All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "chromium-browser"

This package belongs to a PPA: Ubuntu Chromium Daily Builds

Name: chromium-browser

Description:

Chromium browser
Chromium is an open-source browser project that aims to build a safer, faster,
and more stable way for all Internet users to experience the web.

Chromium serves as a base for Google Chrome, which is Chromium rebranded (name
and logo) with very few additions such as usage tracking and an auto-updater
system.

This package contains the Chromium browser
Latest version: 18.0.1025.151~r130497-0ubuntu0.10.04.1
Release: lucid (10.04)
Level: base
Repository: main

Links

Save this URL for the latest version of "chromium-browser": http://www.ubuntuupdates.org/chromium-browser

All versions of this package Bug fixes
Repository home page for package

Download "chromium-browser"

32-bit deb package 64-bit deb package APT INSTALL

Other versions of "chromium-browser" in Lucid

RepositoryAreaVersion
base universe 5.0.342.9~r43360-0ubuntu2
security universe 25.0.1364.160-0ubuntu0.10.04.1
updates universe 25.0.1364.160-0ubuntu0.10.04.1
PPA: Chromium Stable Channel 18.0.1025.168~r134367-0ubuntu0.10.04.1

Packages in group

Deleted packages are displayed in grey.

chromium-browser-breakpadsymbols chromium-browser-dbg chromium-browser-inspector chromium-browser-l10n chromium-codecs-ffmpeg
chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-codecs-ffmpeg-nonfree chromium-codecs-ffmpeg-nonfree-dbg

Change Log

Version: 18.0.1025.151~r130497-0ubuntu0.10.04.1 2012-04-10 05:08:07 UTC

 chromium-browser (18.0.1025.151~r130497-0ubuntu0.10.04.1) lucid-security; urgency=low
 .
   * New upstream release from the Stable Channel (LP: #977502)
     - black screen on Hybrid Graphics system with GPU accelerated compositing
       enabled (Issue: 117371)
     - CSS not applied to element (Issue: 114667)
     - Regression rendering a div with background gradient and borders
       (Issue: 113726)
     - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
     - Multiple crashes (Issues: 72235, 116825 and 92998)
     - Pop-up dialog is at wrong position (Issue: 116045)
     - HTML Canvas patterns are broken if you change the transformation matrix
       (Issue: 112165)
     - SSL interstitial error "proceed anyway" / "back to safety" buttons don't
       work (Issue: 119252)
     This release fixes the following security issues:
     - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
       Credit to miaubiz.
     - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
       Sergey Glazunov.
     - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
       miaubiz.
     - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
       to miaubiz.
     - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
       Google Chrome Security Team (SkyLined).
     - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
       to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
     - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
       window. Credit to Sergey Glazunov.
     - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
       Credit to Arthur Gerkis.
     - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
       to Sławomir Błażek.
     - [119525] High CVE-2011-3075: Use-after-free applying style command.
       Credit to miaubiz.
     - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
       miaubiz.
     - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
       to Google Chrome Security Team (Inferno).
 .
 chromium-browser (18.0.1025.142~r129054-0ubuntu0.10.04.1) lucid-security; urgency=low
 .
   * New upstream release from the Stable Channel (LP: #968901)
     This release fixes the following security issues:
     - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
       EUC-JP. Credit to Masato Kinugawa.
     - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
       Credit to Arthur Gerkis.
     - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
       handling. Credit to miaubiz.
     - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
       Credit to Leonidas Kontothanassis of Google.
     - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
       Mateusz Jurczyk of the Google Security Team.
     - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
       more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
       scarybeasts (Google Chrome Security Team).
     - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
       Atte Kettunen of OUSPG.
     - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
     - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
       Holler.
 .
   * Add build dependency on libudev-dev to allow for gamepad detection; see
     http://code.google.com/p/chromium/issues/detail?id=79050
     - update debian/control
   * Drop dlopen_libgnutls patch as it's been implemented upstream
      - drop debian/patches/dlopen_libgnutls.patch
      - update debian/patches/series
   * Start removing *.so and *.so.* from the upstream tarball creation
     - update debian/rules
   * Strip almost the entire third_party/openssl directory as it's needed only
     on android, but is used by the build system
     - update debian/rules
   * Use tar's --exclude-vcs flag instead of just excluding .svn
     - update debian/rules
 .
 chromium-browser (17.0.963.83~r127885-0ubuntu0.10.04.1) lucid-security; urgency=low
 .
   * New upstream release from the Stable Channel (LP: #961831)
     This release fixes the following security issues:
     - [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
       Credit to miaubiz.
     - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
       to Glenn Randers-Pehrson of the libpng project.
     - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
       Credit to Arthur Gerkis.
     - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
       Credit to Ben Vanik of Google.
     - [116746] High CVE-2011-3053: Use-after-free in block splitting.
       Credit to miaubiz.
     - [117418] Low CVE-2011-3054: Apply additional isolations to webui
       privileges. Credit to Sergey Glazunov.
     - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
       extension installation. Credit to PinkiePie.
     - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
       Credit to Sergey Glazunov.
     - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
       Holler.

