glazunov of Google Project Zero.
- CVE-2022-0291: Inappropriate implementation in Storage.
Reported by Anonymous.
- CVE-2022-0292: Inappropriate implementation in Fenced Frames.
Reported by Brendon Tiszka.
- CVE-2022-0293: Use after free in Web packaging. Reported by
Rong Jian and Guang Gong of 360 Alpha Lab.
- CVE-2022-0294: Inappropriate implementation in Push messaging.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab.
- CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang
(@Krace) and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2022-0296: Use after free in Printing. Reported by koocola(@alo_cook)
and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of
Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-0298: Use after free in Scheduling.
Reported by Yangkang (@dnpushme) of 360 ATA.
- CVE-2022-0300: Use after free in Text Input Method Editor. Reported by
Rong Jian and Guang Gong of 360 Alpha Lab.
- CVE-2022-0301: Heap buffer overflow in DevTools. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research.
- CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang
(@Krace) and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2022-0303: Race in GPU Watchdog.
Reported by Yiğit Can YILMAZ (@yilmazcanyigit).
- CVE-2022-0304: Use after free in Bookmarks. Reported by Rong Jian and
Guang Gong of 360 Alpha Lab.
- CVE-2022-0305: Inappropriate implementation in Service Worker API.
Reported by @uwu7586.
- CVE-2022-0306: Heap buffer overflow in PDFium.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0307: Use after free in Optimization Guide.
Reported by Samet Bekmezci @sametbekmezci.
- CVE-2022-0308: Use after free in Data Transfer.
Reported by @ginggilBesel.
- CVE-2022-0309: Inappropriate implementation in Autofill.
Reported by Alesandro Ortiz.
- CVE-2022-0310: Heap buffer overflow in Task Manager.
Reported by Samet Bekmezci @sametbekmezci.
- CVE-2022-0311: Heap buffer overflow in Task Manager.
Reported by Samet Bekmezci @sametbekmezci.
-- Andres Salomon <email address hidden> Wed, 19 Jan 2022 23:53:45 -0500
| Deleted in experimental-release (Reason: None provided.) |
chromium (99.0.4818.0-0.1) experimental; urgency=low
* Non-maintainer upload.
* New upstream development release.
* Build-dep on rapidjson-dev and actually use rapidjson instead of disabling
it in ANGLE.
-- Andres Salomon <email address hidden> Thu, 20 Jan 2022 01:09:01 -0500
| Superseded in sid-release |
chromium (97.0.4692.71-0.1) unstable; urgency=high
* Non-maintainer upload.
* Stop building chromium's bunded gn and instead build-dep on generate-ninja.
* Drop numerous patches related to gcc building, since we just build w/ clang.
* Use python3 as default instead of relying on python2
(closes: #942962, #996375).
* Enable the ozone backend in the build (closes: #955540).
* Automatically detect & enable Wayland support when launching chromium
(closes: #861796).
* Rename crashpad_handler to chrome_crashpad_handler.
* No longer hardcode desktop GL implementation as default - it causes
the chromium compositor's draw buffer to fill up & crash on my system.
* Enable official builds.
* New upstream stable release (closes: #995212).
- CVE-2022-0096: Use after free in Storage. Reported by Yangkang
(@dnpushme) of 360 ATA
- CVE-2022-0097: Inappropriate implementation in DevTools. Reported by
David Erceg
- CVE-2022-0098: Use after free in Screen Capture. Reported by
@ginggilBesel
- CVE-2022-0099: Use after free in Sign-in. Reported by Rox
- CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by
Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
Corp. Ltd.
- CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven
(@raid_akame)
- CVE-2022-0102: Type Confusion in V8. Reported by Brendon Tiszka
- CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin
Khan and Omair
- CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin
Khan and Omair
- CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber
Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani
- CVE-2022-0107: Use after free in File Manager API. Reported by raven
(@raid_akame)
- CVE-2022-0108: Inappropriate implementation in Navigation. Reported by
Luan Herrera (@lbherrera_)
- CVE-2022-0109: Inappropriate implementation in Autofill. Reported by
Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University
- CVE-2022-0110: Incorrect security UI in Autofill. Reported by
Alesandro Ortiz
- CVE-2022-0111: Inappropriate implementation in Navigation. Reported by
garygreen
- CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas
Orlita
- CVE-2022-0113: Inappropriate implementation in Blink. Reported by Luan
Herrera (@lbherrera_)
- CVE-2022-0114: Out of bounds memory access in Web Serial. Reported by
Looben Yang
- CVE-2022-0115: Uninitialized Use in File API. Reported by Mark Brand
of Google Project Zero
- CVE-2022-0116: Inappropriate implementation in Compositing. Reported
by Irvan Kurniawan (sourc7)
- CVE-2022-0117: Policy bypass in Service Workers. Reported by
Dongsung Kim (@kid1ng)
- CVE-2022-0118: Inappropriate implementation in WebShare. Reported by
Alesandro Ortiz
- CVE-2022-0120: Inappropriate implementation in Passwords. Reported by
CHAKRAVARTHI (Ruler96)
(96.0.4664.110)
- CVE-2021-4098: Insufficient data validation in Mojo. Reported by
Sergei Glazunov of Google Project Zero
- CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin
of Solita
- CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin
of Solita
- CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by
Abraruddin Khan and Omair
- CVE-2021-4102: Use after free in V8. Reported by Anonymous
(96.0.4664.93)
- CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of
MoyunSec VLab
- CVE-2021-4053: Use after free in UI. Reported by Rox
- CVE-2021-4079: Out of bounds write in WebRTC. Reported by Brendon
Tiszka
- CVE-2021-4054: Incorrect security UI in autofill. Reported by
Alesandro Ortiz
- CVE-2021-4078: Type confusion in V8. Reported by Nan
Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen
Rong
- CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360
Alpha Lab
- CVE-2021-4057: Use after free in file API. Reported by Sergei
Glazunov of Google Project Zero
- CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin
Khan and Omair
- CVE-2021-4059: Insufficient data validation in loader. Reported by
Luan Herrera (@lbherrera_)
- CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini
- CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso
and Guang Gong of 360 Alpha Lab
- CVE-2021-4063: Use after free in developer tools. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-4064: Use after free in screen capture. Reported by
@ginggilBesel
- CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010
from Topsec ChiXiao Lab
- CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun
Jeong(@n3sk) of Theori
- CVE-2021-4067: Use after free in window manager. Reported by
@ginggilBesel
- CVE-2021-4068: Insufficient validation of untrusted input in new tab
page. Reported by NDevTK
(96.0.4664.45)
- CVE-2021-38008: Use after free in media. Reported by Marcin Towalski
- CVE-2021-38009: Inappropriate implementation in cache.
