Change log for chromium-browser package in Ubuntu

175 of 490 results
Published in eoan-release on 2019-04-18
Published in disco-release on 2019-04-06
Deleted in disco-proposed (Reason: moved to release)
chromium-browser (73.0.3683.103-0ubuntu1) disco; urgency=medium

  * Upstream release: 73.0.3683.103
  * debian/patches/gn-add-missing-arm-impl-files.patch: removed, no longer
    needed

 -- Olivier Tilloy <email address hidden>  Fri, 05 Apr 2019 07:12:20 +0200

Available diffs

  • diff from 73.0.3683.86-0ubuntu1 to 73.0.3683.103-0ubuntu1 (pending)
Published in xenial-updates on 2019-04-09
Published in xenial-security on 2019-04-09
chromium-browser (73.0.3683.86-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 73.0.3683.86

 -- Olivier Tilloy <email address hidden>  Thu, 21 Mar 2019 09:32:01 +0100

Available diffs

  • diff from 73.0.3683.75-0ubuntu0.16.04.1 to 73.0.3683.86-0ubuntu0.16.04.1 (pending)
Published in bionic-updates on 2019-04-09
Published in bionic-security on 2019-04-09
chromium-browser (73.0.3683.86-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 73.0.3683.86

 -- Olivier Tilloy <email address hidden>  Thu, 21 Mar 2019 09:21:24 +0100

Available diffs

  • diff from 73.0.3683.75-0ubuntu0.18.04.1 to 73.0.3683.86-0ubuntu0.18.04.1 (pending)
Published in cosmic-updates on 2019-04-09
Published in cosmic-security on 2019-04-09
chromium-browser (73.0.3683.86-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 73.0.3683.86

 -- Olivier Tilloy <email address hidden>  Thu, 21 Mar 2019 09:17:57 +0100

Available diffs

  • diff from 73.0.3683.75-0ubuntu0.18.10.1 to 73.0.3683.86-0ubuntu0.18.10.1 (pending)
Superseded in disco-release on 2019-04-06
Deleted in disco-proposed on 2019-04-08 (Reason: moved to release)
chromium-browser (73.0.3683.86-0ubuntu1) disco; urgency=medium

  * Upstream release: 73.0.3683.86

 -- Olivier Tilloy <email address hidden>  Thu, 21 Mar 2019 06:22:46 +0100

Available diffs

  • diff from 73.0.3683.75-0ubuntu3 to 73.0.3683.86-0ubuntu1 (pending)
Superseded in disco-release on 2019-03-22
Deleted in disco-proposed on 2019-03-23 (Reason: moved to release)
chromium-browser (73.0.3683.75-0ubuntu3) disco; urgency=medium

  * debian/patches/fix-build-with-libstdc++.patch: added

 -- Olivier Tilloy <email address hidden>  Wed, 13 Mar 2019 21:12:47 +0100

Available diffs

  • diff from 72.0.3626.121-0ubuntu1 to 73.0.3683.75-0ubuntu3 (pending)
  • diff from 73.0.3683.75-0ubuntu2 to 73.0.3683.75-0ubuntu3 (pending)
Superseded in disco-proposed on 2019-03-13
chromium-browser (73.0.3683.75-0ubuntu2) disco; urgency=medium

  * debian/patches/fix-sqrtf-missing-definition.patch: added

 -- Olivier Tilloy <email address hidden>  Wed, 13 Mar 2019 09:47:23 +0100

Available diffs

  • diff from 73.0.3683.75-0ubuntu1 to 73.0.3683.75-0ubuntu2 (pending)
Superseded in xenial-updates on 2019-04-09
Superseded in xenial-security on 2019-04-09
chromium-browser (73.0.3683.75-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 73.0.3683.75
    - CVE-2019-5787: Use after free in Canvas.
    - CVE-2019-5788: Use after free in FileAPI.
    - CVE-2019-5789: Use after free in WebMIDI.
    - CVE-2019-5790: Heap buffer overflow in V8.
    - CVE-2019-5791: Type confusion in V8.
    - CVE-2019-5792: Integer overflow in PDFium.
    - CVE-2019-5793: Excessive permissions for private API in Extensions.
    - CVE-2019-5794: Security UI spoofing.
    - CVE-2019-5795: Integer overflow in PDFium.
    - CVE-2019-5796: Race condition in Extensions.
    - CVE-2019-5797: Race condition in DOMStorage.
    - CVE-2019-5798: Out of bounds read in Skia.
    - CVE-2019-5799: CSP bypass with blob URL.
    - CVE-2019-5800: CSP bypass with blob URL.
    - CVE-2019-5801: Incorrect Omnibox display on iOS.
    - CVE-2019-5802: Security UI spoofing.
    - CVE-2019-5803: CSP bypass with Javascript URLs'.
    - CVE-2019-5804: Command line command injection on Windows.
  * debian/patches/additional-search-engines.patch: removed, no longer needed
  * debian/patches/closure-compiler-java-no-client-vm.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/constexpr-errors-with-old-clang.patch: added
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/fix-ptrace-header-include.patch: added
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/no-new-ninja-flag.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: updated
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden>  Tue, 12 Mar 2019 22:11:59 +0100

Available diffs

  • diff from 72.0.3626.121-0ubuntu0.16.04.1 to 73.0.3683.75-0ubuntu0.16.04.1 (pending)
Superseded in bionic-updates on 2019-04-09
Superseded in bionic-security on 2019-04-09
chromium-browser (73.0.3683.75-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 73.0.3683.75
    - CVE-2019-5787: Use after free in Canvas.
    - CVE-2019-5788: Use after free in FileAPI.
    - CVE-2019-5789: Use after free in WebMIDI.
    - CVE-2019-5790: Heap buffer overflow in V8.
    - CVE-2019-5791: Type confusion in V8.
    - CVE-2019-5792: Integer overflow in PDFium.
    - CVE-2019-5793: Excessive permissions for private API in Extensions.
    - CVE-2019-5794: Security UI spoofing.
    - CVE-2019-5795: Integer overflow in PDFium.
    - CVE-2019-5796: Race condition in Extensions.
    - CVE-2019-5797: Race condition in DOMStorage.
    - CVE-2019-5798: Out of bounds read in Skia.
    - CVE-2019-5799: CSP bypass with blob URL.
    - CVE-2019-5800: CSP bypass with blob URL.
    - CVE-2019-5801: Incorrect Omnibox display on iOS.
    - CVE-2019-5802: Security UI spoofing.
    - CVE-2019-5803: CSP bypass with Javascript URLs'.
    - CVE-2019-5804: Command line command injection on Windows.
  * debian/control: bump the clang and llvm build dependencies to version 7
    which was recently backported to bionic
  * debian/rules: build gn with clang 7
  * debian/patches/additional-search-engines.patch: removed, no longer needed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: updated
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: added
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden>  Tue, 12 Mar 2019 21:59:12 +0100

Available diffs

  • diff from 72.0.3626.121-0ubuntu0.18.04.1 to 73.0.3683.75-0ubuntu0.18.04.1 (pending)
Superseded in cosmic-updates on 2019-04-09
Superseded in cosmic-security on 2019-04-09
chromium-browser (73.0.3683.75-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 73.0.3683.75
    - CVE-2019-5787: Use after free in Canvas.
    - CVE-2019-5788: Use after free in FileAPI.
    - CVE-2019-5789: Use after free in WebMIDI.
    - CVE-2019-5790: Heap buffer overflow in V8.
    - CVE-2019-5791: Type confusion in V8.
    - CVE-2019-5792: Integer overflow in PDFium.
    - CVE-2019-5793: Excessive permissions for private API in Extensions.
    - CVE-2019-5794: Security UI spoofing.
    - CVE-2019-5795: Integer overflow in PDFium.
    - CVE-2019-5796: Race condition in Extensions.
    - CVE-2019-5797: Race condition in DOMStorage.
    - CVE-2019-5798: Out of bounds read in Skia.
    - CVE-2019-5799: CSP bypass with blob URL.
    - CVE-2019-5800: CSP bypass with blob URL.
    - CVE-2019-5801: Incorrect Omnibox display on iOS.
    - CVE-2019-5802: Security UI spoofing.
    - CVE-2019-5803: CSP bypass with Javascript URLs'.
    - CVE-2019-5804: Command line command injection on Windows.
  * debian/patches/additional-search-engines.patch: removed, no longer needed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: updated
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden>  Tue, 12 Mar 2019 21:46:04 +0100

