Debian
chromium package

chromium 116.0.5845.96-2 source package in Debian

Changelog

chromium (116.0.5845.96-2) unstable; urgency=high

  * d/patches/upstream/limits.patch: Add a build fix for arm64.
  * The follow CVEs were fixed in the prior release and I forgot them.
    - CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L..
    - CVE-2023-4349: Use after free in Device Trust Connectors.
      Reported by Weipeng Jiang (@Krace) of VRI.
    - CVE-2023-4350: Inappropriate implementation in Fullscreen.
      Reported by Khiem Tran (@duckhiem).
    - CVE-2023-4351: Use after free in Network.
      Reported by Guang and Weipeng Jiang of VRI.
    - CVE-2023-4352: Type Confusion in V8.
      Reported by Sergei Glazunov of Google Project Zero.
    - CVE-2023-4353: Heap buffer overflow in ANGLE.
      Reported by Christoph Diehl / Microsoft Vulnerability Research.
    - CVE-2023-4354: Heap buffer overflow in Skia.
      Reported by Mark Brand of Google Project Zero.
    - CVE-2023-4355: Out of bounds memory access in V8.
      Reported by Sergei Glazunov of Google Project Zero.
    - CVE-2023-4356: Use after free in Audio.
      Reported by Zhenghang Xiao (@Kipreyyy).
    - CVE-2023-4357: Insufficient validation of untrusted input in XML.
      Reported by Igor Sak-Sakovskii.
    - CVE-2023-4358: Use after free in DNS.
      Reported by Weipeng Jiang (@Krace) of VRI.
    - CVE-2023-4359: Inappropriate implementation in App Launcher.
      Reported by @retsew0x01.
    - CVE-2023-4360: Inappropriate implementation in Color.
      Reported by Axel Chong.
    - CVE-2023-4361: Inappropriate implementation in Autofill.
      Reported by Thomas Orlita.
    - CVE-2023-4362: Heap buffer overflow in Mojom IDL.
      Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab.
    - CVE-2023-4363: Inappropriate implementation in WebShare.
      Reported by Alesandro Ortiz.
    - CVE-2023-4364: Inappropriate implementation in Permission Prompts.
      Reported by Jasper Rebane.
    - CVE-2023-4365: Inappropriate implementation in Fullscreen.
      Reported by Hafiizh.
    - CVE-2023-4366: Use after free in Extensions. Reported by asnine.
    - CVE-2023-4367: Insufficient policy enforcement in Extensions API.
      Reported by Axel Chong.
    - CVE-2023-4368: Insufficient policy enforcement in Extensions API.
      Reported by Axel Chong.

 -- Andres Salomon <email address hidden>  Wed, 16 Aug 2023 04:48:02 -0400

Upload details

Uploaded by:
Debian Chromium Team
Uploaded to:
Sid
Original maintainer:
Debian Chromium Team
Architectures:
i386 amd64 arm64 armhf ppc64el all
Section:
misc
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
chromium_116.0.5845.96-2.dsc 3.6 KiB f27228ef5a1194037721a8f489c510c023d6ac7baee16c2c2b91447a3cdd29a9
chromium_116.0.5845.96.orig.tar.xz 618.5 MiB 4471aa5f94c97edab20ada188ca5e834d43a3769c5252f1cc3097ccf8a8b589a
chromium_116.0.5845.96-2.debian.tar.xz 373.7 KiB c044f8bb89b7a231c2efe0d7a066e4282c835fbd2b5bdf56e3fab4c892f2bba8

No changes file available.

Binary packages built by this source