[ubuntu/bionic-security] chromium-browser 97.0.4692.71-0ubuntu0.18.04.1 (Accepted)

Chris Coulson chris.coulson at canonical.com
Fri Jan 14 14:00:59 UTC 2022


chromium-browser (97.0.4692.71-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 97.0.4692.71
    - CVE-2022-0096: Use after free in Storage.
    - CVE-2022-0097: Inappropriate implementation in DevTools.
    - CVE-2022-0098: Use after free in Screen Capture.
    - CVE-2022-0099: Use after free in Sign-in.
    - CVE-2022-0100: Heap buffer overflow in Media streams API.
    - CVE-2022-0101: Heap buffer overflow in Bookmarks.
    - CVE-2022-0102: Type Confusion in V8.
    - CVE-2022-0103: Use after free in SwiftShader.
    - CVE-2022-0104: Heap buffer overflow in ANGLE.
    - CVE-2022-0105: Use after free in PDF.
    - CVE-2022-0106: Use after free in Autofill.
    - CVE-2022-0107: Use after free in File Manager API.
    - CVE-2022-0108: Inappropriate implementation in Navigation.
    - CVE-2022-0109: Inappropriate implementation in Autofill.
    - CVE-2022-0110: Incorrect security UI in Autofill.
    - CVE-2022-0111: Inappropriate implementation in Navigation.
    - CVE-2022-0112: Incorrect security UI in Browser UI.
    - CVE-2022-0113: Inappropriate implementation in Blink.
    - CVE-2022-0114: Out of bounds memory access in Web Serial.
    - CVE-2022-0115: Uninitialized Use in File API.
    - CVE-2022-0116: Inappropriate implementation in Compositing.
    - CVE-2022-0117: Policy bypass in Service Workers.
    - CVE-2022-0118: Inappropriate implementation in WebShare.
    - CVE-2022-0120: Inappropriate implementation in Passwords.
  * debian/patches/blink-math-constexpr.patch: added
  * debian/patches/blink-math-constexpr2.patch: added
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/use-clang-versioned.patch: updated
  * debian/patches/widevine-other-locations: refreshed

chromium-browser (96.0.4664.110-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 96.0.4664.110
    - CVE-2021-4098: Insufficient data validation in Mojo.
    - CVE-2021-4099: Use after free in Swiftshader.
    - CVE-2021-4100: Object lifecycle issue in ANGLE.
    - CVE-2021-4101: Heap buffer overflow in Swiftshader.
    - CVE-2021-4102: Use after free in V8.

chromium-browser (96.0.4664.93-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 96.0.4664.93
    - CVE-2021-4052: Use after free in web apps.
    - CVE-2021-4053: Use after free in UI.
    - CVE-2021-4054: Incorrect security UI in autofill.
    - CVE-2021-4055: Heap buffer overflow in extensions.
    - CVE-2021-4056: Type Confusion in loader.
    - CVE-2021-4057: Use after free in file API.
    - CVE-2021-4058: Heap buffer overflow in ANGLE.
    - CVE-2021-4059: Insufficient data validation in loader.
    - CVE-2021-4061: Type Confusion in V8.
    - CVE-2021-4062: Heap buffer overflow in BFCache.
    - CVE-2021-4063: Use after free in developer tools.
    - CVE-2021-4064: Use after free in screen capture.
    - CVE-2021-4065: Use after free in autofill.
    - CVE-2021-4066: Integer underflow in ANGLE.
    - CVE-2021-4067: Use after free in window manager.
    - CVE-2021-4068: Insufficient validation of untrusted input in new tab page.

chromium-browser (96.0.4664.45-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 96.0.4664.45
    - CVE-2021-38007: Type Confusion in V8.
    - CVE-2021-38008: Use after free in media.
    - CVE-2021-38009: Inappropriate implementation in cache.
    - CVE-2021-38006: Use after free in storage foundation.
    - CVE-2021-38005: Use after free in loader.
    - CVE-2021-38010: Inappropriate implementation in service workers.
    - CVE-2021-38011: Use after free in storage foundation.
    - CVE-2021-38012: Type Confusion in V8.
    - CVE-2021-38013: Heap buffer overflow in fingerprint recognition.
    - CVE-2021-38014: Out of bounds write in Swiftshader.
    - CVE-2021-38015: Inappropriate implementation in input.
    - CVE-2021-38016: Insufficient policy enforcement in background fetch.
    - CVE-2021-38017: Insufficient policy enforcement in iframe sandbox.
    - CVE-2021-38018: Inappropriate implementation in navigation.
    - CVE-2021-38019: Insufficient policy enforcement in CORS.
    - CVE-2021-38020: Insufficient policy enforcement in contacts picker.
    - CVE-2021-38021: Inappropriate implementation in referrer.
    - CVE-2021-38022: Inappropriate implementation in WebAuthentication.
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: refreshed
  * debian/patches/libaom-armhf-build-cpudetect.patch: refreshed
  * debian/patches/no-dirmd.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

Date: 2022-01-07 22:01:10.516157+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/97.0.4692.71-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list