[ubuntu/bionic-security] chromium-browser 104.0.5112.101-0ubuntu0.18.04.1 (Accepted)

Chris Coulson chris.coulson at canonical.com
Wed Aug 24 19:27:49 UTC 2022 

chromium-browser (104.0.5112.101-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 104.0.5112.101
    - CVE-2022-2852: Use after free in FedCM.
    - CVE-2022-2854: Use after free in SwiftShader.
    - CVE-2022-2855: Use after free in ANGLE.
    - CVE-2022-2857: Use after free in Blink.
    - CVE-2022-2858: Use after free in Sign-In Flow.
    - CVE-2022-2853: Heap buffer overflow in Downloads.
    - CVE-2022-2856: Insufficient validation of untrusted input in Intents.
    - CVE-2022-2859: Use after free in Chrome OS Shell.
    - CVE-2022-2860: Insufficient policy enforcement in Cookies.
    - CVE-2022-2861: Inappropriate implementation in Extensions API.

chromium-browser (104.0.5112.79-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 104.0.5112.79
    - CVE-2022-2603: Use after free in Omnibox.
    - CVE-2022-2604: Use after free in Safe Browsing.
    - CVE-2022-2605: Out of bounds read in Dawn.
    - CVE-2022-2606: Use after free in Managed devices API.
    - CVE-2022-2607: Use after free in Tab Strip.
    - CVE-2022-2608: Use after free in Overview Mode.
    - CVE-2022-2609: Use after free in Nearby Share.
    - CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
    - CVE-2022-2611: Inappropriate implementation in Fullscreen API.
    - CVE-2022-2612: Side-channel information leakage in Keyboard input.
    - CVE-2022-2613: Use after free in Input.
    - CVE-2022-2614: Use after free in Sign-In Flow.
    - CVE-2022-2615: Insufficient policy enforcement in Cookies.
    - CVE-2022-2616: Inappropriate implementation in Extensions API.
    - CVE-2022-2617: Use after free in Extensions API.
    - CVE-2022-2618: Insufficient validation of untrusted input in Internals.
    - CVE-2022-2619: Insufficient validation of untrusted input in Settings.
    - CVE-2022-2620: Use after free in WebUI.
    - CVE-2022-2621: Use after free in Extensions.
    - CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing.
    - CVE-2022-2623: Use after free in Offline.
    - CVE-2022-2624: Heap buffer overflow in PDF.
  * debian/patches/allow-building-on-x86.patch: refreshed
  * debian/patches/blink-math-constexpr.patch: refreshed
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: refreshed
  * debian/patches/mako-revert-importlib-use.patch: added
  * debian/patches/partition-allocator-clang-name-confusion.patch: refreshed
  * debian/patches/partition-allocator-constexpr.patch: refreshed
  * debian/patches/qualify-ambiguous-name-lookup.patch: removed, no longer
    needed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed

Date: 2022-08-17 07:37:09.180220+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/104.0.5112.101-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list