-
chromium (120.0.6099.224-1~deb11u1) bullseye-security; urgency=high
* New upstream security release.
- CVE-2024-0517: Out of bounds write in V8.
Reported by Toan (suto) Pham of Qrious Secure.
- CVE-2024-0518: Type Confusion in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous.
* d/rules: fix search path for clang libs.
-- Andres Salomon <email address hidden> Tue, 16 Jan 2024 15:35:05 -0500
-
chromium (116.0.5845.180-1~deb11u1) bullseye-security; urgency=high
[ Andres Salomon]
* New upstream security release.
- CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy.
- CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI.
- CVE-2023-4763: Use after free in Networks. Reported by anonymous.
- CVE-2023-4764: Incorrect security UI in BFCache.
Reported by Irvan Kurniawan (sourc7).
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Add-PPC64-support-for-boringssl.patch: Fix incorrect function call
parameter types in gmult_func() and ghash_func() implementations
-- Andres Salomon <email address hidden> Tue, 05 Sep 2023 19:10:10 -0400
-
chromium (112.0.5615.138-1~deb11u1) bullseye-security; urgency=high
* New upstream security release.
- CVE-2023-2133: Out of bounds memory access in Service Worker API.
Reported by Rong Jian of VRI.
- CVE-2023-2134: Out of bounds memory access in Service Worker API.
Reported by Rong Jian of VRI.
- CVE-2023-2135: Use after free in DevTools.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2023-2136: Integer overflow in Skia.
Reported by Clément Lecigne of Google's Threat Analysis Group.
- CVE-2023-2137: Heap buffer overflow in sqlite.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute
* d/patches:
- upstream/protobuf.patch: drop, merged upstream.
-- Timothy Pearson <email address hidden> Tue, 18 Apr 2023 22:00:00 -0500
-
chromium (108.0.5359.94-1~deb11u1) bullseye-security; urgency=high
* New upstream security release.
- CVE-2022-4262: Type Confusion in V8.
Reported by Clement Lecigne of Google's Threat Analysis Group.
-- Andres Salomon <email address hidden> Sat, 03 Dec 2022 13:29:49 -0500
-
chromium (104.0.5112.79-1~deb11u1) bullseye-security; urgency=high
* Build with Clang 13 instead of the bullseye default of Clang 11.
* New upstream stable release.
- CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous
- CVE-2022-2604: Use after free in Safe Browsing. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang
- CVE-2022-2606: Use after free in Managed devices API. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel
- CVE-2022-2608: Use after free in Overview Mode.
Reported by Khalil Zhani
- CVE-2022-2609: Use after free in Nearby Share. Reported by koocola
(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
Reported by Maurice Dauer
- CVE-2022-2611: Inappropriate implementation in Fullscreen API.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-2612: Side-channel information leakage in Keyboard input.
Reported by Erik Kraft (<email address hidden>),
Martin Schwarzl (<email address hidden>)
- CVE-2022-2613: Use after free in Input.
Reported by Piotr Tworek (Vewd)
- CVE-2022-2614: Use after free in Sign-In Flow.
Reported by raven at KunLun lab
- CVE-2022-2615: Insufficient policy enforcement in Cookies.
Reported by Maurice Dauer
- CVE-2022-2616: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-2617: Use after free in Extensions API.
Reported by @ginggilBesel
- CVE-2022-2618: Insufficient validation of untrusted input in
Internals. Reported by asnine
- CVE-2022-2619: Insufficient validation of untrusted input in Settings.
Reported by Oliver Dunk
- CVE-2022-2620: Use after free in WebUI. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2621: Use after free in Extensions.
Reported by Huyna at Viettel Cyber Security
- CVE-2022-2622: Insufficient validation of untrusted input in
Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean
- CVE-2022-2623: Use after free in Offline. Reported by
raven at KunLun lab
- CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG
CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program
* debian/patches:
- bullseye/nomerge.patch: drop, was only needed for clang-11.
- bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch.
- bullseye/blink-constexpr.patch: drop, only needed for clang-11.
- bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11.
- disable/angle-perftests.patch: refresh
- disable/catapult.patch: refresh & drop some no longer needed bits.
- fixes/tflite.patch: fix a build error.
* debian/copyright:
- upstream dropped perfetto/ui/src/gen/.
-- Andres Salomon <email address hidden> Thu, 04 Aug 2022 21:39:17 -0400
-
chromium (103.0.5060.53-1~deb11u1) bullseye-security; urgency=high
* New upstream stable release.
- CVE-2022-2156: Use after free in Base.
Reported by Mark Brand of Google Project Zero
- CVE-2022-2157: Use after free in Interest groups. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2158: Type Confusion in V8. Reported by
Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab
- CVE-2022-2160: Insufficient policy enforcement in DevTools.
Reported by David Erceg
- CVE-2022-2161: Use after free in WebApp Provider.
Reported by Zhihua Yao of KunLun Lab
- CVE-2022-2162: Insufficient policy enforcement in File System API.
Reported by Abdelhamid Naceri (halov)
- CVE-2022-2163: Use after free in Cast UI and Toolbar.
Reported by Chaoyuan Peng (@ret2happy)
- CVE-2022-2164: Inappropriate implementation in Extensions API.
Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M
- CVE-2022-2165: Insufficient data validation in URL formatting.
Reported by Rayyan Bijoora
* debian/patches:
- upstream/dawn-version-fix.patch: drop merged upstream.
- upstream/blink-ftbfs.patch: drop, merged upstream.
- upstream/libxml.patch: drop, merged upstream.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch:
drop, merged upstream.
- upstream/byteswap-constexpr.patch: drop, merged upstream.
- bullseye/byteswap-constexpr2.patch: sys_byteswap.h moved directories.
- disable/angle-perftests.patch: simple refresh.
- disable/catapult.patch: simple refresh.
- bullseye/clang11.patch: minor update for some code dropped upstream.
- system/openjpeg.patch: update for libopenjp2-7-dev's 2.4 -> 2.5 path
change.
-- Andres Salomon <email address hidden> Tue, 21 Jun 2022 21:40:12 -0400
-
chromium (99.0.4844.74-1~deb11u1) bullseye-security; urgency=high
* New upstream security release.
- CVE-2022-0971: Use after free in Blink Layout.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0972: Use after free in Extensions.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2022-0973: Use after free in Safe Browsing.
Reported by avaue and Buff3tts at S.S.L.
- CVE-2022-0974 : Use after free in Splitscreen.
Reported by @ginggilBesel.
- CVE-2022-0975: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa).
- CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair.
- CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani.
- CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of
Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
- CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous.
- CVE-2022-0980: Use after free in New Tab Page. Reported by Krace.
-- Andres Salomon <email address hidden> Wed, 16 Mar 2022 13:51:21 -0500
-
chromium (90.0.4430.212-1) unstable; urgency=medium
* New upstream security release.
- CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by
@retsew0x01
- CVE-2021-30507: Inappropriate implementation in Offline. Reported by
Alison Huffman
- CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso
and Guang Gong
- CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg
- CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang
- CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg
- CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song
- CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo
- CVE-2021-30514: Use after free in Autofill. Reported by koocola and Wang
- CVE-2021-30515: Use after free in File API. Reported by Rong Jian and
Guang Gong
- CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song
- CVE-2021-30517: Type Confusion in V8. Reported by laural
- CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun
Kokatsu
- CVE-2021-30519: Use after free in Payments. Reported by asnine
- CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani
-- Michael Gilbert <email address hidden> Thu, 13 May 2021 02:50:43 +0000