-
chromium-browser (57.0.2987.98-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release.
- CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
- CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
- CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari
- CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
- CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu
- CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
- CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to
Yongke Wang
- CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
- CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
- CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
- CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to
Nicolai Grødum
- CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike
Ruddy
- CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
- CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
- CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah
- CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval
Kapil
- CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa
* Configure with fieldtrial_testing_like_official_build=true to avoid
building with experimental features enabled (closes: #855434).
-- Michael Gilbert <email address hidden> Sun, 26 Feb 2017 03:18:38 +0000
-
chromium-browser (55.0.2883.75-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release:
- CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go
- CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
- CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman
- CVE-2016-5187: URL spoofing. Credit to Luan Herrera
- CVE-2016-5188: UI spoofing. Credit to Luan Herrera
<email address hidden>
- CVE-2016-5189: URL spoofing. Credit to xisigr
Alqabandi
- CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen
- CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
- CVE-2016-5192: Cross-origin bypass in Blink. Credit to
- CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU
- CVE-2016-5194: Various fixes from internal audits, fuzzing and other
initiatives
- CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen
Security Lab
- CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
- CVE-2016-5201: Info leak in extensions. Credit to Rob Wu
- CVE-2016-5202: Various fixes from internal audits, fuzzing and other
initiatives
- CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu
- CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go
- CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu
- CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
- CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
- CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch
and MSVR
- CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
- CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu
- CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman
Alqabandi
- CVE-2016-5219: Use after free in V8. Credit to Rob Wu
- CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu
- CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker
- CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr
- CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
- CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
- CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme
- CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu
- CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek
- CVE-2016-9651: Private property access in V8. Credit to Guang Gong
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other
initiatives
- Certificate validity is now independent of the browser build date
(closes: #844631).
- No longer supports gyp build system, so update to use gn instead.
-- Michael Gilbert <email address hidden> Sun, 11 Dec 2016 04:48:45 +0000
-
chromium-browser (53.0.2785.89-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release:
- CVE-2016-5147: Universal XSS in Blink. Credit to anonymous
- CVE-2016-5148: Universal XSS in Blink. Credit to anonymous
- CVE-2016-5149: Script injection in extensions. Credit to Max Justicz
- CVE-2016-5150: Use after free in Blink. Credit to anonymous
- CVE-2016-5151: Use after free in PDFium. Credit to anonymous
- CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of Stealien
- CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen
- CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous
- CVE-2016-5155: Address bar spoofing. Credit to anonymous
- CVE-2016-5156: Use after free in event bindings. Credit to jinmo123
- CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous
- CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go
- CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go
- CVE-2016-5160: Extensions web accessible resources bypass. Credit to
@l33terally
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass. Credit to
Nicolas Golubovic
- CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch
- CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous
- CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal
- CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory
Panakkal
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Sun, 04 Sep 2016 23:50:11 +0000
-
chromium-browser (50.0.2661.94-1~deb8u1) jessie-security; urgency=medium
* New upstream security release:
- CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen.
- CVE-2016-1661: Memory corruption in cross-process frames. Credit to
Wadih Matar.
- CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu.
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings. Credit to
anonymous.
- CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar.
- CVE-2016-1665: Information leak in V8. Credit to gksgudtjr456.
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Sun, 01 May 2016 23:38:31 +0000
-
chromium-browser (49.0.2623.108-1~deb8u1) jessie-security; urgency=medium
* New upstream security release:
- CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu.
- CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
- CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
- CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt.
- CVE-2016-1650: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Fri, 25 Mar 2016 22:37:28 +0000
-
chromium-browser (47.0.2526.80-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release:
- Multiple vulnerabilities fixed in libv8 4.7.80.23.
- CVE-2015-6788: Type confusion in extensions. Credit to anonymous.
- CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer.
- CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De
Ceukelaire.
- CVE-2015-6791: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Sun, 13 Dec 2015 04:30:55 +0000
-
chromium-browser (44.0.2403.89-1~deb8u1) jessie-security; urgency=high
* New upstream security release:
- CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
- CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
- CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to
Mike Ruddy.
- CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen.
- CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination. Credit to Chamal de Silva.
- CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
- CVE-2015-1274: Settings allowed executable files to run immediately after
download. Credit to andrewm.bpi.
- CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte).
- CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
- CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
- CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
- CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
- CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
- CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
- CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
- CVE-2015-1283: Heap-buffer-overflow in expat. Credit to Huzaifa
Sidhpurwala.
- CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen.
- CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
- CVE-2015-1286: UXSS in blink. Credit to anonymous.
- CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to
Mike Ruddy.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
- Hotword extension disabled by default (closes: #786909).
-- Michael Gilbert <email address hidden> Wed, 22 Jul 2015 02:58:38 +0000
-
chromium-browser (43.0.2357.65-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release:
- CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
- CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
- CVE-2015-1254: Cross-origin bypass in Editing. Credit to
<email address hidden>.
- CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
- CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen.
- CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined.
- CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
- CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
- CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen.
- CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
- CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
- CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
- CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to
Mike Ruddy.
- CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.
-- Michael Gilbert <email address hidden> Thu, 21 May 2015 04:38:13 +0000
-
chromium-browser (41.0.2272.118-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that can lead
to remote code execution outside of the sandbox.
- CVE-2015-1234: Buffer overflow via race condition in GPU. Credit to
lokihardt working with Pwn2Own and HP’s Zero Day Initiative.
-- Michael Gilbert <email address hidden> Thu, 02 Apr 2015 00:33:12 +0000
-
chromium-browser (41.0.2272.76-2) unstable; urgency=medium
* Install v8 natives and snapshot blob files (closes: #779717).
- Thanks to Jason Rhinelander.
-- Michael Gilbert <email address hidden> Fri, 06 Mar 2015 00:59:50 +0000
-
chromium-browser (40.0.2214.111-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian Motyl.
- CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous.
- CVE-2015-1211: Privilege escalation using service workers. Credit to
anonymous.
- CVE-2015-1212: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Fri, 13 Feb 2015 02:32:16 +0000
-
chromium-browser (40.0.2214.91-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
- CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
- CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.
- CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
- CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
- CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
- CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
- CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen.
- CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.
- CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
- CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
- CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen.
- CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen.
- CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
- CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
- CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen and
Christoph Diehl.
- CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
- CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen.
- CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
- CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
- CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
- CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
- CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.
- CVE-2015-1205: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Thu, 22 Jan 2015 04:42:18 +0000
-
chromium-browser (39.0.2171.71-2) unstable; urgency=medium
* Add missing test to chromium.preinst (closes: #771684).
-- Michael Gilbert <email address hidden> Tue, 02 Dec 2014 01:30:33 +0000
-
chromium-browser (38.0.2125.101-3) unstable; urgency=medium
* Ignore dpkg files in /etc/chromium.d (closes: #765959).
* Remove trailing maintscript arguments (closes: #765528).
* Use libjpeg-dev instead of libjpeg8-dev (closes: #765821).
-- Michael Gilbert <email address hidden> Fri, 17 Oct 2014 21:27:05 +0000
-
chromium-browser (38.0.2125.101-2) unstable; urgency=medium
* Disable HiDPI (closes: #764883).
* Fix conffile handling (closes: #764769).
* Correct icon installation logic (closes: #764828).
* Use embedded protobuf code copy (closes: #764911).
* Support larger set of html5 video formats again (closes: #764793).
-- Michael Gilbert <email address hidden> Sun, 12 Oct 2014 21:34:26 +0000
-
chromium-browser (38.0.2125.101-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8
and IPC bugs that can lead to remote code execution outside of the
sandbox.
- CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
- High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer,
Chen Zhang.
- CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
- CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
- CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
- CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
- CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James
Forshaw.
- CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi
Terada.
- CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen.
- CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.
- CVE-2014-3200: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 38).
- Improved support for HiDPI displays (closes: #763421).
* Add libgnome-keyring-dev build dependency (closes: #764548).
* Install desktop file and icons again (closes: #764373).
* Correctly handle old conffiles (closes: #764180).
-- Michael Gilbert <email address hidden> Fri, 10 Oct 2014 00:49:02 +0000
-
chromium-browser (37.0.2062.120-2) unstable; urgency=medium
* Build with clang instead of gcc.
* Add libexif-dev build dependency.
-- Michael Gilbert <email address hidden> Sun, 21 Sep 2014 22:57:11 +0000
-
chromium-browser (35.0.1916.153-2) unstable; urgency=medium
* Avoid gcc 4.9 (closes: #751294)
-- Michael Gilbert <email address hidden> Thu, 12 Jun 2014 01:11:09 +0000
-
chromium-browser (35.0.1916.153-1) unstable; urgency=high
* New upstream stable release:
- CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
- CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel
Sommermann and Alan Frindell of Facebook.
- CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen.
- CVE-2014-3157: Heap overflow in media.
* Don't set sse2 compiler flags on i386 (closes: #750361).
* Prefer libgcrypt11 (closes: #750304).
-- Michael Gilbert <email address hidden> Wed, 11 Jun 2014 02:31:22 +0000
-
chromium-browser (35.0.1916.114-2) unstable; urgency=medium
* Add flags to avoid memory exhaustion while linking on i386
(closes: #746034).
-- Michael Gilbert <email address hidden> Tue, 27 May 2014 03:09:00 +0000
-
chromium-browser (34.0.1847.116-1~deb7u1) stable-security; urgency=high
* New upstream stable release:
- High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
- High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
- High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron
Staple.
- High CVE-2014-1719: Use-after-free in web workers. Credit to Collin
Payne.
- High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
- High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
- High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
- High CVE-2014-1723: Url confusion with RTL characters. Credit to George
McBay.
- High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen.
- Medium CVE-2014-1725: OOB read with window property. Credit to
Anonymous.
- Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
- Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.
- CVE-2014-1728: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
3.24.35.22.
-- Michael Gilbert <email address hidden> Tue, 15 Apr 2014 01:02:54 +0000
-
chromium-browser (33.0.1750.152-1) unstable; urgency=high
* [641361a] Disable new GN stuff
* [43cea90] Refreshed patches
* New stable release:
- High CVE-2014-1713: Use-after-free in Blink bindings
- High CVE-2014-1714: Windows clipboard vulnerability
- High CVE-2014-1705: Memory corruption in V8
- High CVE-2014-1715: Directory traversal issue
- High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
- High CVE-2014-1701: UXSS in events. Credit to aidanhs.
- High CVE-2014-1702: Use-after-free in web database.
Credit to Collin Payne.
- High CVE-2014-1703: Potential sandbox escape due to a use-after-free
in web sockets.
- CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18
- High CVE-2013-6663: Use-after-free in svg images. Credit to Atte
Kettunen of OUSPG.
- High CVE-2013-6664: Use-after-free in speech recognition.
Credit to Khalil Zhani.
- High CVE-2013-6665: Heap buffer overflow in software
rendering. Credit to cloudfuzzer.
- Medium CVE-2013-6666: Chrome allows requests in flash header request.
Credit to netfuzzerr.
- CVE-2013-6667: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10
- High CVE-2013-6653: Use-after-free related to web contents.
Credit to Khalil Zhani.
- High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
- High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
- High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
- Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil
- Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
- Medium CVE-2013-6659: Issue with certificates validation in
TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan
from Prosecco, Inria Paris.
- Low CVE-2013-6660: Information leak in drag and drop. Credit to
bishopjeffreys.
- Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing
and other initiatives. Of these, seven are fixes for issues that could
have allowed for sandbox escapes from compromised renderers.
-- Giuseppe Iuculano <email address hidden> Fri, 21 Mar 2014 17:20:44 +0100
-
chromium-browser (32.0.1700.123-4) unstable; urgency=medium
* Remove polymer.js.min.
-- Michael Gilbert <email address hidden> Sun, 09 Mar 2014 22:30:14 +0000
-
chromium-browser (32.0.1700.123-1) unstable; urgency=medium
* [a7cf72b] Refreshed Patches
* [0da7fc2] Added libdrm-dev and libcap-dev in build-deps
* New stable release:
- High CVE-2013-6649: Use-after-free in SVG images. Credit to
Atte Kettunen of OUSPG.
- High CVE-2013-6650: Memory corruption in V8. This issue was
fixed in v8 version 3.22.24.16. Credit to Christian Holler.
- High CVE-2013-6646: Use-after-free in web workers. Credit to
Collin Payne.
- High CVE-2013-6641: Use-after-free related to forms. Credit to
Atte Kettunen of OUSPG.
- High CVE-2013-6643: Unprompted sync with an attacker’s Google
account. Credit to Joao Lucas Melo Brasio.
- CVE-2013-6645 Use-after-free related to speech input elements.
Credit to Khalil Zhani.
- CVE-2013-6644: Various fixes from internal audits, fuzzing and other
initiatives.
-- Giuseppe Iuculano <email address hidden> Thu, 13 Feb 2014 19:36:17 +0100
-
chromium-browser (31.0.1650.63-1) unstable; urgency=medium
* New upstream stable release:
- Medium CVE-2013-6634: Session fixation in sync related to 302 redirects.