Available diffs

  • diff from 72.0.3626.121-0ubuntu0.18.10.1 to 73.0.3683.75-0ubuntu0.18.10.1 (pending)
Superseded in disco-proposed on 2019-03-13
chromium-browser (73.0.3683.75-0ubuntu1) disco; urgency=medium

  * Upstream release: 73.0.3683.75
    - CVE-2019-5787: Use after free in Canvas.
    - CVE-2019-5788: Use after free in FileAPI.
    - CVE-2019-5789: Use after free in WebMIDI.
    - CVE-2019-5790: Heap buffer overflow in V8.
    - CVE-2019-5791: Type confusion in V8.
    - CVE-2019-5792: Integer overflow in PDFium.
    - CVE-2019-5793: Excessive permissions for private API in Extensions.
    - CVE-2019-5794: Security UI spoofing.
    - CVE-2019-5795: Integer overflow in PDFium.
    - CVE-2019-5796: Race condition in Extensions.
    - CVE-2019-5797: Race condition in DOMStorage.
    - CVE-2019-5798: Out of bounds read in Skia.
    - CVE-2019-5799: CSP bypass with blob URL.
    - CVE-2019-5800: CSP bypass with blob URL.
    - CVE-2019-5801: Incorrect Omnibox display on iOS.
    - CVE-2019-5802: Security UI spoofing.
    - CVE-2019-5803: CSP bypass with Javascript URLs'.
    - CVE-2019-5804: Command line command injection on Windows.
  * debian/patches/add-missing-cstring-include.patch: removed, no longer needed
  * debian/patches/additional-search-engines.patch: removed, no longer needed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: updated
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

 -- Olivier Tilloy <email address hidden>  Tue, 12 Mar 2019 21:37:28 +0100

Available diffs

  • diff from 72.0.3626.121-0ubuntu1 to 73.0.3683.75-0ubuntu1 (pending)
Superseded in xenial-updates on 2019-03-18
Superseded in xenial-security on 2019-03-18
chromium-browser (72.0.3626.121-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 72.0.3626.121
    - CVE-2019-5786: Use-after-free in FileReader
  * debian/patches/gn-fix-link-pthread.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden>  Tue, 05 Mar 2019 16:34:54 +0100

Available diffs

  • diff from 72.0.3626.119-0ubuntu0.16.04.1 to 72.0.3626.121-0ubuntu0.16.04.1 (pending)
Superseded in bionic-updates on 2019-03-18
Superseded in bionic-security on 2019-03-18
chromium-browser (72.0.3626.121-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 72.0.3626.121
    - CVE-2019-5786: Use-after-free in FileReader
  * debian/patches/gn-fix-link-pthread.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden>  Tue, 05 Mar 2019 16:21:41 +0100

Available diffs

  • diff from 72.0.3626.119-0ubuntu0.18.04.1 to 72.0.3626.121-0ubuntu0.18.04.1 (pending)
Superseded in cosmic-updates on 2019-03-18
Superseded in cosmic-security on 2019-03-18
chromium-browser (72.0.3626.121-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 72.0.3626.121
    - CVE-2019-5786: Use-after-free in FileReader
  * debian/patches/gn-fix-link-pthread.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden>  Tue, 05 Mar 2019 16:04:35 +0100

Available diffs

  • diff from 72.0.3626.119-0ubuntu0.18.10.1 to 72.0.3626.121-0ubuntu0.18.10.1 (pending)
Superseded in disco-release on 2019-03-15
Deleted in disco-proposed on 2019-03-16 (Reason: moved to release)
chromium-browser (72.0.3626.121-0ubuntu1) disco; urgency=medium

  * Upstream release: 72.0.3626.121
    - CVE-2019-5786: Use-after-free in FileReader
  * debian/patches/gn-fix-link-pthread.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden>  Sat, 02 Mar 2019 11:43:06 +0100

Available diffs

  • diff from 72.0.3626.96-0ubuntu1 to 72.0.3626.121-0ubuntu1 (pending)
  • diff from 72.0.3626.119-0ubuntu3 to 72.0.3626.121-0ubuntu1 (pending)
Superseded in xenial-updates on 2019-03-07
Superseded in xenial-security on 2019-03-07
chromium-browser (72.0.3626.119-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 72.0.3626.119
  * debian/patches/gn-fix-link-pthread.patch: added

 -- Olivier Tilloy <email address hidden>  Mon, 25 Feb 2019 17:05:46 +0100

Available diffs

  • diff from 71.0.3578.98-0ubuntu0.16.04.1 to 72.0.3626.119-0ubuntu0.16.04.1 (pending)
  • diff from 72.0.3626.109-0ubuntu0.16.04.1 to 72.0.3626.119-0ubuntu0.16.04.1 (pending)
Superseded in disco-proposed on 2019-03-02
chromium-browser (72.0.3626.119-0ubuntu3) disco; urgency=medium

  * debian/patches/add-missing-limits-include.patch: added

 -- Olivier Tilloy <email address hidden>  Mon, 25 Feb 2019 17:02:21 +0100

Available diffs

  • diff from 72.0.3626.119-0ubuntu2 to 72.0.3626.119-0ubuntu3 (pending)
Superseded in bionic-updates on 2019-03-07
Superseded in bionic-security on 2019-03-07
chromium-browser (72.0.3626.119-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 72.0.3626.119
  * debian/patches/gn-fix-link-pthread.patch: added

 -- Olivier Tilloy <email address hidden>  Mon, 25 Feb 2019 15:56:06 +0100

Available diffs

  • diff from 71.0.3578.98-0ubuntu0.18.04.1 to 72.0.3626.119-0ubuntu0.18.04.1 (pending)
  • diff from 72.0.3626.109-0ubuntu0.18.04.1 to 72.0.3626.119-0ubuntu0.18.04.1 (pending)
Superseded in cosmic-updates on 2019-03-07
Superseded in cosmic-security on 2019-03-07
chromium-browser (72.0.3626.119-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 72.0.3626.119
  * debian/patches/gn-fix-link-pthread.patch: added

 -- Olivier Tilloy <email address hidden>  Mon, 25 Feb 2019 12:00:37 +0100

Available diffs

  • diff from 71.0.3578.98-0ubuntu0.18.10.1 to 72.0.3626.119-0ubuntu0.18.10.1 (pending)
  • diff from 72.0.3626.109-0ubuntu0.18.10.2 to 72.0.3626.119-0ubuntu0.18.10.1 (pending)
Superseded in disco-proposed on 2019-02-25
chromium-browser (72.0.3626.119-0ubuntu2) disco; urgency=medium

  * debian/patches/gn-fix-link-pthread.patch: added

 -- Olivier Tilloy <email address hidden>  Mon, 25 Feb 2019 11:55:50 +0100

Available diffs

  • diff from 72.0.3626.119-0ubuntu1 to 72.0.3626.119-0ubuntu2 (pending)
Superseded in disco-proposed on 2019-02-25
chromium-browser (72.0.3626.119-0ubuntu1) disco; urgency=medium

  * Upstream release: 72.0.3626.119
  * debian/patches/add-missing-cstring-include.patch: added

 -- Olivier Tilloy <email address hidden>  Mon, 25 Feb 2019 10:55:09 +0100

Available diffs

  • diff from 72.0.3626.109-0ubuntu2 to 72.0.3626.119-0ubuntu1 (pending)
Superseded in disco-proposed on 2019-02-25
chromium-browser (72.0.3626.109-0ubuntu2) disco; urgency=medium

  * debian/rules: build with use_custom_libcxx=false because the custom libc++
    embedded in chromium 72's tarball is too old for the version of clang in
    disco (8.0.0 RC2, see
    http://lists.llvm.org/pipermail/llvm-dev/2019-February/130174.html)

 -- Olivier Tilloy <email address hidden>  Thu, 21 Feb 2019 16:10:40 +0100

Available diffs

  • diff from 72.0.3626.109-0ubuntu1 to 72.0.3626.109-0ubuntu2 (pending)
Superseded in disco-proposed on 2019-02-21
chromium-browser (72.0.3626.109-0ubuntu1) disco; urgency=medium

  * Upstream release: 72.0.3626.109
  * debian/rules:
    - restore old keepalive snippet to prevent builds from timing out during
      the link phase (this happens often enough on armhf, Launchpad builders
      have an inactivity timeout of 150 minutes)
    - install the chromedriver executable in /usr/bin, where python{,3}-selenium
      and other packages expect it by default (LP: #1667208)
  * debian/control: make chromium-chromedriver provide "chromium-driver"
  * debian/chromium-chromedriver.{dirs,install}: removed, no longer needed
  * debian/tests/{chromium-version,html5test}: remove custom driver path

