[ubuntu/bionic-security] chromium-browser 89.0.4389.82-0ubuntu0.18.04.1 (Accepted)

Chris Coulson chris.coulson at canonical.com
Sat Mar 13 10:56:10 UTC 2021 

chromium-browser (89.0.4389.82-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 89.0.4389.82

chromium-browser (89.0.4389.72-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 89.0.4389.72
    - CVE-2021-21159: Heap buffer overflow in TabStrip.
    - CVE-2021-21160: Heap buffer overflow in WebAudio.
    - CVE-2021-21161: Heap buffer overflow in TabStrip.
    - CVE-2021-21162: Use after free in WebRTC.
    - CVE-2021-21163: Insufficient data validation in Reader Mode.
    - CVE-2021-21164: Insufficient data validation in Chrome for iOS.
    - CVE-2021-21165: Object lifecycle issue in audio.
    - CVE-2021-21166: Object lifecycle issue in audio.
    - CVE-2021-21167: Use after free in bookmarks.
    - CVE-2021-21168: Insufficient policy enforcement in appcache.
    - CVE-2021-21169: Out of bounds memory access in V8.
    - CVE-2021-21170: Incorrect security UI in Loader.
    - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
    - CVE-2021-21172: Insufficient policy enforcement in File System API.
    - CVE-2021-21173: Side-channel information leakage in Network Internals.
    - CVE-2021-21174: Inappropriate implementation in Referrer.
    - CVE-2021-21175: Inappropriate implementation in Site isolation.
    - CVE-2021-21176: Inappropriate implementation in full screen mode.
    - CVE-2021-21177: Insufficient policy enforcement in Autofill.
    - CVE-2021-21178: Inappropriate implementation in Compositing.
    - CVE-2021-21179: Use after free in Network Internals.
    - CVE-2021-21180: Use after free in tab search.
    - CVE-2020-27844: Heap buffer overflow in OpenJPEG.
    - CVE-2021-21181: Side-channel information leakage in autofill.
    - CVE-2021-21182: Insufficient policy enforcement in navigations.
    - CVE-2021-21183: Inappropriate implementation in performance APIs.
    - CVE-2021-21184: Inappropriate implementation in performance APIs.
    - CVE-2021-21185: Insufficient policy enforcement in extensions.
    - CVE-2021-21186: Insufficient policy enforcement in QR scanning.
    - CVE-2021-21187: Insufficient data validation in URL formatting.
    - CVE-2021-21188: Use after free in Blink.
    - CVE-2021-21189: Insufficient policy enforcement in payments.
    - CVE-2021-21190: Uninitialized Use in PDFium.
  * debian/rules: remove google_default_client_id and
    google_default_client_secret per
    https://groups.google.com/a/chromium.org/g/chromium-packagers/c/SG6jnsP4pWM/m/Y73W4CecCQAJ
  * debian/patches/build-with-old-libva.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/revert-sequence-checker-capability-name.patch: added
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed

chromium-browser (88.0.4324.182-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 88.0.4324.182
    - CVE-2021-21149: Stack overflow in Data Transfer.
    - CVE-2021-21150: Use after free in Downloads.
    - CVE-2021-21151: Use after free in Payments.
    - CVE-2021-21152: Heap buffer overflow in Media.
    - CVE-2021-21153: Stack overflow in GPU Process.
    - CVE-2021-21154: Heap buffer overflow in Tab Strip.
    - CVE-2021-21155: Heap buffer overflow in Tab Strip.
    - CVE-2021-21156: Heap buffer overflow in V8.
    - CVE-2021-21157: Use after free in Web Sockets.
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed

chromium-browser (88.0.4324.150-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 88.0.4324.150
    - CVE-2021-21148: Heap buffer overflow in V8.

chromium-browser (88.0.4324.146-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 88.0.4324.146
    - CVE-2021-21142: Use after free in Payments .
    - CVE-2021-21143: Heap buffer overflow in Extensions.
    - CVE-2021-21144: Heap buffer overflow in Tab Groups.
    - CVE-2021-21145: Use after free in Fonts.
    - CVE-2021-21146: Use after free in Navigation.
    - CVE-2021-21147: Inappropriate implementation in Skia.

