[ubuntu/bionic-security] chromium-browser 100.0.4896.127-0ubuntu0.18.04.1 (Accepted)

Chris Coulson chris.coulson at canonical.com
Mon Apr 25 11:34:27 UTC 2022

chromium-browser (100.0.4896.127-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 100.0.4896.127
    - CVE-2022-1364: Type Confusion in V8.

chromium-browser (100.0.4896.88-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 100.0.4896.88
    - CVE-2022-1305: Use after free in storage.
    - CVE-2022-1306: Inappropriate implementation in compositing.
    - CVE-2022-1307: Inappropriate implementation in full screen.
    - CVE-2022-1308: Use after free in BFCache.
    - CVE-2022-1309: Insufficient policy enforcement in developer tools.
    - CVE-2022-1310: Use after free in regular expressions.
    - CVE-2022-1311: Use after free in Chrome OS shell.
    - CVE-2022-1312: Use after free in storage.
    - CVE-2022-1313: Use after free in tab groups.
    - CVE-2022-1314: Type Confusion in V8.

chromium-browser (100.0.4896.75-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 100.0.4896.75
    - CVE-2022-1232: Type Confusion in V8.

chromium-browser (100.0.4896.60-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 100.0.4896.60
    - CVE-2022-1125: Use after free in Portals.
    - CVE-2022-1127: Use after free in QR Code Generator.
    - CVE-2022-1128: Inappropriate implementation in Web Share API.
    - CVE-2022-1129: Inappropriate implementation in Full Screen Mode.
    - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP.
    - CVE-2022-1131: Use after free in Cast UI.
    - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard.
    - CVE-2022-1133: Use after free in WebRTC.
    - CVE-2022-1134: Type Confusion in V8.
    - CVE-2022-1135: Use after free in Shopping Cart.
    - CVE-2022-1136: Use after free in Tab Strip .
    - CVE-2022-1137: Inappropriate implementation in Extensions.
    - CVE-2022-1138: Inappropriate implementation in Web Cursor.
    - CVE-2022-1139: Inappropriate implementation in Background Fetch API.
    - CVE-2022-1141: Use after free in File Manager.
    - CVE-2022-1142: Heap buffer overflow in WebUI.
    - CVE-2022-1143: Heap buffer overflow in WebUI.
    - CVE-2022-1144: Use after free in WebUI.
    - CVE-2022-1145: Use after free in Extensions.
    - CVE-2022-1146: Inappropriate implementation in Resource Timing.
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: updated
  * debian/patches/ozone-no-xkb_keymap_key_get_mods_for_level.patch: added
  * debian/patches/partition-allocator-clang-name-confusion.patch: refreshed
  * debian/patches/partition-allocator-constexpr.patch: added
  * debian/patches/partition-allocator-constexpr2.patch: added
  * debian/patches/revert-sequence-checker-capability-name.patch: refreshed
  * debian/patches/sct-move-value.patch: added
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed

Date: 2022-04-15 07:17:11.751842+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list