 -- Olivier Tilloy <email address hidden>  Thu, 21 Feb 2019 11:20:52 +0100

Available diffs

  • diff from 72.0.3626.96-0ubuntu1 to 72.0.3626.109-0ubuntu1 (pending)
Superseded in disco-release on 2019-03-05
Deleted in disco-proposed on 2019-03-07 (Reason: moved to release)
chromium-browser (72.0.3626.96-0ubuntu1) disco; urgency=medium

  * Upstream release: 72.0.3626.96
    - CVE-2019-5784: Inappropriate implementation in V8.
  * debian/patches/gn-do-not-build-with-icf.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden>  Fri, 08 Feb 2019 16:45:43 +0100

Available diffs

  • diff from 72.0.3626.81-0ubuntu1 to 72.0.3626.96-0ubuntu1 (pending)
Superseded in disco-release on 2019-02-12
Deleted in disco-proposed on 2019-02-14 (Reason: moved to release)
chromium-browser (72.0.3626.81-0ubuntu1) disco; urgency=medium

  * Upstream release: 72.0.3626.81
    - CVE-2019-5754: Inappropriate implementation in QUIC Networking.
    - CVE-2019-5782: Inappropriate implementation in V8.
    - CVE-2019-5755: Inappropriate implementation in V8.
    - CVE-2019-5756: Use after free in PDFium.
    - CVE-2019-5757: Type Confusion in SVG.
    - CVE-2019-5758: Use after free in Blink.
    - CVE-2019-5759: Use after free in HTML select elements.
    - CVE-2019-5760: Use after free in WebRTC.
    - CVE-2019-5761: Use after free in SwiftShader.
    - CVE-2019-5762: Use after free in PDFium.
    - CVE-2019-5763: Insufficient validation of untrusted input in V8.
    - CVE-2019-5764: Use after free in WebRTC.
    - CVE-2019-5765: Insufficient policy enforcement in the browser.
    - CVE-2019-5766: Insufficient policy enforcement in Canvas.
    - CVE-2019-5767: Incorrect security UI in WebAPKs.
    - CVE-2019-5768: Insufficient policy enforcement in DevTools.
    - CVE-2019-5769: Insufficient validation of untrusted input in Blink.
    - CVE-2019-5770: Heap buffer overflow in WebGL.
    - CVE-2019-5771: Heap buffer overflow in SwiftShader.
    - CVE-2019-5772: Use after free in PDFium.
    - CVE-2019-5773: Insufficient data validation in IndexedDB.
    - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing.
    - CVE-2019-5775: Insufficient policy enforcement in Omnibox.
    - CVE-2019-5776: Insufficient policy enforcement in Omnibox.
    - CVE-2019-5777: Insufficient policy enforcement in Omnibox.
    - CVE-2019-5778: Insufficient policy enforcement in Extensions.
    - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
    - CVE-2019-5780: Insufficient policy enforcement.
    - CVE-2019-5781: Insufficient policy enforcement in Omnibox.
  * debian/control: add default-jre-headless as a build dependency
    (needed to compile the new lite JS mojom bindings)
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: removed, no longer
    needed
  * debian/patches/gn-do-not-build-with-icf.patch: added
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
    needed
  * debian/patches/swiftshader-gl-entry-trampoline.patch: removed, no longer
    needed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/widevine-other-locations: refreshed
  * debian/tests/html5test: update test expectations

 -- Olivier Tilloy <email address hidden>  Wed, 30 Jan 2019 10:53:04 +0100

Available diffs

  • diff from 71.0.3578.98-0ubuntu1 to 72.0.3626.81-0ubuntu1 (pending)
Superseded in xenial-updates on 2019-03-05
Superseded in xenial-security on 2019-03-05
chromium-browser (71.0.3578.98-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 71.0.3578.98
    - CVE-2018-17481: Use after free in PDFium.

 -- Olivier Tilloy <email address hidden>  Thu, 13 Dec 2018 12:56:41 +0100

Available diffs

  • diff from 71.0.3578.80-0ubuntu0.16.04.1 to 71.0.3578.98-0ubuntu0.16.04.1 (pending)
Superseded in bionic-updates on 2019-03-05
Superseded in bionic-security on 2019-03-05
chromium-browser (71.0.3578.98-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 71.0.3578.98
    - CVE-2018-17481: Use after free in PDFium.

 -- Olivier Tilloy <email address hidden>  Thu, 13 Dec 2018 12:55:57 +0100

Available diffs

  • diff from 71.0.3578.80-0ubuntu0.18.04.1 to 71.0.3578.98-0ubuntu0.18.04.1 (pending)
Superseded in cosmic-updates on 2019-03-05
Superseded in cosmic-security on 2019-03-05
chromium-browser (71.0.3578.98-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 71.0.3578.98
    - CVE-2018-17481: Use after free in PDFium.
  * debian/patches/suppress-newer-clang-warning-flags.patch: added back

 -- Olivier Tilloy <email address hidden>  Thu, 13 Dec 2018 11:54:08 +0100
Superseded in disco-release on 2019-02-05
Deleted in disco-proposed on 2019-02-07 (Reason: moved to release)
chromium-browser (71.0.3578.98-0ubuntu1) disco; urgency=medium

  * Upstream release: 71.0.3578.98
    - CVE-2018-17481: Use after free in PDFium.
  * debian/patches/suppress-newer-clang-warning-flags.patch: added back

 -- Olivier Tilloy <email address hidden>  Thu, 13 Dec 2018 11:57:41 +0100
Superseded in xenial-updates on 2019-01-07
Superseded in xenial-security on 2019-01-07
chromium-browser (71.0.3578.80-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 71.0.3578.80
    - CVE-2018-17480: Out of bounds write in V8.
    - CVE-2018-17481: Use after frees in PDFium.
    - CVE-2018-18335: Heap buffer overflow in Skia.
    - CVE-2018-18336: Use after free in PDFium.
    - CVE-2018-18337: Use after free in Blink.
    - CVE-2018-18338: Heap buffer overflow in Canvas.
    - CVE-2018-18339: Use after free in WebAudio.
    - CVE-2018-18340: Use after free in MediaRecorder.
    - CVE-2018-18341: Heap buffer overflow in Blink.
    - CVE-2018-18342: Out of bounds write in V8.
    - CVE-2018-18343: Use after free in Skia.
    - CVE-2018-18344: Inappropriate implementation in Extensions.
    - CVE-2018-18345: Inappropriate implementation in Site Isolation.
    - CVE-2018-18346: Incorrect security UI in Blink.
    - CVE-2018-18347: Inappropriate implementation in Navigation.
    - CVE-2018-18348: Inappropriate implementation in Omnibox.
    - CVE-2018-18349: Insufficient policy enforcement in Blink.
    - CVE-2018-18350: Insufficient policy enforcement in Blink.
    - CVE-2018-18351: Insufficient policy enforcement in Navigation.
    - CVE-2018-18352: Inappropriate implementation in Media.
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18356: Use after free in Skia.
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18358: Insufficient policy enforcement in Proxy.
    - CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/no-new-ninja-flag.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
    debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

 -- Olivier Tilloy <email address hidden>  Tue, 04 Dec 2018 23:08:03 +0100
Superseded in bionic-updates on 2019-01-07
Superseded in bionic-security on 2019-01-07
chromium-browser (71.0.3578.80-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 71.0.3578.80
    - CVE-2018-17480: Out of bounds write in V8.
    - CVE-2018-17481: Use after frees in PDFium.
    - CVE-2018-18335: Heap buffer overflow in Skia.
    - CVE-2018-18336: Use after free in PDFium.
    - CVE-2018-18337: Use after free in Blink.
    - CVE-2018-18338: Heap buffer overflow in Canvas.
    - CVE-2018-18339: Use after free in WebAudio.
    - CVE-2018-18340: Use after free in MediaRecorder.
    - CVE-2018-18341: Heap buffer overflow in Blink.
    - CVE-2018-18342: Out of bounds write in V8.
    - CVE-2018-18343: Use after free in Skia.
    - CVE-2018-18344: Inappropriate implementation in Extensions.
    - CVE-2018-18345: Inappropriate implementation in Site Isolation.
    - CVE-2018-18346: Incorrect security UI in Blink.
    - CVE-2018-18347: Inappropriate implementation in Navigation.
    - CVE-2018-18348: Inappropriate implementation in Omnibox.
    - CVE-2018-18349: Insufficient policy enforcement in Blink.
    - CVE-2018-18350: Insufficient policy enforcement in Blink.
    - CVE-2018-18351: Insufficient policy enforcement in Navigation.
    - CVE-2018-18352: Inappropriate implementation in Media.
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18356: Use after free in Skia.
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18358: Insufficient policy enforcement in Proxy.
    - CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
    debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

