lp:~chromium-team/chromium-browser/bionic-stable

Branch merges

Propose for merging

1 branch proposed for merging into this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1667208: Ubuntu's selenium hardcodes a path that is valid for Debian, but not for Ubuntu	Medium	Fix Released
Bug #1742653: chromium-browser 63+ packages 50+ MB of binaries only needed at build time	High	Fix Released
Bug #1768653: chromium 66 FTBFS on armhf	High	Fix Released
Bug #1771847: chromium-browser.svg icon is outdated	Low	Fix Released
Bug #1828192: Please stop build-depending on libgnome-keyring	Medium	Fix Released
Bug #1853149: 78.0.3904.108-1 released for stable channel; fixes CVEs	High	Fix Released
Bug #1913069: [regression] Start-up page is blank after upgrading to version 88	High	Fix Released
Bug #1919146: Missing runtime dependency on libx11-xcb1	High	Fix Released

Link a bug report

Related blueprints

1690. By Nathan Teodosio 15 hours ago

* Upstream release: 106.0.5249.91
  - CVE-2022-3370: Use after free in Custom Elements.
  - CVE-2022-3373: Out of bounds write in V8.
* debian/patches/build-with-old-libva-no-av1.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/build-no-invalid-constexpr-error.patch: refreshed
* debian/patches/fix-init-priority-max.patch: added

1689. By Nathan Teodosio on 2022-10-03

releasing package chromium-browser version 105.0.5195.102-0ubuntu0.18.04.1

1688. By Nathan Teodosio on 2022-09-13

* Upstream release: 105.0.5195.102
  - CVE-2022-3075: Insufficient data validation in Mojo.

1687. By Olivier Tilloy on 2022-08-30

releasing package chromium-browser version 105.0.5195.52-0ubuntu0.18.04.1

1686. By Olivier Tilloy on 2022-08-30

* Upstream release: 105.0.5195.52
  - CVE-2022-3038: Use after free in Network Service.
  - CVE-2022-3039: Use after free in WebSQL.
  - CVE-2022-3040: Use after free in Layout.
  - CVE-2022-3041: Use after free in WebSQL.
  - CVE-2022-3042: Use after free in PhoneHub.
  - CVE-2022-3043: Heap buffer overflow in Screen Capture.
  - CVE-2022-3044: Inappropriate implementation in Site Isolation.
  - CVE-2022-3045: Insufficient validation of untrusted input in V8.
  - CVE-2022-3046: Use after free in Browser Tag.
  - CVE-2022-3047: Insufficient policy enforcement in Extensions API.
  - CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen.
  - CVE-2022-3049: Use after free in SplitScreen.
  - CVE-2022-3050: Heap buffer overflow in WebUI.
  - CVE-2022-3051: Heap buffer overflow in Exosphere.
  - CVE-2022-3052: Heap buffer overflow in Window Manager.
  - CVE-2022-3053: Inappropriate implementation in Pointer Lock.
  - CVE-2022-3054: Insufficient policy enforcement in DevTools.
  - CVE-2022-3055: Use after free in Passwords.
  - CVE-2022-3056: Insufficient policy enforcement in Content Security Policy.
  - CVE-2022-3057: Inappropriate implementation in iframe Sandbox.
  - CVE-2022-3058: Use after free in Sign-In Flow.
* debian/patches/allow-building-on-x86.patch: refreshed
* debian/patches/blink-math-constexpr.patch: removed, no longer needed
* debian/patches/build-no-invalid-constexpr-error.patch: added
* debian/patches/build-with-old-libva-missing-defines.patch: refreshed
* debian/patches/build-with-old-libva-no-av1.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/linker-oom-armhf.patch: refreshed
* debian/patches/no-dirmd.patch: refreshed
* debian/patches/nodejs-fs-promises.patch: added
* debian/patches/partition-allocator-constexpr.patch: removed, no longer needed
* debian/patches/partition-allocator-constexpr2.patch: removed, no longer needed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: refreshed

1685. By Olivier Tilloy on 2022-08-17

releasing package chromium-browser version 104.0.5112.101-0ubuntu0.18.04.1

1684. By Olivier Tilloy on 2022-08-17

* Upstream release: 104.0.5112.101
  - CVE-2022-2852: Use after free in FedCM.
  - CVE-2022-2854: Use after free in SwiftShader.
  - CVE-2022-2855: Use after free in ANGLE.
  - CVE-2022-2857: Use after free in Blink.
  - CVE-2022-2858: Use after free in Sign-In Flow.
  - CVE-2022-2853: Heap buffer overflow in Downloads.
  - CVE-2022-2856: Insufficient validation of untrusted input in Intents.
  - CVE-2022-2859: Use after free in Chrome OS Shell.
  - CVE-2022-2860: Insufficient policy enforcement in Cookies.
  - CVE-2022-2861: Inappropriate implementation in Extensions API.

1683. By Olivier Tilloy on 2022-08-03

releasing package chromium-browser version 104.0.5112.79-0ubuntu0.18.04.1

1682. By Olivier Tilloy on 2022-08-03

* Upstream release: 104.0.5112.79
  - CVE-2022-2603: Use after free in Omnibox.
  - CVE-2022-2604: Use after free in Safe Browsing.
  - CVE-2022-2605: Out of bounds read in Dawn.
  - CVE-2022-2606: Use after free in Managed devices API.
  - CVE-2022-2607: Use after free in Tab Strip.
  - CVE-2022-2608: Use after free in Overview Mode.
  - CVE-2022-2609: Use after free in Nearby Share.
  - CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
  - CVE-2022-2611: Inappropriate implementation in Fullscreen API.
  - CVE-2022-2612: Side-channel information leakage in Keyboard input.
  - CVE-2022-2613: Use after free in Input.
  - CVE-2022-2614: Use after free in Sign-In Flow.
  - CVE-2022-2615: Insufficient policy enforcement in Cookies.
  - CVE-2022-2616: Inappropriate implementation in Extensions API.
  - CVE-2022-2617: Use after free in Extensions API.
  - CVE-2022-2618: Insufficient validation of untrusted input in Internals.
  - CVE-2022-2619: Insufficient validation of untrusted input in Settings.
  - CVE-2022-2620: Use after free in WebUI.
  - CVE-2022-2621: Use after free in Extensions.
  - CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing.
  - CVE-2022-2623: Use after free in Offline.
  - CVE-2022-2624: Heap buffer overflow in PDF.
* debian/patches/allow-building-on-x86.patch: refreshed
* debian/patches/blink-math-constexpr.patch: refreshed
* debian/patches/build-with-old-libva-missing-defines.patch: refreshed
* debian/patches/build-with-old-libva-no-av1.patch: refreshed
* debian/patches/mako-revert-importlib-use.patch: added
* debian/patches/partition-allocator-clang-name-confusion.patch: refreshed
* debian/patches/partition-allocator-constexpr.patch: refreshed
* debian/patches/qualify-ambiguous-name-lookup.patch: removed, no longer needed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed

1681. By Olivier Tilloy on 2022-07-20

releasing package chromium-browser version 103.0.5060.134-0ubuntu0.18.04.1