lp://staging/~chromium-team/chromium-browser/xenial-stable

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1667208: Ubuntu's selenium hardcodes a path that is valid for Debian, but not for Ubuntu	Medium	Fix Released
Bug #1697496: chromium 59.0.3071.86 crashes at startup on x86	Critical	Fix Released
Bug #1702407: Startup crash after upgrading to 59.0.3071.109 on trusty/xenial/yakkety	Critical	Fix Released
Bug #1718885: chromium 61 doesn't start in guest session	High	Fix Released
Bug #1742653: chromium-browser 63+ packages 50+ MB of binaries only needed at build time	High	Fix Released
Bug #1768653: chromium 66 FTBFS on armhf	High	Fix Released
Bug #1771847: chromium-browser.svg icon is outdated	Low	Fix Released
Bug #1828192: Please stop build-depending on libgnome-keyring	Medium	Fix Released
Bug #1853149: 78.0.3904.108-1 released for stable channel; fixes CVEs	High	Fix Released
Bug #1913069: [regression] Start-up page is blank after upgrading to version 88	High	Fix Released
Bug #1919146: Missing runtime dependency on libx11-xcb1	High	Fix Released

Link a bug report

Related blueprints

1544. By Olivier Tilloy on 2021-04-28

releasing package chromium-browser version 90.0.4430.93-0ubuntu0.16.04.1

1543. By Olivier Tilloy on 2021-04-28

* Upstream release: 90.0.4430.93
  - CVE-2021-21227: Insufficient data validation in V8.
  - CVE-2021-21232: Use after free in Dev Tools.
  - CVE-2021-21233: Heap buffer overflow in ANGLE.
  - CVE-2021-21228: Insufficient policy enforcement in extensions.
  - CVE-2021-21229: Incorrect security UI in downloads.
  - CVE-2021-21230: Type Confusion in V8.
  - CVE-2021-21231: Insufficient data validation in V8.

1542. By Olivier Tilloy on 2021-04-20

releasing package chromium-browser version 90.0.4430.85-0ubuntu0.16.04.1

1541. By Olivier Tilloy on 2021-04-20

* Upstream release: 90.0.4430.85
  - CVE-2021-21222: Heap buffer overflow in V8.
  - CVE-2021-21223: Integer overflow in Mojo.
  - CVE-2021-21224: Type Confusion in V8.
  - CVE-2021-21225: Out of bounds memory access in V8.
  - CVE-2021-21226: Use after free in navigation.

1540. By Olivier Tilloy on 2021-04-15

releasing package chromium-browser version 90.0.4430.72-0ubuntu0.16.04.1

1539. By Olivier Tilloy on 2021-04-15

* Upstream release: 90.0.4430.72
  - CVE-2021-21201: Use after free in permissions.
  - CVE-2021-21202: Use after free in extensions.
  - CVE-2021-21203: Use after free in Blink.
  - CVE-2021-21204: Use after free in Blink.
  - CVE-2021-21205: Insufficient policy enforcement in navigation.
  - CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
  - CVE-2021-21207: Use after free in IndexedDB.
  - CVE-2021-21208: Insufficient data validation in QR scanner.
  - CVE-2021-21209: Inappropriate implementation in storage.
  - CVE-2021-21210: Inappropriate implementation in Network.
  - CVE-2021-21211: Inappropriate implementation in Navigation.
  - CVE-2021-21212: Incorrect security UI in Network Config UI.
  - CVE-2021-21213: Use after free in WebMIDI.
  - CVE-2021-21214: Use after free in Network API.
  - CVE-2021-21215: Inappropriate implementation in Autofill.
  - CVE-2021-21216: Inappropriate implementation in Autofill.
  - CVE-2021-21217: Uninitialized Use in PDFium.
  - CVE-2021-21218: Uninitialized Use in PDFium.
  - CVE-2021-21219: Uninitialized Use in PDFium.
* debian/patches/blink-animation-old-clang-compatibility.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: removed, no longer needed
* debian/patches/evdev-undefined-switch.patch: added
* debian/patches/fix-c++17ism.patch: refreshed
* debian/patches/gtk-symbols-conditional.patch: refreshed
* debian/patches/import-missing-fcntl-defines.patch: updated
* debian/patches/libaom-armhf-build-cpudetect.patch: added
* debian/patches/revert-getrandom.patch: refreshed
* debian/patches/revert-sequence-checker-capability-name.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/wayland-scanner-add-missing-include.patch: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
* debian/patches/widevine-other-locations: refreshed

1538. By Olivier Tilloy on 2021-04-14

releasing package chromium-browser version 89.0.4389.128-0ubuntu0.16.04.1

1537. By Olivier Tilloy on 2021-04-14

* Upstream release: 89.0.4389.128
  - CVE-2021-21206: Use after free in Blink.
  - CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64.

1536. By Olivier Tilloy on 2021-03-31

releasing package chromium-browser version 89.0.4389.114-0ubuntu0.16.04.1

1535. By Olivier Tilloy on 2021-03-31

* Upstream release: 89.0.4389.114
  - CVE-2021-21194: Use after free in screen capture.
  - CVE-2021-21195: Use after free in V8.
  - CVE-2021-21196: Heap buffer overflow in TabStrip.
  - CVE-2021-21197: Heap buffer overflow in TabStrip.
  - CVE-2021-21198: Out of bounds read in IPC.
  - CVE-2021-21199: Use Use after free in Aura.