lp:~chromium-team/chromium-browser/bionic-stable

Branch merges

1 branch proposed for merging into this one.

Propose for merging

Related source package recipes

1 recipe using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1667208: Ubuntu's selenium hardcodes a path that is valid for Debian, but not for Ubuntu	Medium	Fix Released
Bug #1742653: chromium-browser 63+ packages 50+ MB of binaries only needed at build time	High	Fix Released
Bug #1768653: chromium 66 FTBFS on armhf	High	Fix Released
Bug #1771847: chromium-browser.svg icon is outdated	Low	Fix Released

Link a bug report

Related blueprints

1497. By Olivier Tilloy on 2019-10-11

releasing package chromium-browser version 77.0.3865.120-0ubuntu0.18.04.1

1496. By Olivier Tilloy on 2019-10-11

* Upstream release: 77.0.3865.120
  - CVE-2019-13693: Use-after-free in IndexedDB.
  - CVE-2019-13694: Use-after-free in WebRTC.
  - CVE-2019-13695: Use-after-free in audio.
  - CVE-2019-13696: Use-after-free in V8.
  - CVE-2019-13697: Cross-origin size leak.

1495. By Olivier Tilloy on 2019-09-20

releasing package chromium-browser version 77.0.3865.90-0ubuntu0.18.04.1

1494. By Olivier Tilloy on 2019-09-20

* Upstream release: 77.0.3865.90
  - CVE-2019-13685: Use-after-free in UI.
  - CVE-2019-13688: Use-after-free in media.
  - CVE-2019-13687: Use-after-free in media.
  - CVE-2019-13686: Use-after-free in offline pages.

1493. By Olivier Tilloy on 2019-09-10

releasing package chromium-browser version 77.0.3865.75-0ubuntu0.18.04.1

1492. By Olivier Tilloy on 2019-09-10

* Upstream release: 77.0.3865.75
  - CVE-2019-5870: Use-after-free in media.
  - CVE-2019-5871: Heap overflow in Skia.
  - CVE-2019-5872: Use-after-free in Mojo.
  - CVE-2019-5873: URL bar spoofing on iOS.
  - CVE-2019-5874: External URIs may trigger other browsers.
  - CVE-2019-5875: URL bar spoof via download redirect.
  - CVE-2019-5876: Use-after-free in media.
  - CVE-2019-5877: Out-of-bounds access in V8.
  - CVE-2019-5878: Use-after-free in V8.
  - CVE-2019-5879: Extension can bypass same origin policy.
  - CVE-2019-5880: SameSite cookie bypass.
  - CVE-2019-5881: Arbitrary read in SwiftShader.
  - CVE-2019-13659: URL spoof.
  - CVE-2019-13660: Full screen notification overlap.
  - CVE-2019-13661: Full screen notification spoof.
  - CVE-2019-13662: CSP bypass.
  - CVE-2019-13663: IDN spoof.
  - CVE-2019-13664: CSRF bypass.
  - CVE-2019-13665: Multiple file download protection bypass.
  - CVE-2019-13666: Side channel using storage size estimate.
  - CVE-2019-13667: URI bar spoof when using external app URIs.
  - CVE-2019-13668: Global window leak via console.
  - CVE-2019-13669: HTTP authentication spoof.
  - CVE-2019-13670: V8 memory corruption in regex.
  - CVE-2019-13671: Dialog box fails to show origin.
  - CVE-2019-13673: Cross-origin information leak using devtools.
  - CVE-2019-13674: IDN spoofing.
  - CVE-2019-13675: Extensions can be disabled by trailing slash.
  - CVE-2019-13676: Google URI shown for certificate warning.
  - CVE-2019-13677: Chrome web store origin needs to be isolated.
  - CVE-2019-13678: Download dialog spoofing.
  - CVE-2019-13679: User gesture needed for printing.
  - CVE-2019-13680: IP address spoofing to servers.
  - CVE-2019-13681: Bypass on download restrictions.
  - CVE-2019-13682: Site isolation bypass.
  - CVE-2019-13683: Exceptions leaked by devtools.
* debian/patches/add-missing-cstddef-include.patch: refreshed
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/upstream-fix-blink-build-iterators.patch: removed, no longer needed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed

1491. By Olivier Tilloy on 2019-08-26

releasing package chromium-browser version 76.0.3809.132-0ubuntu0.18.04.1

1490. By Olivier Tilloy on 2019-08-26

* Upstream release: 76.0.3809.132
  - CVE-2019-5869: Use-after-free in Blink.

1489. By Olivier Tilloy on 2019-08-10

releasing package chromium-browser version 76.0.3809.100-0ubuntu0.18.04.1

1488. By Olivier Tilloy on 2019-08-10

* Upstream release: 76.0.3809.100
  - CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction.
  - CVE-2019-5867: Out-of-bounds read in V8.