Credit to Andrey Labunets.
- High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer.
- Medium CVE-2013-6636: Address bar spoofing related to modal dialogs.
Credit to Bas Venis.
- CVE-2013-6637: Various fixes from internal audits, fuzzing and other
initiatives.
- Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8
version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
- High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
- Medium CVE-2013-6640: Out of bounds read in v8. This issue was fixed in
v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
-- Michael Gilbert <email address hidden> Thu, 05 Dec 2013 14:05:22 +0000
-
chromium-browser (31.0.1650.57-1) unstable; urgency=medium
* New upstream stable release:
- Medium-Critical CVE-2013-2931: Various fixes from internal audits,
fuzzing and other initiatives.
- Medium CVE-2013-6621: Use after free related to speech input elements.
Credit to Khalil Zhani.
- High CVE-2013-6622: Use after free related to media elements. Credit to
cloudfuzzer.
- High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
- High CVE-2013-6624: Use after free related to “id” attribute strings.
Credit to Jon Butler.
- High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer.
- Low CVE-2013-6626: Address bar spoofing related to interstitial warnings.
Credit to Chamal de Silva.
- High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to
skylined.
- Medium CVE-2013-6628: Issue with certificates not being checked during
TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan
Bhargavan from Prosecco of INRIA Paris.
- Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and
libjpeg-turbo. Credit to Michal Zalewski of Google.
- Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
Credit to Michal Zalewski of Google.
- High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund
of the Chromium project.
- Critical CVE-2013-6632: Multiple memory corruption issues. Credit to
Pinkie Pie.
* Disable promos by default (closes: #634101).
* Set WANT_TESTS=0 if WANT_TESTS=1 fails (closes: #589654).
* Maintain window ordering when new tabs are opened (closes: #725350).
* Install chromium-inspector files to /usr/share instead of /usr/lib.
* Don't remove third party libraries from the upstream tarball.
* Remove non-default compression selections from debian/rules.
* Build with breakpad crash reporting.
* Fix some lintian warnings.
-- Michael Gilbert <email address hidden> Wed, 13 Nov 2013 07:44:55 +0000
-
chromium-browser (30.0.1599.101-3) unstable; urgency=medium
* Fix sandbox installation path (closes: #728823).
-- Michael Gilbert <email address hidden> Thu, 07 Nov 2013 04:24:55 +0000
-
chromium-browser (30.0.1599.101-1) unstable; urgency=low
[ Giuseppe Iuculano ]
* New stable release:
- High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of
OUSPG.
- High CVE-2013-2926: Use after free in editing. Credit to
cloudfuzzer.
- High CVE-2013-2927: Use after free in forms. Credit to
cloudfuzzer.
- CVE-2013-2928: Various fixes from internal audits, fuzzing and other
initiatives.
- Medium CVE-2013-2906: Races in Web Audio.
Credit to Atte Kettunen of OUSPG.
- Medium CVE-2013-2907: Out of bounds read in Window.prototype object.
Credit to Boris Zbarsky.
- Medium CVE-2013-2908: Address bar spoofing related to the "204
No Content" status code. Credit to Chamal de Silva.
- High CVE-2013-2909: Use after free in inline-block
rendering. Credit to Atte Kettunen of OUSPG.
- Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to
Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
- High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte
Kettunen of OUSPG.
- High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal
de Silva and 41.w4r10r(at)garage4hackers.com.
- High CVE-2013-2913: Use-after-free in XML document parsing.
Credit to cloudfuzzer.
- High CVE-2013-2914: Use after free in the Windows color
chooser dialog. Credit to Khalil Zhani.
- Low CVE-2013-2915: Address bar spoofing via a malformed scheme.
Credit to Wander Groeneveld.
- High CVE-2013-2916: Address bar spoofing related to the "204
No Content” status code. Credit to Masato Kinugawa.
- Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit
to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
Security Center (GTISC).
- High CVE-2013-2918: Use-after-free in DOM. Credit to
Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
- High CVE-2013-2919: Memory corruption in V8. Credit to Adam
Haile of Concrete Data.
- Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to
Atte Kettunen of OUSPG.
- High CVE-2013-2921: Use-after-free in resource loader. Credit
to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
Security Center (GTISC).
- High CVE-2013-2922: Use-after-free in template element. Credit
to Jon Butler.