Reported by Luan Herrera (@lbherrera_)
- CVE-2021-38006: Use after free in storage foundation.
Reported by Sergei Glazunov of Google Project Zero
- CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and
SGFvamll at Singular Security Lab
- CVE-2021-38005: Use after free in loader.
Reported by Sergei Glazunov of Google Project Zero
- CVE-2021-38010: Inappropriate implementation in service workers.
Reported by Sergei Glazunov of Google Project Zero
- CVE-2021-38011: Use after free in storage foundation.
Reported by Sergei Glazunov of Google Project Zero
- CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123)
- CVE-2021-38013: Heap buffer overflow in fingerprint recognition.
Reported by raven (@raid_akame)
- CVE-2021-38014: Out of bounds write in Swiftshader.
Reported by Atte Kettunen of OUSPG
- CVE-2021-38015: Inappropriate implementation in input.
Reported by David Erceg
- CVE-2021-38016: Insufficient policy enforcement in background fetch.
Reported by Maurice Dauer
- CVE-2021-38017: Insufficient policy enforcement in iframe sandbox.
Reported by NDevTK
- CVE-2021-38018: Inappropriate implementation in navigation.
Reported by Alesandro Ortiz
- CVE-2021-38019: Insufficient policy enforcement in CORS.
Reported by Maurice Dauer
- CVE-2021-38020: Insufficient policy enforcement in contacts picker.
Reported by Luan Herrera (@lbherrera_)
- CVE-2021-38021: Inappropriate implementation in referrer.
Reported by Prakash (@1lastBr3ath)
- CVE-2021-38022: Inappropriate implementation in WebAuthentication.
Reported by Michal Kepkowski
(95.0.4638.69)
- CVE-2021-37997: Use after free in Sign-In. Reported by Wei Yuan of
MoyunSec VLab
- CVE-2021-37998: Use after free in Garbage Collection. Reported by
Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
Corp. Ltd.
- CVE-2021-37999: Insufficient data validation in New Tab Page.
Reported by Ashish Arun Dhone
- CVE-2021-38000: Insufficient validation of untrusted input in Intents.
Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google
Threat Analysis Group
- CVE-2021-38001: Type Confusion in V8. Reported by @s0rrymybad of
Kunlun Lab via Tianfu Cup
- CVE-2021-38002: Use after free in Web Transport. Reported by @__R0ng
of 360 Alpha Lab, 漏洞研究院青训队 via Tianfu Cup
- CVE-2021-38003: Inappropriate implementation in V8. Reported by Clément
Lecigne from Google TAG and Samuel Groß from Google Project Zero
- CVE-2021-38004: Insufficient policy enforcement in Autofill. Reported
by Mark Amery
(95.0.4638.54)
- CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang
(@dnpushme) of 360 ATA
- CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang
(@Krace) from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao
of KunLun Lab
- CVE-2021-37984: Heap buffer overflow in PDFium. Reported by Antti
Levomäki, Joonas Pihlaja and Christian Jalio from Forcepoint
- CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme)
of 360 ATA
- CVE-2021-37986: Heap buffer overflow in Settings.
Reported by raven (@raid_akame)
- CVE-2021-37987: Use after free in Network APIs. Reported by
Yangkang (@dnpushme) of 360 ATA
- CVE-2021-37988: Use after free in Profiles. Reported by raven
(@raid_akame)
- CVE-2021-37989: Inappropriate implementation in Blink.
Reported by Matt Dyas, Ankur Sundara
- CVE-2021-37990: Inappropriate implementation in WebView. Reported by
Kareem Selim of CyShield
- CVE-2021-37991: Race in V8. Reported by Samuel Groß of Google Project
Zero
- CVE-2021-37992: Out of bounds read in WebAudio. Reported by
sunburst@Ant Security Light-Year Lab
- CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy
Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2021-37996: Insufficient validation of untrusted input in Downloads.
Reported by Anonymous
- CVE-2021-37994: Inappropriate implementation in iFrame Sandbox.
Reported by David Erceg
- CVE-2021-37995: Inappropriate implementation in WebApp Installer.
Reported by Terence Eden
(94.0.4606.81)
- CVE-2021-37977: Use after free in Garbage Collection. Reported by
Anonymous
- CVE-2021-37978: Heap buffer overflow in Blink. Reported by Yangkang
(@dnpushme) of 360 ATA
- CVE-2021-37979: Heap buffer overflow in WebRTC. Reported by Marcin
Towalski of Cisco Talos
- CVE-2021-37980: Inappropriate implementation in Sandbox. Reported by
Yonghwi Jin (@jinmo123) of Theori
(94.0.4606.71)
- CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng
Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2021-37975: Use after free in V8. Reported by Anonymous
- CVE-2021-37976: Information leak in core. Reported by Clément Lecigne
from Google TAG, with technical assistance from Sergei Glazunov and
Mark Brand from Google Project Zero
(94.0.4606.61)
- CVE-2021-37973: Use after free in Portals. Reported by Clément Lecigne
from Google TAG, with technical assistance from Sergei Glazunov and
Mark Brand from Google Project Zero
(94.0.4606.54)
- CVE-2021-37956 Use after free in Offline use. Reported by Huyna at
Viettel Cyber Security
- CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang
- CVE-2021-37958: Inappropriate implementation in Navigation. Reported by
James Lee (@Windowsrcer)
- CVE-2021-37959: Use after free in Task Manager. Reported by raven
(@raid_akame)
- CVE-2021-37961: Use after free in Tab Strip. Reported by Khalil Zhani
- CVE-2021-37962: Use after free in Performance Manager. Reported by Sri
- CVE-2021-37963: Side-channel information leakage in DevTools. Reported
by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen
and Shaked Yehezkel, Tel Aviv University, Sioli O’Connell, University of
Adelaide, and Jason Kim, Georgia Institute of Technology
- CVE-2021-37964: Inappropriate implementation in ChromeOS Networking.
Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong
Kong
- CVE-2021-37965: Inappropriate implementation in Background Fetch API.
Reported by Maurice Dauer
- CVE-2021-37966: Inappropriate implementation in Compositing. Reported by
Mohit Raj (shadow2639)
- CVE-2021-37967: Inappropriate implementation in Background Fetch API.
Reported by SorryMybad (@S0rryMybad) of Kunlun Lab
- CVE-2021-37968: Inappropriate implementation in Background Fetch API.
Reported by Maurice Dauer
- CVE-2021-37969: Inappropriate implementation in Google Updater. Reported
by Abdelhamid Naceri (halov)
- CVE-2021-37970: Use after free in File System API. Reported by
SorryMybad (@S0rryMybad) of Kunlun Lab
- CVE-2021-37971: Incorrect security UI in Web Browser UI. Reported by
Rayyan Bijoora
- CVE-2021-37972: Out of bounds read in libjpeg-turbo. Reported by Xu
Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin
-- Andres Salomon <email address hidden> Mon, 10 Jan 2022 01:38:13 -0500
| Superseded in sid-release |
chromium (93.0.4577.82-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2021-30625: Use after free in Selection API. Reported by Marcin
Towalski of Cisco Talos
- CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by
Jeonghoon Shin of Theori
- CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of
OUSPG
- CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong
@n3sk of Theori
- CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang
@Krace from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2021-30630: Inappropriate implementation in Blink . Reported by
SorryMybad @S0rryMybad of Kunlun Lab
- CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen
of OUSPG
- CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous
- CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous
- CVE-2021-30606: Use after free in Blink. Reported by Nan Wang
@eternalsakura13 and koocola @alo_cook of 360 Alpha Lab
- CVE-2021-30607: Use after free in Permissions. Reported by Weipeng Jiang
@Krace from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel
Cyber Security
- CVE-2021-30609: Use after free in Sign-In. Reported by raven @raid_akame
- CVE-2021-30610: Use after free in Extensions API. Reported by Igor
Bukanov from Vivaldi
- CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang
@eternalsakura13 and koocola @alo_cook of 360 Alpha Lab
- CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang
@eternalsakura13 and koocola @alo_cook of 360 Alpha Lab
- CVE-2021-30613: Use after free in Base internals. Reported by Yangkang
@dnpushme of 360 ATA
- CVE-2021-30614: Heap buffer overflow in TabStrip. Reported by Huinian
Yang @vmth6 of Amber Security Lab, OPPO Mobile Telecommunications Corp.
Ltd.
- CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK
- CVE-2021-30616: Use after free in Media. Reported by Anonymous
- CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK
- CVE-2021-30618: Inappropriate implementation in DevTools. Reported by
@DanAmodio and @mattaustin from Contrast Security
- CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz
- CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun
Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman
Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-30622: Use after free in WebApp Installs. Reported by Jun
Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of
MoyunSec VLab
- CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul
- CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul
- CVE-2021-30600: Use after free in Printing. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-30601: Use after free in Extensions API. Reported by koocola
@alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab
- CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of
Cisco Talos
- CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google
Project Zero
- CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park
SeHwa of SecunologyLab
- CVE-2021-30554: Use after free in WebGL. Reported by anonymous
- CVE-2021-30555: Use after free in Sharing. Reported by David Erceg
- CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang
@dnpushme of 360 ATA
- CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg
- CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and
Guang Gong of 360 Alpha Lab
- CVE-2021-30545: Use after free in Extensions. Reported by kkwon with
everpall and kkomdal
- CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman
Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park
SeHwa of SecunologyLab
- CVE-2021-30548: Use after free in Loader. Reported by Yangkang @dnpushme
& Wanglu of Qihoo360 Qex Team
- CVE-2021-30549: Use after free in Spell check. Reported by David Erceg
- CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg
- CVE-2021-30551: Type Confusion in V8. Reported by Clement Lecigne of
Google's Threat Analysis Group and Sergei Glazunov of Google Project Zero
- CVE-2021-30552: Use after free in Extensions. Reported by David Erceg
- CVE-2021-30553: Use after free in Network service. Reported by Anonymous
- CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia
Song
- CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of
Cisco Talos
- CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev
- CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg
- CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg
- CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg
- CVE-2021-30527: Use after free in WebUI. Reported by David Erceg
- CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue
Mo of GitHub Security Lab
- CVE-2021-30529: Use after free in Bookmarks. Reported by koocola
@alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab
- CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by
kkwon
- CVE-2021-30531: Insufficient policy enforcement in Content Security
Policy. Reported by Philip Papurt
- CVE-2021-30532: Insufficient policy enforcement in Content Security
Policy. Reported by Philip Papurt
- CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported
by Eliya Stein
- CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox.
Reported by Alesandro Ortiz
- CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu
of WeChat Open Platform Security Team
- CVE-2021-21212: Insufficient data validation in networking. Reported by
Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong
- CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls @salls
- CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by
Jun Kokatsu @shhnjk
- CVE-2021-30538: Insufficient policy enforcement in content security
policy. Reported by Tianze Ding @D1iv3 of Tencent Security Xuanwu Lab
- CVE-2021-30539: Insufficient policy enforcement in content security
policy. Reported by unnamed researcher
- CVE-2021-30540: Incorrect security UI in payments. Reported by
@retsew0x01
-- Michel Le Bihan <email address hidden> Thu, 16 Sep 2021 17:48:15 +0200
| Published in buster-release |
chromium (89.0.4389.114-1~deb10u1) buster-security; urgency=medium
* New upstream security release.
- CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin
'Icewall' Noga of Cisco Talos
- CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous
- CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by
Alison Huffman
- CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison
Huffman
- CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison
Huffman
- CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and
Guang Gong
- CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by
Luan Herrera
- CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu
and Moon Liang
- CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
Reported by Irvan Kurniawan
- CVE-2021-21172: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
- CVE-2021-21173: Side-channel information leakage in Network Internals.
Reported by Tom Van Goethem
- CVE-2021-21174: Inappropriate implementation in Referrer. Reported by
Ashish Gautam Kamble
- CVE-2021-21175: Inappropriate implementation in Site isolation. Reported
by Jun Kokatsu
- CVE-2021-21176: Inappropriate implementation in full screen mode.
