Changelog
chromium (102.0.5005.61-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous
- CVE-2022-1854: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa)
- CVE-2022-1855: Use after free in Messaging. Reported by Anonymous
- CVE-2022-1856: Use after free in User Education. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1857: Insufficient policy enforcement in File System API.
Reported by Daniel Rhea
- CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad
- CVE-2022-1859: Use after free in Performance Manager. Reported by
Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab
- CVE-2022-1860: Use after free in UI Foundations.
Reported by @ginggilBesel
- CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani
- CVE-2022-1862: Inappropriate implementation in Extensions.
Reported by Alesandro Ortiz
- CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg
- CVE-2022-1864: Use after free in WebApp Installs.
Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab
- CVE-2022-1865: Use after free in Bookmarks.
Reported by Rong Jian of VRI
- CVE-2022-1866: Use after free in Tablet Mode.
Reported by @ginggilBesel
- CVE-2022-1867: Insufficient validation of untrusted input in
Data Transfer. Reported by MichaĆ Bentkowski of Securitum
- CVE-2022-1868: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-1869: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab
- CVE-2022-1870: Use after free in App Service. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1871: Insufficient policy enforcement in File System API.
Reported by Thomas Orlita
- CVE-2022-1872: Insufficient policy enforcement in Extensions API.
Reported by ChaobinZhang
- CVE-2022-1873: Insufficient policy enforcement in COOP.
Reported by NDevTK
- CVE-2022-1874: Insufficient policy enforcement in Safe Browsing.
Reported by hjy79425575
- CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK
- CVE-2022-1876: Heap buffer overflow in DevTools.
Reported by @ginggilBesel
* debian/patches:
- system/jpeg.patch - straight refresh.
- disable/swiftshader.patch - straight refresh.
- disable/swiftshader-2.patch - refresh for upstream dropping of legacy
swiftshader GL stuff; they now use ANGLE.
- disable/angle-perftests.patch - refresh.
- system/jsoncpp.patch - refresh for jsoncpp_no_deprecated_declarations
argument change.
- bullseye/clang11.patch - merge cast-call.patch into it, as well as
dropping additional unsupported clang arguments.
- bullseye/cast-call.patch - drop.
- upstream/dawn-version-fix.patch - add patch to deal w/ FTBFS.
- upstream/blink-ftbfs.patch - another FTBFS patch.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch -
fix a build failure that only happens with clang + GNU's libstdc++.
- upstream/byteswap-constexpr.patch - add this to fix bullsye builds on
32-bit platforms (closes: #1011096).
* Don't build unneccessary dawn build tests.
-- Andres Salomon <email address hidden> Wed, 25 May 2022 02:09:10 -0400