Source diff to previous version
977502 Please update to 18.0.1025.151
968901 Please update to 18.0.1025.142
961831 Update to 17.0.963.83
CVE-2011-3066 Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (o
CVE-2011-3067 Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
CVE-2011-3068 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause
CVE-2011-3069 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause
CVE-2011-3070 Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified o
CVE-2011-3071 Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of
CVE-2011-3072 Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
CVE-2011-3073 Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified o
CVE-2011-3074 Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified o
CVE-2011-3075 Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified o
CVE-2011-3076 Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified o
CVE-2011-3077 Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified o
CVE-2011-3058 Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scrip
CVE-2011-3059 Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-boun
CVE-2011-3060 Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds
CVE-2011-3061 Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attacker
CVE-2011-3062 Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have
CVE-2011-3063 Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vecto
CVE-2011-3064 Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified o
CVE-2011-3065 Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspeci
CVE-2011-3057 RESERVED
CVE-2011-3050 RESERVED
CVE-2011-3045 RESERVED
CVE-2011-3051 RESERVED
CVE-2011-3052 RESERVED
CVE-2011-3053 RESERVED
CVE-2011-3054 RESERVED
CVE-2011-3055 RESERVED
CVE-2011-3056 RESERVED

Version: 18.0.996.0~svn20120104r116287-0ubuntu1~ucd1~lucid 2012-01-04 10:06:50 UTC

 chromium-browser (18.0.996.0~svn20120104r116287-0ubuntu1~ucd1~lucid) lucid; urgency=low
 .
   [ Fabien Tassin ]
   * Disable NaCl until we figure out what to do with the private toolchain
     - update debian/rules
   * Add python-simplejson & libelf-dev to Build-depends. This is needed by NaCl
     even with NaCl disabled, so this is a temporary workaround to unbreak the
     build, it must be fixed upstream
     - update debian/control
   * Enable libjpeg-turbo on ARM
     - update debian/rules
   * Add libpulse-dev to Build-Depends, needed for WebRTC
     - update debian/control
   * Drop the cups 1.5.0 build fix, now committed upstream
      - remove debian/patches/cups_1.5_build_fix.patch
      - update debian/patches/series
   * Drop the HTML5 video patch, now committed upstream
     - remove debian/patches/html5-codecs-fix.patch
     - update debian/patches/series
   * Rename ui/base/strings/app_strings.grd to ui_strings.grd following
     the upstream rename, and add a mapping flag to the grit converter
     - update debian/rules
   * Do not install the pseudo_locales files in the debs
     - update debian/rules
   * Build with the default gcc-4.6 on Oneiric
     - update debian/control
     - update debian/rules
 .
   [ Chris Coulson ]
   * Refresh patches
     - update debian/patches/chromium_useragent.patch.in
   * Don't depend on cdbs being installed to create a tarball
     - update debian/rules
     - update debian/cdbs/tarball.mk
   * resources.pak is missing. Just install all pak files
     - update debian/chromium-browser.install
   * Fix glib includes when building with the new glib in precise
     - add debian/patches/fix_glib_includes.patch
     - update debian/patches/series
 .
   [ Brandon Snider ]
   * Refresh patch
     - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
   * Remove resources.pak from install file since it's not built anymore
     - update debian/chromium-browser.install
 .
   [ Micah Gersten ]
   * Drop Pre-Depends: lzma since from Lucid on dpkg has support for lzma debs
     - update debian/control

Source diff to previous version

Version: 18.0.993.0~svn20120101r116078-0ubuntu1~ucd1~lucid 2012-01-01 10:08:29 UTC

 chromium-browser (18.0.993.0~svn20120101r116078-0ubuntu1~ucd1~lucid) lucid; urgency=low
 .
   [ Fabien Tassin ]
   * Disable NaCl until we figure out what to do with the private toolchain
     - update debian/rules
   * Add python-simplejson & libelf-dev to Build-depends. This is needed by NaCl
     even with NaCl disabled, so this is a temporary workaround to unbreak the
     build, it must be fixed upstream
     - update debian/control
   * Enable libjpeg-turbo on ARM
     - update debian/rules
   * Add libpulse-dev to Build-Depends, needed for WebRTC
     - update debian/control
   * Drop the cups 1.5.0 build fix, now committed upstream
      - remove debian/patches/cups_1.5_build_fix.patch
      - update debian/patches/series
   * Drop the HTML5 video patch, now committed upstream
     - remove debian/patches/html5-codecs-fix.patch
     - update debian/patches/series
   * Rename ui/base/strings/app_strings.grd to ui_strings.grd following
     the upstream rename, and add a mapping flag to the grit converter
     - update debian/rules
   * Do not install the pseudo_locales files in the debs
     - update debian/rules
   * Build with the default gcc-4.6 on Oneiric
     - update debian/control
     - update debian/rules
 .
   [ Chris Coulson ]
   * Refresh patches
     - update debian/patches/chromium_useragent.patch.in
   * Don't depend on cdbs being installed to create a tarball
     - update debian/rules
     - update debian/cdbs/tarball.mk
   * resources.pak is missing. Just install all pak files
     - update debian/chromium-browser.install
   * Fix glib includes when building with the new glib in precise
     - add debian/patches/fix_glib_includes.patch
     - update debian/patches/series
 .
   [ Brandon Snider ]
   * Refresh patch
     - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
   * Remove resources.pak from install file since it's not built anymore
     - update debian/chromium-browser.install
 .
   [ Micah Gersten ]
   * Drop Pre-Depends: lzma since from Lucid on dpkg has support for lzma debs
     - update debian/control