 -- Olivier Tilloy <email address hidden>  Tue, 04 Dec 2018 22:46:10 +0100

Available diffs

  • diff from 70.0.3538.110-0ubuntu0.18.04.1 to 71.0.3578.80-0ubuntu0.18.04.1 (pending)
Superseded in cosmic-updates on 2019-01-07
Superseded in cosmic-security on 2019-01-07
chromium-browser (71.0.3578.80-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 71.0.3578.80
    - CVE-2018-17480: Out of bounds write in V8.
    - CVE-2018-17481: Use after frees in PDFium.
    - CVE-2018-18335: Heap buffer overflow in Skia.
    - CVE-2018-18336: Use after free in PDFium.
    - CVE-2018-18337: Use after free in Blink.
    - CVE-2018-18338: Heap buffer overflow in Canvas.
    - CVE-2018-18339: Use after free in WebAudio.
    - CVE-2018-18340: Use after free in MediaRecorder.
    - CVE-2018-18341: Heap buffer overflow in Blink.
    - CVE-2018-18342: Out of bounds write in V8.
    - CVE-2018-18343: Use after free in Skia.
    - CVE-2018-18344: Inappropriate implementation in Extensions.
    - CVE-2018-18345: Inappropriate implementation in Site Isolation.
    - CVE-2018-18346: Incorrect security UI in Blink.
    - CVE-2018-18347: Inappropriate implementation in Navigation.
    - CVE-2018-18348: Inappropriate implementation in Omnibox.
    - CVE-2018-18349: Insufficient policy enforcement in Blink.
    - CVE-2018-18350: Insufficient policy enforcement in Blink.
    - CVE-2018-18351: Insufficient policy enforcement in Navigation.
    - CVE-2018-18352: Inappropriate implementation in Media.
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18356: Use after free in Skia.
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18358: Insufficient policy enforcement in Proxy.
    - CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
    needed
  * debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
    debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

 -- Olivier Tilloy <email address hidden>  Tue, 04 Dec 2018 22:21:47 +0100

Available diffs

  • diff from 70.0.3538.110-0ubuntu0.18.10.1 to 71.0.3578.80-0ubuntu0.18.10.1 (pending)
Superseded in disco-release on 2018-12-14
Deleted in disco-proposed on 2018-12-16 (Reason: moved to release)
chromium-browser (71.0.3578.80-0ubuntu1) disco; urgency=medium

  * Upstream release: 71.0.3578.80
    - CVE-2018-17480: Out of bounds write in V8.
    - CVE-2018-17481: Use after frees in PDFium.
    - CVE-2018-18335: Heap buffer overflow in Skia.
    - CVE-2018-18336: Use after free in PDFium.
    - CVE-2018-18337: Use after free in Blink.
    - CVE-2018-18338: Heap buffer overflow in Canvas.
    - CVE-2018-18339: Use after free in WebAudio.
    - CVE-2018-18340: Use after free in MediaRecorder.
    - CVE-2018-18341: Heap buffer overflow in Blink.
    - CVE-2018-18342: Out of bounds write in V8.
    - CVE-2018-18343: Use after free in Skia.
    - CVE-2018-18344: Inappropriate implementation in Extensions.
    - CVE-2018-18345: Inappropriate implementation in Site Isolation.
    - CVE-2018-18346: Incorrect security UI in Blink.
    - CVE-2018-18347: Inappropriate implementation in Navigation.
    - CVE-2018-18348: Inappropriate implementation in Omnibox.
    - CVE-2018-18349: Insufficient policy enforcement in Blink.
    - CVE-2018-18350: Insufficient policy enforcement in Blink.
    - CVE-2018-18351: Insufficient policy enforcement in Navigation.
    - CVE-2018-18352: Inappropriate implementation in Media.
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18356: Use after free in Skia.
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18358: Insufficient policy enforcement in Proxy.
    - CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
    needed
  * debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
    debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

 -- Olivier Tilloy <email address hidden>  Tue, 04 Dec 2018 21:54:05 +0100

Available diffs

  • diff from 70.0.3538.110-0ubuntu1 to 71.0.3578.80-0ubuntu1 (pending)
Superseded in xenial-updates on 2018-12-10
Superseded in xenial-security on 2018-12-10
chromium-browser (70.0.3538.110-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.110
    - CVE-2018-17479: Use-after-free in GPU.
  * debian/patches/relax-ninja-version-requirement.patch: refreshed

 -- Olivier Tilloy <email address hidden>  Tue, 20 Nov 2018 12:13:30 +0100

Available diffs

Superseded in bionic-updates on 2018-12-10
Superseded in bionic-security on 2018-12-10
chromium-browser (70.0.3538.110-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 70.0.3538.110
    - CVE-2018-17479: Use-after-free in GPU.

 -- Olivier Tilloy <email address hidden>  Tue, 20 Nov 2018 11:36:04 +0100
Superseded in cosmic-updates on 2018-12-10
Superseded in cosmic-security on 2018-12-10
chromium-browser (70.0.3538.110-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 70.0.3538.110
    - CVE-2018-17479: Use-after-free in GPU.

 -- Olivier Tilloy <email address hidden>  Tue, 20 Nov 2018 11:33:11 +0100

Available diffs

  • diff from 70.0.3538.77-0ubuntu0.18.10.1 to 70.0.3538.110-0ubuntu0.18.10.1 (pending)
  • diff from 70.0.3538.102-0ubuntu0.18.10.1 to 70.0.3538.110-0ubuntu0.18.10.1 (pending)
Superseded in disco-release on 2018-12-07
Deleted in disco-proposed on 2018-12-08 (Reason: moved to release)
chromium-browser (70.0.3538.110-0ubuntu1) disco; urgency=medium

  * Upstream release: 70.0.3538.110
    - CVE-2018-17479: Use-after-free in GPU.

 -- Olivier Tilloy <email address hidden>  Tue, 20 Nov 2018 11:00:39 +0100
Superseded in disco-release on 2018-11-21
Deleted in disco-proposed on 2018-11-23 (Reason: moved to release)
chromium-browser (70.0.3538.102-0ubuntu1) disco; urgency=medium

  * Upstream release: 70.0.3538.102
    - CVE-2018-17478: Out of bounds memory access in V8.
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: added

 -- Olivier Tilloy <email address hidden>  Wed, 14 Nov 2018 22:29:24 +0100
Superseded in disco-release on 2018-11-16
Deleted in disco-proposed on 2018-11-17 (Reason: moved to release)
chromium-browser (70.0.3538.77-0ubuntu1) disco; urgency=medium

  * Bump version number for the new development release
    (Ubuntu 19.04, the Disco Dingo)
  * debian/control: update Vcs-Bzr field
  * debian/patches/fix-extra-arflags.patch: updated
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated

 -- Olivier Tilloy <email address hidden>  Mon, 05 Nov 2018 10:20:01 +0100
Superseded in xenial-updates on 2018-12-04
Superseded in xenial-security on 2018-12-04
chromium-browser (70.0.3538.77-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.77

 -- Olivier Tilloy <email address hidden>  Thu, 25 Oct 2018 07:33:53 +0200

Available diffs

  • diff from 70.0.3538.67-0ubuntu0.16.04.1 to 70.0.3538.77-0ubuntu0.16.04.1 (pending)
Superseded in bionic-updates on 2018-12-04
Superseded in bionic-security on 2018-12-04
chromium-browser (70.0.3538.77-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 70.0.3538.77

 -- Olivier Tilloy <email address hidden>  Thu, 25 Oct 2018 07:32:56 +0200

Available diffs

  • diff from 70.0.3538.67-0ubuntu0.18.04.1 to 70.0.3538.77-0ubuntu0.18.04.1 (pending)
Superseded in cosmic-updates on 2018-12-04
Superseded in cosmic-security on 2018-12-04
chromium-browser (70.0.3538.77-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Upstream release: 70.0.3538.77

