[ubuntu/bionic-security] chromium-browser 90.0.4430.72-0ubuntu0.18.04.1 (Accepted)

Chris Coulson chris.coulson at canonical.com
Tue Apr 20 17:50:16 UTC 2021 

chromium-browser (90.0.4430.72-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 90.0.4430.72
    - CVE-2021-21201: Use after free in permissions.
    - CVE-2021-21202: Use after free in extensions.
    - CVE-2021-21203: Use after free in Blink.
    - CVE-2021-21204: Use after free in Blink.
    - CVE-2021-21205: Insufficient policy enforcement in navigation.
    - CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
    - CVE-2021-21207: Use after free in IndexedDB.
    - CVE-2021-21208: Insufficient data validation in QR scanner.
    - CVE-2021-21209: Inappropriate implementation in storage.
    - CVE-2021-21210: Inappropriate implementation in Network.
    - CVE-2021-21211: Inappropriate implementation in Navigation.
    - CVE-2021-21212: Incorrect security UI in Network Config UI.
    - CVE-2021-21213: Use after free in WebMIDI.
    - CVE-2021-21214: Use after free in Network API.
    - CVE-2021-21215: Inappropriate implementation in Autofill.
    - CVE-2021-21216: Inappropriate implementation in Autofill.
    - CVE-2021-21217: Uninitialized Use in PDFium.
    - CVE-2021-21218: Uninitialized Use in PDFium.
    - CVE-2021-21219: Uninitialized Use in PDFium.
  * debian/patches/build-with-old-libva.patch: refreshed and renamed to
    debian/patches/build-with-old-libva-missing-defines.patch
  * debian/patches/build-with-old-libva-no-av1.patch: added
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: removed, no longer needed
  * debian/patches/libaom-armhf-build-cpudetect.patch: added
  * debian/patches/revert-sequence-checker-capability-name.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed

chromium-browser (89.0.4389.128-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 89.0.4389.128
    - CVE-2021-21206: Use after free in Blink.
    - CVE-2021-21220: Insufficient validation of untrusted input in V8 for
      x86_64.

chromium-browser (89.0.4389.114-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 89.0.4389.114
    - CVE-2021-21194: Use after free in screen capture.
    - CVE-2021-21195: Use after free in V8.
    - CVE-2021-21196: Heap buffer overflow in TabStrip.
    - CVE-2021-21197: Heap buffer overflow in TabStrip.
    - CVE-2021-21198: Out of bounds read in IPC.
    - CVE-2021-21199: Use Use after free in Aura.

Date: 2021-04-15 10:33:06.691088+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/90.0.4430.72-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list