Changelog
chromium (103.0.5060.53-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-2156: Use after free in Base.
Reported by Mark Brand of Google Project Zero
- CVE-2022-2157: Use after free in Interest groups. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2158: Type Confusion in V8. Reported by
Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab
- CVE-2022-2160: Insufficient policy enforcement in DevTools.
Reported by David Erceg
- CVE-2022-2161: Use after free in WebApp Provider.
Reported by Zhihua Yao of KunLun Lab
- CVE-2022-2162: Insufficient policy enforcement in File System API.
Reported by Abdelhamid Naceri (halov)
- CVE-2022-2163: Use after free in Cast UI and Toolbar.
Reported by Chaoyuan Peng (@ret2happy)
- CVE-2022-2164: Inappropriate implementation in Extensions API.
Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M
- CVE-2022-2165: Insufficient data validation in URL formatting.
Reported by Rayyan Bijoora
* debian/patches:
- upstream/dawn-version-fix.patch: drop merged upstream.
- upstream/blink-ftbfs.patch: drop, merged upstream.
- upstream/libxml.patch: drop, merged upstream.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch:
drop, merged upstream.
- upstream/byteswap-constexpr.patch: drop, merged upstream.
- bullseye/byteswap-constexpr2.patch: sys_byteswap.h moved directories.
- disable/angle-perftests.patch: simple refresh.
- disable/catapult.patch: simple refresh.
- bullseye/clang11.patch: minor update for some code dropped upstream.
- system/openjpeg.patch: update for libopenjp2-7-dev's 2.4 -> 2.5 path
change.
-- Andres Salomon <email address hidden> Tue, 21 Jun 2022 02:59:01 +0000