Reported by Luan Herrera
- CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by
Abdulrahman Alqabandi
- CVE-2021-21178: Inappropriate implementation in Compositing. Reported by
Japong
- CVE-2021-21179: Use after free in Network Internals. Reported by
Anonymous
- CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman
Alqabandi
- CVE-2021-21181: Side-channel information leakage in autofill. Reported by
Xu Lin, Panagiotis Ilias, Jason Polakis
- CVE-2021-21182: Insufficient policy enforcement in navigations. Reported
by Luan Herrera
- CVE-2021-21183: Inappropriate implementation in performance APIs.
Reported by Takashi Yoneuchi
- CVE-2021-21184: Inappropriate implementation in performance APIs.
Reported by James Hartig
- CVE-2021-21185: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported
by dhirajkumarnifty
- CVE-2021-21187: Insufficient data validation in URL formatting. Reported
by Kirtikumar Anandrao Ramchandani
- CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh
- CVE-2021-21189: Insufficient policy enforcement in payments. Reported by
Khalil Zhani
- CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting
- CVE-2021-21191: Use after free in WebRTC. Reported by raven
- CVE-2021-21192: Heap buffer overflow in tab groups. Reported by
Abdulrahman Alqabandi
- CVE-2021-21193: Use after free in Blink. Reported by Anonymous
- CVE-2021-21194: Use after free in screen capture. Reported by Leecraso
and Guang Gong
- CVE-2021-21195: Use after free in V8. Reported by Liu and Liang
- CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman
Alqabandi
- CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand
- CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang
-- Michael Gilbert <email address hidden> Sun, 04 Apr 2021 13:39:43 +0000
chromium (90.0.4430.212-1) unstable; urgency=medium
* New upstream security release.
- CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by
@retsew0x01
- CVE-2021-30507: Inappropriate implementation in Offline. Reported by
Alison Huffman
- CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso
and Guang Gong
- CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg
- CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang
- CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg
- CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song
- CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo
- CVE-2021-30514: Use after free in Autofill. Reported by koocola and Wang
- CVE-2021-30515: Use after free in File API. Reported by Rong Jian and
Guang Gong
- CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song
- CVE-2021-30517: Type Confusion in V8. Reported by laural
- CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun
Kokatsu
- CVE-2021-30519: Use after free in Payments. Reported by asnine
- CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani
-- Michael Gilbert <email address hidden> Thu, 13 May 2021 02:50:43 +0000
| Superseded in sid-release |
chromium (90.0.4430.93-1) unstable; urgency=medium
* New upstream security release (closes: #987715).
- CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab
- CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair
- CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu
- CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639)
- CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul
- CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero
* Disable libaom on arm to potentially fix FTBFS on armhf
-- Michel Le Bihan <email address hidden> Wed, 28 Apr 2021 12:15:32 +0200
| Superseded in sid-release |
chromium (90.0.4430.85-1) unstable; urgency=medium
* New upstream security release (closes: #987358).
- CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of
Alpha Lab, Qihoo 360
- CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha
Lab, Qihoo 360
- CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez tr0y4
from VerSprite Inc.
- CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon
Tiszka @btiszka supporting the EFF
- CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka
@btiszka supporting the EFF
-- Michel Le Bihan <email address hidden> Thu, 22 Apr 2021 13:01:41 +0200
| Superseded in sid-release |
chromium (90.0.4430.72-1) unstable; urgency=medium
* New upstream security release (closes: #987053).
- CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu
and Jianyu Chen when working at Tencent KeenLab
- CVE-2021-21202: Use after free in extensions. Reported by David Erceg
- CVE-2021-21203: Use after free in Blink. Reported by asnine
- CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek,
Jeanette Ulloa, and Emily Voigtlander of Seesaw
- CVE-2021-21205: Insufficient policy enforcement in navigation. Reported
by Alison Huffman, Microsoft Browser Vulnerability Research
- CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
Reported by Guang Gong of Alpha Lab, Qihoo 360
- CVE-2021-21207: Use after free in IndexedDB. Reported by koocola
@alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab
- CVE-2021-21208: Insufficient data validation in QR scanner. Reported by
Ahmed Elsobky @0xsobky
- CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom
Van Goethem @tomvangoethem
- CVE-2021-21210: Inappropriate implementation in Network. Reported by
@bananabr
- CVE-2021-21211: Inappropriate implementation in Navigation. Reported by
Akash Labade m0ns7er
- CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by
Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong
- CVE-2021-21213: Use after free in WebMIDI. Reported by raven
@raid_akame
- CVE-2021-21214: Use after free in Network API. Reported by Anonymous
- CVE-2021-21215: Inappropriate implementation in Autofill. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21216: Inappropriate implementation in Autofill. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting
@zhouat1 of Qihoo 360 Vulcan Team
- CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting
@zhouat1 of Qihoo 360 Vulcan Team
- CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting
@zhouat1 of Qihoo 360 Vulcan Team
-- Michel Le Bihan <email address hidden> Mon, 19 Apr 2021 19:13:47 +0200
| Superseded in sid-release |
chromium (89.0.4389.114-1) unstable; urgency=medium
* New upstream security release (closes: #986335).
- CVE-2021-21194: Use after free in screen capture. Reported by Leecraso
and Guang Gong
- CVE-2021-21195: Use after free in V8. Reported by Liu and Liang
- CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman
Alqabandi
- CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand
- CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang
-- Michael Gilbert <email address hidden> Sun, 04 Apr 2021 00:34:12 +0000
| Superseded in buster-release |
chromium (88.0.4324.182-1~deb10u1) buster-security; urgency=medium
* New upstream security release.
- CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens
- CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya
Tsukasaki
- CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh
- CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani
- CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous
- CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge
- CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by
Abdulrahman Alqabandi
- CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil
Zhani
- CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov
- CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous
-- Michael Gilbert <email address hidden> Thu, 18 Feb 2021 15:04:44 +0000
| Superseded in sid-release |
chromium (89.0.4389.90-1) unstable; urgency=medium
* New upstream security release (closes: #985271).