chromium-browser (88.0.4324.96-0ubuntu0.18.04.2) bionic; urgency=medium

  * debian/rules: do not build with optimize_webui=false (LP: #1913069)
  * debian/known_gn_gen_args-*: remove (long gone) use_vulcanize build flag

chromium-browser (88.0.4324.96-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 88.0.4324.96
    - CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
    - CVE-2021-21118: Insufficient data validation in V8.
    - CVE-2021-21119: Use after free in Media.
    - CVE-2021-21120: Use after free in WebSQL.
    - CVE-2021-21121: Use after free in Omnibox.
    - CVE-2021-21122: Use after free in Blink.
    - CVE-2021-21123: Insufficient data validation in File System API.
    - CVE-2021-21124: Potential user after free in Speech Recognizer.
    - CVE-2021-21125: Insufficient policy enforcement in File System API.
    - CVE-2020-16044: Use after free in WebRTC.
    - CVE-2021-21126: Insufficient policy enforcement in extensions.
    - CVE-2021-21127: Insufficient policy enforcement in extensions.
    - CVE-2021-21128: Heap buffer overflow in Blink.
    - CVE-2021-21129: Insufficient policy enforcement in File System API.
    - CVE-2021-21130: Insufficient policy enforcement in File System API.
    - CVE-2021-21131: Insufficient policy enforcement in File System API.
    - CVE-2021-21132: Inappropriate implementation in DevTools.
    - CVE-2021-21133: Insufficient policy enforcement in Downloads.
    - CVE-2021-21134: Incorrect security UI in Page Info.
    - CVE-2021-21135: Inappropriate implementation in Performance API.
    - CVE-2021-21136: Insufficient policy enforcement in WebView.
    - CVE-2021-21137: Inappropriate implementation in DevTools.
    - CVE-2021-21138: Use after free in DevTools.
    - CVE-2021-21139: Inappropriate implementation in iframe sandbox.
    - CVE-2021-21140: Uninitialized Use in USB.
    - CVE-2021-21141: Insufficient policy enforcement in File System API.
  * debian/control:
    - do not suggest installing adobe-flashplugin (Flash is EOL)
    - add build dependency on libva-dev (needed on amd64 and i386 since
      https://chromium.googlesource.com/chromium/src/+/7bc2776)
  * debian/rules:
    - build with use_allocator_shim=false to replace the default-allocator patch
    - remove is_desktop_linux build flag
  * debian/apport/chromium-browser.py: update the list of related packages
  * debian/chromium-browser.sh.in: do not try to detect Flash plugin
  * debian/patches/build-with-old-libva.patch: added
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/default-allocator: removed, no longer needed
  * debian/patches/no-dirmd.patch: added
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed
  * debian/known_gn_gen_args-*: remove is_desktop_linux build flag

chromium-browser (87.0.4280.141-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 87.0.4280.141
    - CVE-2021-21106: Use after free in autofill.
    - CVE-2021-21107: Use after free in drag and drop.
    - CVE-2021-21108: Use after free in media.
    - CVE-2021-21109: Use after free in payments.
    - CVE-2021-21110: Use after free in safe browsing.
    - CVE-2021-21111: Insufficient policy enforcement in WebUI.
    - CVE-2021-21112: Use after free in Blink.
    - CVE-2021-21113: Heap buffer overflow in Skia.
    - CVE-2020-16043: Insufficient data validation in networking.
    - CVE-2021-21114: Use after free in audio.
    - CVE-2020-15995: Out of bounds write in V8.
    - CVE-2021-21115: Use after free in safe browsing.
    - CVE-2021-21116: Heap buffer overflow in audio.

chromium-browser (87.0.4280.88-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 87.0.4280.88

Date: 2021-03-07 05:55:40.628850+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/89.0.4389.82-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list