Source diff to previous version

Version: 18.0.986.0~svn20111228r115871-0ubuntu1~ucd1~lucid 2011-12-28 10:10:38 UTC

 chromium-browser (18.0.986.0~svn20111228r115871-0ubuntu1~ucd1~lucid) lucid; urgency=low
 .
   [ Fabien Tassin ]
   * Disable NaCl until we figure out what to do with the private toolchain
     - update debian/rules
   * Add python-simplejson & libelf-dev to Build-depends. This is needed by NaCl
     even with NaCl disabled, so this is a temporary workaround to unbreak the
     build, it must be fixed upstream
     - update debian/control
   * Enable libjpeg-turbo on ARM
     - update debian/rules
   * Add libpulse-dev to Build-Depends, needed for WebRTC
     - update debian/control
   * Drop the cups 1.5.0 build fix, now committed upstream
      - remove debian/patches/cups_1.5_build_fix.patch
      - update debian/patches/series
   * Drop the HTML5 video patch, now committed upstream
     - remove debian/patches/html5-codecs-fix.patch
     - update debian/patches/series
   * Rename ui/base/strings/app_strings.grd to ui_strings.grd following
     the upstream rename, and add a mapping flag to the grit converter
     - update debian/rules
   * Do not install the pseudo_locales files in the debs
     - update debian/rules
   * Build with the default gcc-4.6 on Oneiric
     - update debian/control
     - update debian/rules
 .
   [ Chris Coulson ]
   * Refresh patches
     - update debian/patches/chromium_useragent.patch.in
   * Don't depend on cdbs being installed to create a tarball
     - update debian/rules
     - update debian/cdbs/tarball.mk
   * resources.pak is missing. Just install all pak files
     - update debian/chromium-browser.install
   * Fix glib includes when building with the new glib in precise
     - add debian/patches/fix_glib_includes.patch
     - update debian/patches/series
 .
   [ Brandon Snider ]
   * Refresh patch
     - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
   * Remove resources.pak from install file since it's not built anymore
     - update debian/chromium-browser.install
 .
   [ Micah Gersten ]
   * Drop Pre-Depends: lzma since from Lucid on dpkg has support for lzma debs
     - update debian/control

Source diff to previous version

Version: 18.0.983.0~svn20111225r115768-0ubuntu1~ucd1~lucid 2011-12-25 10:09:14 UTC

 chromium-browser (18.0.983.0~svn20111225r115768-0ubuntu1~ucd1~lucid) lucid; urgency=low
 .
   [ Fabien Tassin ]
   * Disable NaCl until we figure out what to do with the private toolchain
     - update debian/rules
   * Add python-simplejson & libelf-dev to Build-depends. This is needed by NaCl
     even with NaCl disabled, so this is a temporary workaround to unbreak the
     build, it must be fixed upstream
     - update debian/control
   * Enable libjpeg-turbo on ARM
     - update debian/rules
   * Add libpulse-dev to Build-Depends, needed for WebRTC
     - update debian/control
   * Drop the cups 1.5.0 build fix, now committed upstream
      - remove debian/patches/cups_1.5_build_fix.patch
      - update debian/patches/series
   * Drop the HTML5 video patch, now committed upstream
     - remove debian/patches/html5-codecs-fix.patch
     - update debian/patches/series
   * Rename ui/base/strings/app_strings.grd to ui_strings.grd following
     the upstream rename, and add a mapping flag to the grit converter
     - update debian/rules
   * Do not install the pseudo_locales files in the debs
     - update debian/rules
   * Build with the default gcc-4.6 on Oneiric
     - update debian/control
     - update debian/rules
 .
   [ Chris Coulson ]
   * Refresh patches
     - update debian/patches/chromium_useragent.patch.in
   * Don't depend on cdbs being installed to create a tarball
     - update debian/rules
     - update debian/cdbs/tarball.mk
   * resources.pak is missing. Just install all pak files
     - update debian/chromium-browser.install
   * Fix glib includes when building with the new glib in precise
     - add debian/patches/fix_glib_includes.patch
     - update debian/patches/series
 .
   [ Brandon Snider ]
   * Refresh patch
     - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
   * Remove resources.pak from install file since it's not built anymore
     - update debian/chromium-browser.install
 .
   [ Micah Gersten ]
   * Drop Pre-Depends: lzma since from Lucid on dpkg has support for lzma debs
     - update debian/control



About   -   Changelog   -   Send Feedback
Site Meter