- CVE-2021-21191: Use after free in WebRTC. Reported by raven @raid_akame
- CVE-2021-21192: Heap buffer overflow in tab groups. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21193: Use after free in Blink. Reported by Anonymous
(closes: #985142)
* Fix build with libvpx 1.7.0 and libicu63 (closes: #984926).
* Change debian/rules to not leave debian/scripts/mk-origtargz
-- Michel Le Bihan <email address hidden> Mon, 15 Mar 2021 12:57:00 +0100
| Superseded in sid-release |
chromium (89.0.4389.82-1) unstable; urgency=medium
* New upstream stable release (closes: #984532).
- CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin
'Icewall' Noga of Cisco Talos
- CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous
- CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by
Alison Huffman, Microsoft Browser Vulnerability Research
- CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported
by Muneaki Nishimura nishimunea
- CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
- CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
- CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by
Luan Herrera @lbherrera_
- CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu
@P4nda20371774 and Moon Liang of Tencent Security Xuanwu Lab
- CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
Reported by Irvan Kurniawan sourc7
- CVE-2021-21172: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
- CVE-2021-21173: Side-channel information leakage in Network Internals.
Reported by Tom Van Goethem from imec-DistriNet, KU Leuven
- CVE-2021-21174: Inappropriate implementation in Referrer. Reported by
Ashish Gautam Kamble
- CVE-2021-21175: Inappropriate implementation in Site isolation. Reported
by Jun Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2021-21176: Inappropriate implementation in full screen mode.
Reported by Luan Herrera @lbherrera_
- CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21178: Inappropriate implementation in Compositing. Reported by
Japong
- CVE-2021-21179: Use after free in Network Internals. Reported by
Anonymous
- CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman
Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Sean
Campbell at Tableau
- CVE-2021-21181: Side-channel information leakage in autofill. Reported by
Xu Lin (University of Illinois at Chicago), Panagiotis Ilia University of
Illinois at Chicago, Jason Polakis University of Illinois at Chicago
- CVE-2021-21182: Insufficient policy enforcement in navigations. Reported
by Luan Herrera @lbherrera_
- CVE-2021-21183: Inappropriate implementation in performance APIs.
Reported by Takashi Yoneuchi @y0n3uchy
- CVE-2021-21184: Inappropriate implementation in performance APIs.
Reported by James Hartig
- CVE-2021-21185: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported
by dhirajkumarnifty
- CVE-2021-21187: Insufficient data validation in URL formatting. Reported
by Kirtikumar Anandrao Ramchandani
- CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh
@pwn_expoit of STEALIEN
- CVE-2021-21189: Insufficient policy enforcement in payments. Reported by
Khalil Zhani
- CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting
@zhouat1 of Qihoo 360 Vulcan Team
-- Michel Le Bihan <email address hidden> Mon, 08 Mar 2021 09:48:03 +0100
| Superseded in sid-release |
chromium (88.0.4324.182-1) unstable; urgency=medium
* New upstream security release.
- CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya
Tsukasaki
- CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh
- CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani
- CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous
- CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge
- CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by
Abdulrahman Alqabandi
- CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil
Zhani
- CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov
- CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous
-- Michael Gilbert <email address hidden> Thu, 18 Feb 2021 00:56:55 +0000
| Superseded in sid-release |
chromium (88.0.4324.150-1) unstable; urgency=medium
* New upstream security release (closes: #982205).
- CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens
-- Michel Le Bihan <email address hidden> Tue, 09 Feb 2021 13:02:34 +0100
| Superseded in buster-release |
chromium (87.0.4280.141-0.1~deb10u1) buster-security; urgency=high
* Non-maintainer upload.
* New upstream security release (closes: 979520).
- CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang
@Krace from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang
Gong of 360 Alpha Lab
- CVE-2021-21109: Use after free in payments. Reported by Rong Jian and
Guang Gong of 360 Alpha Lab
- CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous
- CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by
Alesandro Ortiz
- CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee
@ashuu_lee of Raon Whitehat
- CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu
- CVE-2020-16043: Insufficient data validation in networking. Reported by
Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis
- CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub
Security Lab
- CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu
@P4nda20371774 of Tencent Security Xuanwu Lab
- CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
* Use desktop gl implementation as default. (closes: 979135)
-- Jan Luca Naumann <email address hidden> Mon, 11 Jan 2021 17:04:13 +0100
| Superseded in sid-release |
chromium (88.0.4324.146-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani
- CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen
Parker & Alex Morgan of MU
- CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso
and Guang Gong of 360 Alpha Lab
- CVE-2021-21145: Use after free in Fonts. Reported by Anonymous
- CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman
and Choongwoo Han of Microsoft Browser Vulnerability Research
- CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman
Starkov
-- Michel Le Bihan <email address hidden> Wed, 03 Feb 2021 11:11:02 +0100
| Superseded in sid-release |
chromium (88.0.4324.96-2) unstable; urgency=medium * Add Michel Le Bihan to uploaders. * Add openjpeg include dirs to pdfium BUILD.gn (closes: #981270). -- Michel Le Bihan <email address hidden> Fri, 29 Jan 2021 12:37:49 +0100
| Superseded in sid-release |
chromium (88.0.4324.96-1) unstable; urgency=medium
* Organize patches.
* Use system vpx again.
* Support icu 6.3 and clang 7 in buster again.
* Apply the non-maintainer uploads (closes: #972134).
- Thanks to Michel Le Bihan, Jan Luca Naumann, and Peter Michael Green.
-- Michael Gilbert <email address hidden> Wed, 27 Jan 2021 01:40:59 +0000
| Superseded in sid-release |
chromium (88.0.4324.96-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream stable release (closes: 980564).
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported
by Rory McNamara
- CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler
Nighswander @tylerni7 of Theori
- CVE-2021-21119: Use after free in Media. Reported by Anonymous
- CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang
@eternalsakura13 and Guang Gong of 360 Alpha Lab
- CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang
Gong of 360 Alpha Lab
- CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan
- CVE-2021-21123: Insufficient data validation in File System API. Reported
by Maciej Pulikowski
- CVE-2021-21124: Potential user after free in Speech Recognizer. Reported
by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin
Group
- CVE-2021-21125: Insufficient policy enforcement in File System API.