 -- Olivier Tilloy <email address hidden>  Thu, 25 Oct 2018 07:01:26 +0200
Superseded in disco-release on 2018-11-09
Deleted in disco-proposed on 2018-11-10 (Reason: moved to release)
Superseded in cosmic-updates on 2018-10-30
Superseded in cosmic-security on 2018-10-30
chromium-browser (70.0.3538.67-0ubuntu0.18.10.1) cosmic; urgency=medium

  * debian/patches/swiftshader-upstream-entry-points.patch: renamed to
    debian/patches/swiftshader-gl-entry-trampoline.patch and updated

 -- Olivier Tilloy <email address hidden>  Tue, 23 Oct 2018 10:03:06 +0200

Available diffs

  • diff from 69.0.3497.100-0ubuntu1 (in Ubuntu) to 70.0.3538.67-0ubuntu0.18.10.1 (pending)
Deleted in cosmic-proposed on 2018-10-24 (Reason: Already published into -updates/-security under a differe...)
chromium-browser (70.0.3538.67-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 70.0.3538.67
    - CVE-2018-17462: Sandbox escape in AppCache.
    - CVE-2018-17463: Remote code execution in V8.
    - CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
    - CVE-2018-17464: URL spoof in Omnibox.
    - CVE-2018-17465: Use after free in V8.
    - CVE-2018-17466: Memory corruption in Angle.
    - CVE-2018-17467: URL spoof in Omnibox.
    - CVE-2018-17468: Cross-origin URL disclosure in Blink.
    - CVE-2018-17469: Heap buffer overflow in PDFium.
    - CVE-2018-17470: Memory corruption in GPU Internals.
    - CVE-2018-17471: Security UI occlusion in full screen mode.
    - CVE-2018-17472: iframe sandbox escape on iOS.
    - CVE-2018-17473: URL spoof in Omnibox.
    - CVE-2018-17474: Use after free in Blink.
    - CVE-2018-17475: URL spoof in Omnibox.
    - CVE-2018-17476: Security UI occlusion in full screen mode.
    - CVE-2018-5179: Lack of limits on update() in ServiceWorker.
    - CVE-2018-17477: UI spoof in Extensions.
  * debian/rules:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag
  * debian/patches/arm-neon.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/swiftshader-default-visibility.patch: replaced by
    debian/patches/swiftshader-upstream-entry-points.patch
  * debian/patches/widevine-other-locations: refreshed
  * debian/known_gn_gen_args-*:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag

 -- Olivier Tilloy <email address hidden>  Tue, 16 Oct 2018 22:32:27 +0200

Available diffs

  • diff from 69.0.3497.100-0ubuntu1 to 70.0.3538.67-0ubuntu1 (pending)
Superseded in xenial-updates on 2018-10-30
Superseded in xenial-security on 2018-10-30
chromium-browser (70.0.3538.67-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 70.0.3538.67
    - CVE-2018-17462: Sandbox escape in AppCache.
    - CVE-2018-17463: Remote code execution in V8.
    - CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
    - CVE-2018-17464: URL spoof in Omnibox.
    - CVE-2018-17465: Use after free in V8.
    - CVE-2018-17466: Memory corruption in Angle.
    - CVE-2018-17467: URL spoof in Omnibox.
    - CVE-2018-17468: Cross-origin URL disclosure in Blink.
    - CVE-2018-17469: Heap buffer overflow in PDFium.
    - CVE-2018-17470: Memory corruption in GPU Internals.
    - CVE-2018-17471: Security UI occlusion in full screen mode.
    - CVE-2018-17472: iframe sandbox escape on iOS.
    - CVE-2018-17473: URL spoof in Omnibox.
    - CVE-2018-17474: Use after free in Blink.
    - CVE-2018-17475: URL spoof in Omnibox.
    - CVE-2018-17476: Security UI occlusion in full screen mode.
    - CVE-2018-5179: Lack of limits on update() in ServiceWorker.
    - CVE-2018-17477: UI spoof in Extensions.
  * debian/rules:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag
  * debian/patches/arm-neon.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed
  * debian/known_gn_gen_args-*:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag

 -- Olivier Tilloy <email address hidden>  Tue, 16 Oct 2018 22:54:27 +0200

Available diffs

  • diff from 69.0.3497.81-0ubuntu0.16.04.1 (in Ubuntu) to 70.0.3538.67-0ubuntu0.16.04.1 (pending)
  • diff from 69.0.3497.100-0ubuntu0.16.04.1 (in Ubuntu) to 70.0.3538.67-0ubuntu0.16.04.1 (pending)
Superseded in bionic-updates on 2018-10-30
Superseded in bionic-security on 2018-10-30
chromium-browser (70.0.3538.67-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 70.0.3538.67
    - CVE-2018-17462: Sandbox escape in AppCache.
    - CVE-2018-17463: Remote code execution in V8.
    - CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
    - CVE-2018-17464: URL spoof in Omnibox.
    - CVE-2018-17465: Use after free in V8.
    - CVE-2018-17466: Memory corruption in Angle.
    - CVE-2018-17467: URL spoof in Omnibox.
    - CVE-2018-17468: Cross-origin URL disclosure in Blink.
    - CVE-2018-17469: Heap buffer overflow in PDFium.
    - CVE-2018-17470: Memory corruption in GPU Internals.
    - CVE-2018-17471: Security UI occlusion in full screen mode.
    - CVE-2018-17472: iframe sandbox escape on iOS.
    - CVE-2018-17473: URL spoof in Omnibox.
    - CVE-2018-17474: Use after free in Blink.
    - CVE-2018-17475: URL spoof in Omnibox.
    - CVE-2018-17476: Security UI occlusion in full screen mode.
    - CVE-2018-5179: Lack of limits on update() in ServiceWorker.
    - CVE-2018-17477: UI spoof in Extensions.
  * debian/rules:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag
  * debian/patches/arm-neon.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed
  * debian/known_gn_gen_args-*:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag

 -- Olivier Tilloy <email address hidden>  Tue, 16 Oct 2018 22:43:46 +0200

Available diffs

  • diff from 69.0.3497.81-0ubuntu0.18.04.1 (in Ubuntu) to 70.0.3538.67-0ubuntu0.18.04.1 (pending)
  • diff from 69.0.3497.100-0ubuntu0.18.04.1 (in Ubuntu) to 70.0.3538.67-0ubuntu0.18.04.1 (pending)
Superseded in disco-release on 2018-10-31
Published in cosmic-release on 2018-09-20
Deleted in cosmic-proposed (Reason: moved to release)
chromium-browser (69.0.3497.100-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 69.0.3497.100

 -- Olivier Tilloy <email address hidden>  Tue, 18 Sep 2018 08:54:33 +0200

Available diffs

  • diff from 69.0.3497.92-0ubuntu1 to 69.0.3497.100-0ubuntu1 (pending)
Superseded in cosmic-release on 2018-09-20
Deleted in cosmic-proposed on 2018-09-22 (Reason: moved to release)
chromium-browser (69.0.3497.92-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 69.0.3497.92
    - CVE-2018-XXXXX: Function signature mismatch in WebAssembly.
    - CVE-2018-XXXXX: URL Spoofing in Omnibox.
  * debian/rules: exclude more build artifacts from the binary package

 -- Olivier Tilloy <email address hidden>  Tue, 11 Sep 2018 22:45:34 +0200
Superseded in xenial-updates on 2018-10-24
Superseded in xenial-security on 2018-10-24
chromium-browser (69.0.3497.81-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 69.0.3497.81
    - CVE-2018-16065: Out of bounds write in V8.
    - CVE-2018-16066: Out of bounds read in Blink.
    - CVE-2018-16067: Out of bounds read in WebAudio.
    - CVE-2018-16068: Out of bounds write in Mojo.
    - CVE-2018-16069: Out of bounds read in SwiftShader.
    - CVE-2018-16070: Integer overflow in Skia.
    - CVE-2018-16071: Use after free in WebRTC.
    - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
      Android's MediaPlayer.
    - CVE-2018-16073: Site Isolation bypass after tab restore.
    - CVE-2018-16074: Site Isolation bypass using Blob URLS.
    - CVE-2018-16075: Local file access in Blink.
    - CVE-2018-16076: Out of bounds read in PDFium.
    - CVE-2018-16077: Content security policy bypass in Blink.
    - CVE-2018-16078: Credit card information leak in Autofill.
    - CVE-2018-16079: URL spoof in permission dialogs.
    - CVE-2018-16080: URL spoof in full screen mode.
    - CVE-2018-16081: Local file access in DevTools.
    - CVE-2018-16082: Stack buffer overflow in SwiftShader.
    - CVE-2018-16083: Out of bounds read in WebRTC.
    - CVE-2018-16084: User confirmation bypass in external protocol handling.
    - CVE-2018-16085: Use after free in Memory Instrumentation.
  * debian/control: add uuid-dev as a build dependency (needed by fontconfig)
  * debian/rules: specify AR=llvm-ar-6.0 to build gn
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-add-missing-arm-impl-files.patch: added
  * debian/patches/last-commit-position: replaced by
    debian/patches/gn-no-last-commit-position.patch
  * debian/patches/no-new-ninja-flag.patch: updated
  * debian/patches/relax-ninja-version-requirement.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed

 -- Olivier Tilloy <email address hidden>  Wed, 05 Sep 2018 13:47:36 +0200

Available diffs

  • diff from 68.0.3440.106-0ubuntu0.16.04.1 to 69.0.3497.81-0ubuntu0.16.04.1 (pending)
Superseded in bionic-updates on 2018-10-24
Superseded in bionic-security on 2018-10-24
chromium-browser (69.0.3497.81-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 69.0.3497.81
    - CVE-2018-16065: Out of bounds write in V8.
    - CVE-2018-16066: Out of bounds read in Blink.
    - CVE-2018-16067: Out of bounds read in WebAudio.
    - CVE-2018-16068: Out of bounds write in Mojo.
    - CVE-2018-16069: Out of bounds read in SwiftShader.
    - CVE-2018-16070: Integer overflow in Skia.
    - CVE-2018-16071: Use after free in WebRTC.
    - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
      Android's MediaPlayer.
    - CVE-2018-16073: Site Isolation bypass after tab restore.
    - CVE-2018-16074: Site Isolation bypass using Blob URLS.
    - CVE-2018-16075: Local file access in Blink.
    - CVE-2018-16076: Out of bounds read in PDFium.
    - CVE-2018-16077: Content security policy bypass in Blink.
    - CVE-2018-16078: Credit card information leak in Autofill.
    - CVE-2018-16079: URL spoof in permission dialogs.
    - CVE-2018-16080: URL spoof in full screen mode.
    - CVE-2018-16081: Local file access in DevTools.
    - CVE-2018-16082: Stack buffer overflow in SwiftShader.
    - CVE-2018-16083: Out of bounds read in WebRTC.
    - CVE-2018-16084: User confirmation bypass in external protocol handling.
    - CVE-2018-16085: Use after free in Memory Instrumentation.
  * debian/control: add uuid-dev as a build dependency (needed by fontconfig)
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-add-missing-arm-impl-files.patch: added
  * debian/patches/last-commit-position: replaced by
    debian/patches/gn-no-last-commit-position.patch
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed

 -- Olivier Tilloy <email address hidden>  Wed, 05 Sep 2018 13:23:39 +0200

Available diffs

  • diff from 68.0.3440.106-0ubuntu0.18.04.1 to 69.0.3497.81-0ubuntu0.18.04.1 (pending)
Superseded in cosmic-release on 2018-09-15
Deleted in cosmic-proposed on 2018-09-16 (Reason: moved to release)
chromium-browser (69.0.3497.81-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 69.0.3497.81
    - CVE-2018-16065: Out of bounds write in V8.
    - CVE-2018-16066: Out of bounds read in Blink.
    - CVE-2018-16067: Out of bounds read in WebAudio.
    - CVE-2018-16068: Out of bounds write in Mojo.
    - CVE-2018-16069: Out of bounds read in SwiftShader.
    - CVE-2018-16070: Integer overflow in Skia.
    - CVE-2018-16071: Use after free in WebRTC.
    - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
      Android's MediaPlayer.
    - CVE-2018-16073: Site Isolation bypass after tab restore.
    - CVE-2018-16074: Site Isolation bypass using Blob URLS.
    - CVE-2018-16075: Local file access in Blink.
    - CVE-2018-16076: Out of bounds read in PDFium.
    - CVE-2018-16077: Content security policy bypass in Blink.
    - CVE-2018-16078: Credit card information leak in Autofill.
    - CVE-2018-16079: URL spoof in permission dialogs.
    - CVE-2018-16080: URL spoof in full screen mode.
    - CVE-2018-16081: Local file access in DevTools.
    - CVE-2018-16082: Stack buffer overflow in SwiftShader.
    - CVE-2018-16083: Out of bounds read in WebRTC.
    - CVE-2018-16084: User confirmation bypass in external protocol handling.
    - CVE-2018-16085: Use after free in Memory Instrumentation.
  * debian/control: add uuid-dev as a build dependency (needed by fontconfig)
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/clang-601-atomics.patch: removed, no longer needed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-add-missing-arm-impl-files.patch: added
  * debian/patches/last-commit-position: replaced by
    debian/patches/gn-no-last-commit-position.patch
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/swiftshader-default-visibility.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed

 -- Olivier Tilloy <email address hidden>  Wed, 05 Sep 2018 09:41:19 +0200

Available diffs

  • diff from 68.0.3440.106-0ubuntu1 to 69.0.3497.81-0ubuntu1 (pending)
Superseded in cosmic-release on 2018-09-07
Deleted in cosmic-proposed on 2018-09-08 (Reason: moved to release)
chromium-browser (68.0.3440.106-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 68.0.3440.106

 -- Olivier Tilloy <email address hidden>  Wed, 08 Aug 2018 23:27:06 +0200
Superseded in xenial-updates on 2018-09-11
Superseded in xenial-security on 2018-09-11
chromium-browser (68.0.3440.106-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 68.0.3440.106

 -- Olivier Tilloy <email address hidden>  Thu, 09 Aug 2018 00:10:42 +0200
Superseded in bionic-updates on 2018-09-11
Superseded in bionic-security on 2018-09-11
chromium-browser (68.0.3440.106-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 68.0.3440.106

 -- Olivier Tilloy <email address hidden>  Wed, 08 Aug 2018 23:59:05 +0200

Available diffs

Superseded in cosmic-release on 2018-08-10
Deleted in cosmic-proposed on 2018-08-11 (Reason: moved to release)
chromium-browser (68.0.3440.84-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 68.0.3440.84
  * debian/patches/add-missing-base-namespace.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: updated

 -- Olivier Tilloy <email address hidden>  Wed, 01 Aug 2018 08:16:10 +0200

Available diffs

  • diff from 68.0.3440.75-0ubuntu1 to 68.0.3440.84-0ubuntu1 (pending)
Superseded in cosmic-release on 2018-08-02
Deleted in cosmic-proposed on 2018-08-03 (Reason: moved to release)
chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 68.0.3440.75
    - CVE-2018-6153: Stack buffer overflow in Skia.
    - CVE-2018-6154: Heap buffer overflow in WebGL.
    - CVE-2018-6155: Use after free in WebRTC.
    - CVE-2018-6156: Heap buffer overflow in WebRTC.
    - CVE-2018-6157: Type confusion in WebRTC.
    - CVE-2018-6158: Use after free in Blink.
    - CVE-2018-6159: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6160: URL spoof in Chrome on iOS.
    - CVE-2018-6161: Same origin policy bypass in WebAudio.
    - CVE-2018-6162: Heap buffer overflow in WebGL.
    - CVE-2018-6163: URL spoof in Omnibox.
    - CVE-2018-6164: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6165: URL spoof in Omnibox.
    - CVE-2018-6166: URL spoof in Omnibox.
    - CVE-2018-6167: URL spoof in Omnibox.
    - CVE-2018-6168: CORS bypass in Blink.
    - CVE-2018-6169: Permissions bypass in extension installation.
    - CVE-2018-6170: Type confusion in PDFium.
    - CVE-2018-6171: Use after free in WebBluetooth.
    - CVE-2018-6172: URL spoof in Omnibox.
    - CVE-2018-6173: URL spoof in Omnibox.
    - CVE-2018-6174: Integer overflow in SwiftShader.
    - CVE-2018-6175: URL spoof in Omnibox.
    - CVE-2018-6176: Local user privilege escalation in Extensions.
    - CVE-2018-6177: Cross origin information leak in Blink.
    - CVE-2018-6178: UI spoof in Extensions.
    - CVE-2018-6179: Local file information leak in Extensions.
    - CVE-2018-6044: Request privilege escalation in Extensions.
    - CVE-2018-4117: Cross origin information leak in Blink.
  * debian/rules:
    - remove enable_webrtc build flag
    - make ninja less verbose to reduce build log size
  * debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
    (LP: #1772448)
  * debian/patches/add-missing-base-namespace.patch: added
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
  * debian/patches/fix-extra-arflags.patch: updated
  * debian/patches/fix-ffmpeg-ia32-build.patch: updated
  * debian/patches/last-commit-position: refreshed
  * debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/known_gn_gen_args-*: remove enable_webrtc build flag