- CVE-2013-2923: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 30).
- Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.
* [6651f1c] Added chrpath to build-depends
* [3c88b20] Refreshed Patches for version 30
* [743a0a6] Make default of third-party cookies the most secure for users.
Thanks to Chad Miller
* [9507f07] Do not install remoting_locales/en-US.pak
* [64b895b] Move chrome_sandbox to chrome-sandbox, chromium reads that file
[ Shawn Landden ]
* [6d027f1] rules: dpkg compresses .deb files with xz by default now
[ Michael Gilbert ]
* [18341ce] add some TODO tasks
-- Giuseppe Iuculano <email address hidden> Mon, 21 Oct 2013 13:06:14 +0200
-
chromium-browser (29.0.1547.57-3) unstable; urgency=medium
* Drop transitional packages (closes: #684369).
* Fix another copyright file syntax error.
* Remove libav build dependencies.
* Fix lintian override syntax.
* Fix version control URL.
* Use system vpx.
-- Michael Gilbert <email address hidden> Tue, 27 Aug 2013 01:01:35 +0000
-
chromium-browser (29.0.1547.57-2) unstable; urgency=medium
* Mark chromium-inspector as multi-arch: foreign (closes: #695229).
* Use system libpng (closes: #699918).
* Fix copyright file syntax error.
* Drop implicit g++ dependency.
* Add some lintian overrides.
* Update my email address.
* Remove unsafe symlink.
-- Michael Gilbert <email address hidden> Sun, 25 Aug 2013 02:15:35 +0000
-
chromium-browser (28.0.1500.95-3) unstable; urgency=medium
* Fix placement of -fuse-ld=gold in ldflags.
-- Michael Gilbert <email address hidden> Thu, 01 Aug 2013 16:38:05 +0000
-
chromium-browser (28.0.1500.71-2) unstable; urgency=medium
* Disable armhf.
* Remove outdated patches.
* Eliminate special handling for old compiler versions.
-- Michael Gilbert <email address hidden> Mon, 15 Jul 2013 18:40:47 +0000
-
chromium-browser (27.0.1453.110-1) unstable; urgency=low
* New stable release:
- Medium CVE-2013-2855: Memory corruption in dev tools API.
Credit to "daniel.zulla".
- High CVE-2013-2856: Use-after-free in input handling. Credit
to miaubiz.
- High CVE-2013-2857: Use-after-free in image handling. Credit
to miaubiz.
- High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to
"cdel921".
- High CVE-2013-2859: Cross-origin namespace pollution. Credit
to "bobbyholley".
- High CVE-2013-2860: Use-after-free with workers accessing
database APIs. Credit to Collin Payne.
- High CVE-2013-2861: Use-after-free with SVG. Credit to
miaubiz.
- High CVE-2013-2862: Memory corruption in Skia GPU handling.
Credit to Atte Kettunen of OUSPG.
- Critical CVE-2013-2863: Memory corruption in SSL socket handling.
Credit to Sebastien Marchand of the Chromium development community.
- High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz
Jurczyk, with contributions by Gynvael Coldwind, both from Google Security
Team.
- High CVE-2013-2865: Various fixes from internal audits, fuzzing and
other initiatives.
-- Giuseppe Iuculano <email address hidden> Wed, 05 Jun 2013 17:00:28 +0200
-
chromium-browser (26.0.1410.43-1) unstable; urgency=medium
* New stable release:
- High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen
of OUSPG.
- Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google
Chrome Security Team (Cris Neckar).
- Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit
to Vsevolod Vlasov of the Chromium development community.
- Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions.
Credit to Google Chrome Security Team (Mustafa Emre Acer).
- Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit
to Google Chrome Security Team (Mustafa Emre Acer).
- High CVE-2013-0921: Ensure isolated web sites run in their own processes.
- Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to
“t3553r”.
- Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to
Google Chrome Security Team (Mustafa Emre Acer).
- Low CVE-2013-0924: Check an extension’s permissions API usage again file
permissions. Credit to Benjamin Kalman of the Chromium development
community.
- Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs
permissions. Credit to Michael Vrable of Google.
- Medium CVE-2013-0926: Avoid pasting active tags in certain situations.
Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c.
* Use embedded libvpx for vp9 support, which chromium now requires.
* Add libspeechd-dev build-dependency.
* Disable breakpad crash reporting.
-- Michael Gilbert <email address hidden> Sat, 30 Mar 2013 14:44:33 +0000