Reported by Ron Masas
- CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of
Project Zero
- CVE-2021-21126: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2021-21127: Insufficient policy enforcement in extensions. Reported
by Jasminder Pal Singh, Web Services Point WSP, Kotkapura
- CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong
- CVE-2021-21129: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
- CVE-2021-21130: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
- CVE-2021-21131: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
- CVE-2021-21132: Inappropriate implementation in DevTools. Reported by
David Erceg
- CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by
wester0x01
- CVE-2021-21134: Incorrect security UI in Page Info. Reported by
wester0x01
- CVE-2021-21135: Inappropriate implementation in Performance API. Reported
by ndevtk
- CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by
Shiv Sahni, Movnavinothan V and Imdad Mohammed
- CVE-2021-21137: Inappropriate implementation in DevTools. Reported by
bobblybear
- CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang
@Krace from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported
by Jun Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri
- CVE-2021-21141: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
[ Jan Luca Naumann ]
* Add watch file.
[ Mattia Rizzolo ]
* Change get-orig-source to produce reproducible tarballs.
-- Michel Le Bihan <email address hidden> Wed, 20 Jan 2021 23:23:08 +0100
| Superseded in sid-release |
chromium (87.0.4280.141-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream security release (closes: 979520).
- CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang
@Krace from Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang
Gong of 360 Alpha Lab
- CVE-2021-21109: Use after free in payments. Reported by Rong Jian and
Guang Gong of 360 Alpha Lab
- CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous
- CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by
Alesandro Ortiz
- CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee
@ashuu_lee of Raon Whitehat
- CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu
- CVE-2020-16043: Insufficient data validation in networking. Reported by
Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis
- CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub
Security Lab
- CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu
@P4nda20371774 of Tencent Security Xuanwu Lab
- CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
[ Jan Luca Naumann ]
* Use desktop gl implementation as default. (closes: 979135)
-- Michel Le Bihan <email address hidden> Sat, 09 Jan 2021 11:24:58 +0100
| Superseded in sid-release |
chromium (87.0.4280.88-0.4) unstable; urgency=medium * Non-maintainer upload. [ Michel Le Bihan ] * Install ANGLE EGL and GLESv2 libs (closes: 977870). * Disable Widevine CDM component updater (closes: 960454). * Disable usage of google-chrome in driver (closes: 930543). [ Jan Luca Naumann ] * Remove python3-xcbgen from Build-Deps * Changes to allow building on buster * Add patch for explicit python2 usage in scripts -- Michel Le Bihan <email address hidden> Tue, 29 Dec 2020 10:58:42 +0100
| Superseded in sid-release |
chromium (87.0.4280.88-0.3) unstable; urgency=medium * Non-maintainer upload. * Fix double-delete in content service worker (closes: 977901). -- Michel Le Bihan <email address hidden> Wed, 23 Dec 2020 11:55:48 +0100
| Superseded in sid-release |
chromium (87.0.4280.88-0.2) unstable; urgency=medium * Non-maintainer upload. * Exclude debian dir from unversioned python conversion script -- Michel Le Bihan <michel@debian> Sun, 20 Dec 2020 22:14:50 +0100
| Superseded in sid-release |
chromium (87.0.4280.88-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream stable release (closes: 973848).
- CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki
- CVE-2020-16038: Use after free in media. Reported by Khalil Zhani
- CVE-2020-16039: Use after free in extensions. Reported by Anonymous
- CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas
Pinheiro, Microsoft Browser Vulnerability Research
- CVE-2020-16041: Out of bounds read in networking. Reported by Sergei
Glazunov and Mark Brand of Google Project Zero
- CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull
- CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of
GitHub Security Lab
- CVE-2020-16019: Inappropriate implementation in filesystem. Reported by
Rory McNamara
- CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by
Rory McNamara
- CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara
- CVE-2020-16022: Insufficient policy enforcement in networking. Reported
by @SamyKamkar
- CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong
Jian and Leecraso of 360 Alpha Lab
- CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and
Leecraso of 360 Alpha Lab
- CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka
and David Manouchehri supporting the @eff
- CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov
of Google Project Zero
- CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei
Glazunov of Google Project Zero
- CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim
- CVE-2020-16027: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine
- CVE-2020-16029: Inappropriate implementation in PDFium. Reported by
Anonymous
- CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał
Bentkowski of Securitum
- CVE-2019-8075: Insufficient data validation in Flash. Reported by
Nethanel Gelernter, Cyberpion
- CVE-2020-16031: Incorrect security UI in tab preview. Reported by
wester0x01
- CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01
- CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani
- CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by
Benjamin Petermaier
- CVE-2020-16035: Insufficient data validation in cros-disks. Reported by
Rory McNamara
- CVE-2020-16012: Side-channel information leakage in graphics. Reported by
Aleksejs Popovs
- CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun
Kokatsu @shhnjk
- CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous
- CVE-2020-16017: Use after free in site isolation. Reported by Anonymous
- CVE-2020-16016: Inappropriate implementation in base. Reported by Rong
Jian and Leecraso of 360 Alpha Lab
- CVE-2020-16004: Use after free in user interface. Reported by Leecraso
and Guang Gong of 360 Alpha Lab working with 360 BugCloud
- CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by
Jaehun Jeong @n3sk of Theori
- CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill
Parks
- CVE-2020-16007: Insufficient data validation in installer. Reported by
Abdelhamid Naceri
- CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya
Korniltsev
- CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement
Lecigne of Google's Threat Analysis Group and Samuel Groß of Google
Project Zero
- CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei
Glazunov of Google Project Zero
- CVE-2020-16000: Inappropriate implementation in Blink. Reported by
amaebi_jp
- CVE-2020-16001: Use after free in media. Reported by Khalil Zhani
- CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang from
Codesafe Team of Legendsec at Qi'anxin Group
- CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei
Glazunov of Google Project Zero
- CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani
- CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of
GitHub Security Lab
- CVE-2020-15968: Use after free in Blink. Reported by Anonymous
- CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous
- CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub
Security Lab
- CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu,
Microsoft Browser Vulnerability Research
- CVE-2020-15972: Use after free in audio. Reported by Anonymous
- CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and
Guang Gong of Alpha Lab, Qihoo 360
- CVE-2020-15991: Use after free in password manager. Reported by Rong Jian
and Guang Gong of Alpha Lab, Qihoo 360
- CVE-2020-15973: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im of Theori
- CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous
- CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee
@ashuu_lee of Raon Whitehat
- CVE-2020-6557: Inappropriate implementation in networking. Reported by
Matthias Gierlings and Marcus Brinkmann
- CVE-2020-15977: Insufficient data validation in dialogs. Reported by
Narendra Bhati
- CVE-2020-15978: Insufficient data validation in navigation. Reported by
Luan Herrera @lbherrera_
- CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay
Cohen @ SeraphicAlgorithms
- CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by
Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab
- CVE-2020-15981: Out of bounds read in audio. Reported by Christoph
Guttandin
- CVE-2020-15982: Side-channel information leakage in cache. Reported by
Luan Herrera @lbherrera_
- CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun
Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by
Rayyan Bijoora
- CVE-2020-15985: Inappropriate implementation in Blink. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of
Google Project Zero
- CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke
- CVE-2020-15992: Insufficient policy enforcement in networking. Reported
by Alison Huffman, Microsoft Browser Vulnerability Research
- CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by
Samuel Attard
- CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans
- CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous
- CVE-2020-15961: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2020-15962: Insufficient policy enforcement in serial. Reported by
Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud
- CVE-2020-15963: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro,
Microsoft Browser Vulnerability Research
- CVE-2020-15966: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2020-15964: Insufficient data validation in media. Reported by Woojin
Oh @pwn_expoit of STEALIEN
- CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang
Gong of 360 Alpha Lab working with 360 BugCloud
- CVE-2020-6574: Insufficient policy enforcement in installer. Reported by
CodeColorist of Ant-Financial LightYear Labs
- CVE-2020-6575: Race in Mojo. Reported by Microsoft
- CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben
Yang
- CVE-2020-15959: Insufficient policy enforcement in networking. Reported
by Eric Lawrence of Microsoft
- CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
- CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei
and Wu Zekai of Tencent Security Xuanwu Lab
- CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by
Nadja Ungethuem from www.unnex.de
- CVE-2020-6561: Inappropriate implementation in Content Security Policy.
Reported by Rob Wu
- CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by
Masato Kinugawa
- CVE-2020-6563: Insufficient policy enforcement in intent handling.
Reported by Pedro Oliveira
- CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil
Zhani
- CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani
- CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun
Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2020-6567: Insufficient validation of untrusted input in command line
handling. Reported by Joshua Graham of TSS
- CVE-2020-6568: Insufficient policy enforcement in intent handling.
Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent
Security Xuanwu Lab
- CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei
- CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by
Signal/Tenable
- CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan
Bijoora
- CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
- CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco
Talos
- CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang
- CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori
- CVE-2020-6545: Use after free in audio. Reported by Anonymous
- CVE-2020-6546: Inappropriate implementation in installer. Reported by
Andrew Hess
- CVE-2020-6547: Incorrect security UI in media. Reported by David Albert
- CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han,
Microsoft Browser Vulnerability Research
- CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of
Google Project Zero
- CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov
of Google Project Zero
- CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of
Google Project Zero
- CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori
- CVE-2020-6553: Use after free in offline mode. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
- CVE-2020-6554: Use after free in extensions. Reported by Anonymous
- CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski
of Cisco Talos
-- Michel Le Bihan <email address hidden> Tue, 01 Dec 2020 00:00:00 +0000
| Superseded in sid-release |
chromium (83.0.4103.116-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Add 64-bit time syscalls to syscall whitelist and clock selection
parameter filtering code
* Switch to explicitly versioned python2
+ Update build-depends
+ Replace references to /usr/bin/python and to env python
with /usr/bin/python2 and env python2
+ make exec_script in gn use python2
+ add code in debian/rules clean to set the shebang in
third_party/closure_compiler/compiler.py it seems someting in the upstream
build system sometimes resets it.
-- Peter Michael Green <email address hidden> Tue, 15 Sep 2020 13:10:35 +0000
| Deleted in experimental-release (Reason: None provided.) |
chromium (84.0.4147.105-1) experimental; urgency=medium
* New upstream security release.
- CVE-2020-6537: Type Confusion in V8. Reported by Rong Jian and Guang Gong
- CVE-2020-6532: Use after free in SCTP. Reported by Anonymous
- CVE-2020-6538: Inappropriate implementation in WebView. Reported by
Yongke Wang and Aryb1n
- CVE-2020-6539: Use after free in CSS. Reported by Oriol Brufau
- CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou
- CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov
-- Michael Gilbert <email address hidden> Sat, 01 Aug 2020 03:00:31 +0000
| Superseded in buster-release |
chromium (83.0.4103.116-1~deb10u3) buster-security; urgency=medium * Fix crashes when a connection error occurs (closes: #963548). -- Michael Gilbert <email address hidden> Sun, 12 Jul 2020 07:08:46 -0400
| Superseded in experimental-release |
chromium (84.0.4147.89-1) experimental; urgency=medium
* New upstream stable release.
- CVE-2020-6510: Heap buffer overflow in background fetch. Reported by
Leecraso and Guang Gong
- CVE-2020-6511: Side-channel information leakage in content security
policy. Reported by Mikhail Oblozhikhin
- CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu
- CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar
Nikolic
- CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by
Natalie Silvanovich
- CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA
- CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang and Aryb1n
- CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu
- CVE-2020-6518: Use after free in developer tools. Reported by David Erceg
- CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman
- CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou
- CVE-2020-6521: Side-channel information leakage in autofill. Reported by
Xu Lin, Panagiotis Ilia, Jason Polakis
- CVE-2020-6522: Inappropriate implementation in external protocol
handlers. Reported by Eric Lawrence
- CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu
Zekai
- CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta
- CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou
- CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported
by Jonathan Kingston
- CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong
Zhaochen
- CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan
Bijoora
- CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by
kaustubhvats7
- CVE-2020-6530: Out of bounds memory access in developer tools. Reported
by myvyang
- CVE-2020-6531: Side-channel information leakage in scroll to text.
Reported by Jun Kokatsu
- CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen
- CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous
- CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun
Kokatsu
- CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng
* Update information in debian/copyright.
* Include more upstream metadata information.