 -- Olivier Tilloy <email address hidden>  Wed, 25 Jul 2018 09:22:28 +0200

Available diffs

  • diff from 67.0.3396.99-0ubuntu1 to 68.0.3440.75-0ubuntu1 (pending)
Superseded in xenial-updates on 2018-08-16
Deleted in xenial-updates on 2018-08-18 (Reason: stupid archive tricks to roll back for point release snap...)
Deleted in xenial-updates on 2018-08-18 (Reason: stupid archive tricks to roll back for point release snap...)
Superseded in xenial-security on 2018-08-16
chromium-browser (68.0.3440.75-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 68.0.3440.75
    - CVE-2018-6153: Stack buffer overflow in Skia.
    - CVE-2018-6154: Heap buffer overflow in WebGL.
    - CVE-2018-6155: Use after free in WebRTC.
    - CVE-2018-6156: Heap buffer overflow in WebRTC.
    - CVE-2018-6157: Type confusion in WebRTC.
    - CVE-2018-6158: Use after free in Blink.
    - CVE-2018-6159: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6160: URL spoof in Chrome on iOS.
    - CVE-2018-6161: Same origin policy bypass in WebAudio.
    - CVE-2018-6162: Heap buffer overflow in WebGL.
    - CVE-2018-6163: URL spoof in Omnibox.
    - CVE-2018-6164: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6165: URL spoof in Omnibox.
    - CVE-2018-6166: URL spoof in Omnibox.
    - CVE-2018-6167: URL spoof in Omnibox.
    - CVE-2018-6168: CORS bypass in Blink.
    - CVE-2018-6169: Permissions bypass in extension installation.
    - CVE-2018-6170: Type confusion in PDFium.
    - CVE-2018-6171: Use after free in WebBluetooth.
    - CVE-2018-6172: URL spoof in Omnibox.
    - CVE-2018-6173: URL spoof in Omnibox.
    - CVE-2018-6174: Integer overflow in SwiftShader.
    - CVE-2018-6175: URL spoof in Omnibox.
    - CVE-2018-6176: Local user privilege escalation in Extensions.
    - CVE-2018-6177: Cross origin information leak in Blink.
    - CVE-2018-6178: UI spoof in Extensions.
    - CVE-2018-6179: Local file information leak in Extensions.
    - CVE-2018-6044: Request privilege escalation in Extensions.
    - CVE-2018-4117: Cross origin information leak in Blink.
  * debian/rules:
    - remove enable_webrtc build flag
    - make ninja less verbose to reduce build log size
  * debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
    (LP: #1772448)
  * debian/patches/add-missing-base-namespace.patch: added
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
  * debian/patches/fix-extra-arflags.patch: updated
  * debian/patches/fix-ffmpeg-ia32-build.patch: updated
  * debian/patches/last-commit-position: refreshed
  * debian/patches/no-new-ninja-flag.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/known_gn_gen_args-*: remove enable_webrtc build flag

 -- Olivier Tilloy <email address hidden>  Wed, 25 Jul 2018 10:51:24 +0200

Available diffs

  • diff from 67.0.3396.99-0ubuntu0.16.04.2 to 68.0.3440.75-0ubuntu0.16.04.1 (pending)
Superseded in bionic-updates on 2018-08-16
Superseded in bionic-security on 2018-08-16
chromium-browser (68.0.3440.75-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 68.0.3440.75
    - CVE-2018-6153: Stack buffer overflow in Skia.
    - CVE-2018-6154: Heap buffer overflow in WebGL.
    - CVE-2018-6155: Use after free in WebRTC.
    - CVE-2018-6156: Heap buffer overflow in WebRTC.
    - CVE-2018-6157: Type confusion in WebRTC.
    - CVE-2018-6158: Use after free in Blink.
    - CVE-2018-6159: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6160: URL spoof in Chrome on iOS.
    - CVE-2018-6161: Same origin policy bypass in WebAudio.
    - CVE-2018-6162: Heap buffer overflow in WebGL.
    - CVE-2018-6163: URL spoof in Omnibox.
    - CVE-2018-6164: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6165: URL spoof in Omnibox.
    - CVE-2018-6166: URL spoof in Omnibox.
    - CVE-2018-6167: URL spoof in Omnibox.
    - CVE-2018-6168: CORS bypass in Blink.
    - CVE-2018-6169: Permissions bypass in extension installation.
    - CVE-2018-6170: Type confusion in PDFium.
    - CVE-2018-6171: Use after free in WebBluetooth.
    - CVE-2018-6172: URL spoof in Omnibox.
    - CVE-2018-6173: URL spoof in Omnibox.
    - CVE-2018-6174: Integer overflow in SwiftShader.
    - CVE-2018-6175: URL spoof in Omnibox.
    - CVE-2018-6176: Local user privilege escalation in Extensions.
    - CVE-2018-6177: Cross origin information leak in Blink.
    - CVE-2018-6178: UI spoof in Extensions.
    - CVE-2018-6179: Local file information leak in Extensions.
    - CVE-2018-6044: Request privilege escalation in Extensions.
    - CVE-2018-4117: Cross origin information leak in Blink.
  * debian/rules:
    - remove enable_webrtc build flag
    - make ninja less verbose to reduce build log size
  * debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
    (LP: #1772448)
  * debian/patches/add-missing-base-namespace.patch: added
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
  * debian/patches/fix-extra-arflags.patch: updated
  * debian/patches/fix-ffmpeg-ia32-build.patch: updated
  * debian/patches/last-commit-position: refreshed
  * debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/known_gn_gen_args-*: remove enable_webrtc build flag

 -- Olivier Tilloy <email address hidden>  Wed, 25 Jul 2018 10:05:09 +0200

Available diffs

  • diff from 67.0.3396.99-0ubuntu0.18.04.1 to 68.0.3440.75-0ubuntu0.18.04.1 (pending)
Superseded in xenial-updates on 2018-07-31
Superseded in xenial-updates on 2018-07-31
Superseded in xenial-updates on 2018-07-31
Superseded in xenial-security on 2018-07-31
chromium-browser (67.0.3396.99-0ubuntu0.16.04.2) xenial; urgency=medium

  * debian/patches/libcxxabi-arm-ehabi-fix.patch: removed, no longer needed

 -- Olivier Tilloy <email address hidden>  Wed, 11 Jul 2018 10:22:52 +0200
Published in artful-updates on 2018-07-17
Published in artful-security on 2018-07-17
chromium-browser (67.0.3396.99-0ubuntu0.17.10.1) artful; urgency=medium

  * Upstream release: 67.0.3396.99
    - CVE-2018-6148: Incorrect handling of CSP header.
    - CVE-2018-6149: Out of bounds write in V8.

 -- Olivier Tilloy <email address hidden>  Mon, 09 Jul 2018 23:29:07 +0200

Available diffs

Superseded in bionic-updates on 2018-07-31
Superseded in bionic-security on 2018-07-31
chromium-browser (67.0.3396.99-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 67.0.3396.99
    - CVE-2018-6148: Incorrect handling of CSP header.
    - CVE-2018-6149: Out of bounds write in V8.