-- Michael Gilbert <email address hidden> Sun, 26 Jul 2020 15:21:41 +0000
| Published in stretch-release |
chromium (73.0.3683.75-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
- CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin
- CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand
- CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand
- CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny
- CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han
- CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5793: Excessive permissions for private API in Extensions.
Reported by Jun Kokatsu
- CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori
- CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand
- CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand
- CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung
- CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt
- CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu
- CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing
- CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew
Comminos
-- Michael Gilbert <email address hidden> Tue, 26 Mar 2019 23:43:33 +0000
| Superseded in sid-release |
chromium (83.0.4103.116-3) unstable; urgency=high
* Fix crashes when a connection error occurs (closes: #963548).
- Thank you so much to Riku Voipio.
-- Michael Gilbert <email address hidden> Sat, 11 Jul 2020 14:56:34 +0000
| Superseded in sid-release |
chromium (83.0.4103.116-2) unstable; urgency=medium * Fix crashes due to ffmpeg 4.3 (closes: #963035). -- Michael Gilbert <email address hidden> Mon, 29 Jun 2020 10:28:15 +0000
| Superseded in sid-release |
chromium (83.0.4103.116-1) unstable; urgency=medium
* New upstream security release.
- CVE-2020-6509: Use after free in extensions. Reported by Anonymous
-- Michael Gilbert <email address hidden> Mon, 22 Jun 2020 19:45:51 +0000
| Superseded in sid-release |
chromium (83.0.4103.106-1) unstable; urgency=medium
* New upstream security release.
- CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous
- CVE-2020-6494: Incorrect security UI in payments. Reported by Juho
Nurminen
- CVE-2020-6495: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani
- CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by
Rayyan Bijoora
- CVE-2020-6498: Incorrect security UI in progress display. Reported by
Rayyan Bijoora
- CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani
- CVE-2020-6506: Insufficient policy enforcement in WebView. Reported by
Alesandro Ortiz
- CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov
* Conflict with ffmpeg 4.3 (closes: #963080).
* Support building with icu 67 (closes: #960236).
* Support building with re2 20200501 (closes: #960361).
-- Michael Gilbert <email address hidden> Fri, 19 Jun 2020 00:40:28 +0000
| Superseded in sid-release |
chromium (83.0.4103.83-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso
and Guang Gong
- CVE-2020-6458: Out of bounds read and write in PDFium. Reported by
Aleksandar Nikolic
- CVE-2020-6459: Use after free in payments. Reported by Zhe Jin
- CVE-2020-6460: Insufficient data validation in URL formatting. Reported
by Anonymous
- CVE-2020-6461: Use after free in storage. Reported by Zhe Jin
- CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin
- CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial
- CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang
- CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh
- CVE-2020-6466: Use after free in media. Reported by Zhe Jin
- CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song
- CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake
Corina
- CVE-2020-6469: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6470: Insufficient validation of untrusted input in clipboard.
Reported by Michał Bentkowski
- CVE-2020-6471: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6472: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by
Soroush Karami and Panagiotis Ilia
- CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin
- CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil
Zhani
- CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by
Alexandre Le Borgne
- CVE-2020-6478: Inappropriate implementation in full screen. Reported by
Khalil Zhani
- CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong
Zhaochen
- CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by
Marvin Witt
- CVE-2020-6481: Insufficient policy enforcement in URL formatting.
Reported by Rayyan Bijoora
- CVE-2020-6482: Insufficient policy enforcement in developer tools.
Reported by Abdulrahman Alqabandi
- CVE-2020-6483: Insufficient policy enforcement in payments. Reported by
Jun Kokatsu
- CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by
Artem Zinenko
- CVE-2020-6485: Insufficient data validation in media router. Reported by
Sergei Glazunov
- CVE-2020-6486: Insufficient policy enforcement in navigations. Reported
by David Erceg
- CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by
Jun Kokatsu
- CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by
David Erceg
- CVE-2020-6489: Inappropriate implementation in developer tools. Reported
by @lovasoa
- CVE-2020-6490: Insufficient data validation in loader. Reported by
Twitter
- CVE-2020-6491: Incorrect security UI in site information. Reported by
Sultan Haikal
- CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie
Silvanovich
-- Michael Gilbert <email address hidden> Thu, 18 Jun 2020 02:05:11 +0000
| Superseded in buster-release |
chromium (80.0.3987.162-1~deb10u1) buster-security; urgency=medium
* New upstream security release.
- CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo
- CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo
- CVE-2020-6452: Heap buffer overflow in media. Reported by asnine
-- Michael Gilbert <email address hidden> Thu, 02 Apr 2020 22:23:57 +0000
| Superseded in sid-release |
chromium (81.0.4044.92-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2020-6423: Use after free in audio. Reported by Anonymous
- CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen
- CVE-2020-6431: Insufficient policy enforcement in full screen. Reported
by Luan Herrera
- CVE-2020-6432: Insufficient policy enforcement in navigations. Reported
by David Erceg
- CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by
David Erceg
- CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han
- CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by
Sergei Glazunov
- CVE-2020-6436: Use after free in window management. Reported by Igor
Bukanov
- CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann
Horn
- CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by
Ng Yik Phang
- CVE-2020-6439: Insufficient policy enforcement in navigations. Reported
by remkoboonstra
- CVE-2020-6440: Inappropriate implementation in extensions. Reported by
David Erceg
- CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by
David Erceg
- CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey
- CVE-2020-6443: Insufficient data validation in developer tools. Reported
by @lovasoa
- CVE-2020-6444: Uninitialized use in WebRTC. Reported by mlfbrown
- CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported
by Jun Kokatsu
- CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported
by Jun Kokatsu
- CVE-2020-6447: Inappropriate implementation in developer tools. Reported
by David Erceg
- CVE-2020-6448: Use after free in V8. Reported by Guang Gong
- CVE-2020-6454: Use after free in extensions. Reported by leecraso and
Guang Gong
- CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang and
Guang Gong
- CVE-2020-6456: Insufficient validation of untrusted input in clipboard.
Reported by Michał Bentkowski
-- Michael Gilbert <email address hidden> Tue, 07 Apr 2020 23:05:20 +0000
| 76 → 150 of 195 results | First • Previous • Next • Last |