 -- Olivier Tilloy <email address hidden>  Mon, 09 Jul 2018 23:06:17 +0200
Superseded in cosmic-release on 2018-07-26
Deleted in cosmic-proposed on 2018-07-27 (Reason: moved to release)
chromium-browser (67.0.3396.99-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 67.0.3396.99
    - CVE-2018-6148: Incorrect handling of CSP header.
    - CVE-2018-6149: Out of bounds write in V8.
  * debian/patches/clang-601-atomics.patch: added (LP: #1780747)

 -- Olivier Tilloy <email address hidden>  Mon, 09 Jul 2018 19:32:25 +0200
Superseded in cosmic-release on 2018-07-10
Deleted in cosmic-proposed on 2018-07-12 (Reason: moved to release)
chromium-browser (67.0.3396.62-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 67.0.3396.62
    - CVE-2018-6123: Use after free in Blink.
    - CVE-2018-6124: Type confusion in Blink.
    - CVE-2018-6125: Overly permissive policy in WebUSB.
    - CVE-2018-6126: Heap buffer overflow in Skia.
    - CVE-2018-6127: Use after free in indexedDB.
    - CVE-2018-6128: uXSS in Chrome on iOS.
    - CVE-2018-6129: Out of bounds memory access in WebRTC.
    - CVE-2018-6130: Out of bounds memory access in WebRTC.
    - CVE-2018-6131: Incorrect mutability protection in WebAssembly.
    - CVE-2018-6132: Use of uninitialized memory in WebRTC.
    - CVE-2018-6133: URL spoof in Omnibox.
    - CVE-2018-6134: Referrer Policy bypass in Blink.
    - CVE-2018-6135: UI spoofing in Blink.
    - CVE-2018-6136: Out of bounds memory access in V8.
    - CVE-2018-6137: Leak of visited status of page in Blink.
    - CVE-2018-6138: Overly permissive policy in Extensions.
    - CVE-2018-6139: Restrictions bypass in the debugger extension API.
    - CVE-2018-6140: Restrictions bypass in the debugger extension API.
    - CVE-2018-6141: Heap buffer overflow in Skia.
    - CVE-2018-6142: Out of bounds memory access in V8.
    - CVE-2018-6143: Out of bounds memory access in V8.
    - CVE-2018-6144: Out of bounds memory access in PDFium.
    - CVE-2018-6145: Incorrect escaping of MathML in Blink.
    - CVE-2018-6147: Password fields not taking advantage of OS protections in
      Views.
  * debian/rules: stop installing an outdated chromium-browser.svg icon
    (LP: #1771847)
  * debian/chromium-browser.svg: removed (outdated)
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/default-allocator: refreshed
  * debian/patches/disable-sse2: updated
  * debian/patches/fix-crashpad-linux-compat.patch: added
  * debian/patches/fix-extra-arflags.patch: added
  * debian/patches/revert-clang-nostdlib++.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-disable-neon.patch: removed, no longer needed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/widevine-allow-enable.patch: added
  * debian/patches/widevine-other-locations: updated

 -- Olivier Tilloy <email address hidden>  Wed, 30 May 2018 12:22:22 +0200

Available diffs

  • diff from 66.0.3359.181-0ubuntu1 to 67.0.3396.62-0ubuntu1 (pending)
Superseded in cosmic-release on 2018-06-04
Deleted in cosmic-proposed on 2018-06-05 (Reason: moved to release)
chromium-browser (66.0.3359.181-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 66.0.3359.181

 -- Olivier Tilloy <email address hidden>  Tue, 15 May 2018 22:20:10 +0200
Superseded in xenial-updates on 2018-07-17
Superseded in xenial-security on 2018-07-17
chromium-browser (66.0.3359.181-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 66.0.3359.181

 -- Olivier Tilloy <email address hidden>  Tue, 15 May 2018 22:36:44 +0200
Superseded in artful-updates on 2018-07-17
Superseded in artful-security on 2018-07-17
chromium-browser (66.0.3359.181-0ubuntu0.17.10.1) artful; urgency=medium

  * Upstream release: 66.0.3359.181

 -- Olivier Tilloy <email address hidden>  Tue, 15 May 2018 22:31:19 +0200
Superseded in bionic-updates on 2018-07-17
Superseded in bionic-security on 2018-07-17
chromium-browser (66.0.3359.181-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 66.0.3359.181

 -- Olivier Tilloy <email address hidden>  Tue, 15 May 2018 22:17:08 +0200

Available diffs

Superseded in cosmic-release on 2018-05-18
Deleted in cosmic-proposed on 2018-05-19 (Reason: moved to release)
chromium-browser (66.0.3359.170-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 66.0.3359.170
    - CVE-2018-6121: Privilege Escalation in extensions.
    - CVE-2018-6122: Type confusion in V8.
    - CVE-2018-6120: Heap buffer overflow in PDFium.

 -- Olivier Tilloy <email address hidden>  Fri, 11 May 2018 14:57:36 +0200
Superseded in cosmic-release on 2018-05-14
Deleted in cosmic-proposed on 2018-05-15 (Reason: moved to release)
chromium-browser (66.0.3359.139-0ubuntu1) cosmic; urgency=medium

  * No-change rebuild for the Cosmic Cuttlefish (18.10)

 -- Olivier Tilloy <email address hidden>  Tue, 08 May 2018 21:59:31 +0200

Available diffs

  • diff from 65.0.3325.181-0ubuntu1 to 66.0.3359.139-0ubuntu1 (pending)
Superseded in xenial-updates on 2018-05-24
Superseded in xenial-security on 2018-05-24
chromium-browser (66.0.3359.139-0ubuntu0.16.04.3) xenial; urgency=medium

  * debian/control: build-depend on clang-5.0 and llvm-5.0, which are now in
    xenial-updates
  * debian/rules: build gn with clang 5.0
  * debian/patches/restore-clang-no-integrated-as.patch: removed, no longer
    needed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: added
  * debian/patches/use-clang-versioned.patch: updated

 -- Olivier Tilloy <email address hidden>  Fri, 04 May 2018 16:28:21 +0200

Available diffs

Superseded in bionic-updates on 2018-05-24
Superseded in bionic-security on 2018-05-24
chromium-browser (66.0.3359.139-0ubuntu0.18.04.3) bionic; urgency=medium

  * debian/patches/libcxxabi-arm-ehabi-fix.patch: removed, not needed with
    recent versions of clang (>= 6.0)

 -- Olivier Tilloy <email address hidden>  Fri, 04 May 2018 15:50:30 +0200

Available diffs

  • diff from 63.0.3239.132-0ubuntu1 to 66.0.3359.139-0ubuntu0.18.04.3 (pending)
  • diff from 66.0.3359.139-0ubuntu0.18.04.2 to 66.0.3359.139-0ubuntu0.18.04.3 (pending)
Superseded in artful-updates on 2018-05-24
Superseded in artful-security on 2018-05-24
chromium-browser (66.0.3359.139-0ubuntu0.17.10.2) artful; urgency=medium

  * debian/rules: do not build with use_custom_libcxx=false after all, this
    didn't work on xenial and older because the system libstdc++ was too old,
    and we'd rather stick to the same build options on all supported releases,
    where possible
  * debian/patches/libcxxabi-arm-ehabi-fix.patch: added (LP: #1768653)

 -- Olivier Tilloy <email address hidden>  Thu, 03 May 2018 16:59:03 +0200

Available diffs

  • diff from 65.0.3325.181-0ubuntu0.17.10.1 to 66.0.3359.139-0ubuntu0.17.10.2 (pending)
  • diff from 66.0.3359.139-0ubuntu0.17.10.1 to 66.0.3359.139-0ubuntu0.17.10.2 (pending)
Superseded in cosmic-release on 2018-05-09
Published in bionic-release on 2018-03-22
Deleted in bionic-proposed (Reason: moved to release)
chromium-browser (65.0.3325.181-0ubuntu1) bionic; urgency=medium

  * Upstream release: 65.0.3325.181

 -- Olivier Tilloy <email address hidden>  Wed, 21 Mar 2018 11:27:29 +0100

Available diffs

  • diff from 65.0.3325.146-0ubuntu1 to 65.0.3325.181-0ubuntu1 (pending)
Published in trusty-updates on 2018-03-28
Published in trusty-security on 2018-03-27
chromium-browser (65.0.3325.181-0ubuntu0.14.04.1) trusty; urgency=medium

  * Upstream release: 65.0.3325.181

 -- Olivier Tilloy <email address hidden>  Wed, 21 Mar 2018 14:32:29 +0100

Available diffs

  • diff from 66.0.3350.0-0ubuntu1~ppa6~14.04.1 (in Ubuntu) to 65.0.3325.181-0ubuntu0.14.04.1 (pending)
  • diff from 64.0.3282.167-0ubuntu0.14.04.1 to 65.0.3325.181-0ubuntu0.14.04.1 (pending)
  • diff from 65.0.3325.146-0ubuntu0.14.04.1 to 65.0.3325.181-0ubuntu0.14.04.1 (pending)
Superseded in xenial-updates on 2018-05-11
Superseded in xenial-security on 2018-05-11
chromium-browser (65.0.3325.181-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 65.0.3325.181

 -- Olivier Tilloy <email address hidden>  Wed, 21 Mar 2018 13:51:29 +0100

Available diffs

  • diff from 64.0.3282.167-0ubuntu0.16.04.1 to 65.0.3325.181-0ubuntu0.16.04.1 (pending)
  • diff from 65.0.3325.146-0ubuntu0.16.04.1 to 65.0.3325.181-0ubuntu0.16.04.1 (pending)
175 of 490 results