This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.13.10.2
--------------- chromium-browser (30.0.1599.114-0ubuntu0.13.10.2) saucy-security; urgency=low * Test the compiler for "-m32" support as the canonical test of support. Only a problem on ARM. chromium-browser (30.0.1599.114-0ubuntu0.13.10.1) saucy-updates; urgency=low * New release 30.0.1599.114. * New release 30.0.1599.101: - CVE-2013-2925: Use after free in XHR. - CVE-2013-2926: Use after free in editing. - CVE-2013-2927: Use after free in forms. * New release 29.0.1547.76. * New release 30.0.1599.66: - CVE-2013-2906: Races in Web Audio. - CVE-2013-2907: Out of bounds read in Window.prototype object. - CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2909: Use after free in inline-block rendering. - CVE-2013-2910: Use-after-free in Web Audio. - CVE-2013-2911: Use-after-free in XSLT. - CVE-2013-2912: Use-after-free in PPAPI. - CVE-2013-2913: Use-after-free in XML document parsing. - CVE-2013-2914: Use after free in the Windows color chooser dialog. - CVE-2013-2915: Address bar spoofing via a malformed scheme. - CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2917: Out of bounds read in Web Audio. - CVE-2013-2918: Use-after-free in DOM. - CVE-2013-2919: Memory corruption in V8. - CVE-2013-2920: Out of bounds read in URL parsing. - CVE-2013-2921: Use-after-free in resource loader. - CVE-2013-2922: Use-after-free in template element. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - CVE-2013-2924: Use-after-free in ICU. * debian/tests/...: Make first real tests using sikuli. Probably quite fragile on changes to upstream. (LP: #1222895) * debian/patches/4-chromeless-window-launch-option.patch: Make new windows use their own state instead of checking the parameters of the instance that started all processes for whether a window has chrome or not. (LP: #1223855) * Update autopkgtest tests. * debian/patches/series: Drop comment references to old patches. Remove files. * debian/rules: Don't build 'reliability_tests' any more. It's deprecated upstream and we don't use it anyway. * debian/rules: debian/chromium-browser.install: Handle sandbox compilation configuration changes by stopping our special handling and using the default, and "you have to change the underscore from the build target into a hyphen". * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out. (LP: #1226143) * debian/testing/driver: Cheap run test to make sure chromedriver runs. (LP: #1226143) * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that caused extensions to fail. (LP: #1232575) * debian/rules: Use runtime linker for all architectures, not just 64-bit. Component builds everywhere, now. More than 4GB is too much to expect. * debian/rules: clean up packaging comparison code. -- Chad MILLER <chad.mil...@canonical.com> Sun, 27 Oct 2013 13:08:11 -0400 ** Changed in: chromium-browser (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2906 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2907 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2908 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2909 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2910 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2911 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2912 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2913 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2914 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2915 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2916 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2917 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2918 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2919 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2920 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2921 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2922 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2923 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2924 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2925 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2926 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2927 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1232575 Title: chrome.extension not available when called from extension scripts in Chromium but works on Chrome Status in Chromium Browser: Unknown Status in “chromium-browser” package in Ubuntu: Fix Released Bug description: When I updated to 13.10 and Chromium 29.0.1547.65-0ubuntu2, a few extensions stopped working properly. The easiest to reproduce is Reddit Enhancement Suite 4.3.0.1, it immediately fails on loading the extension with this error: chrome.extension is not available: 'extension' is not allowed for specified context type content script, extension page, web page, etc.). [VM] binding (22):427 Following from anywhere that called chrome.extension.sendMessage or chrome.extension.onMessage in the extension. Chromium's own bug tracker says this usage is deprecated (replaced by chrome.runtime namespace which does work) but testing against Chrome 29.0.1547.76 on the stable channel, the older namespace works correctly with the extensions. chromium-browser: Installed: 29.0.1547.65-0ubuntu2 Candidate: 29.0.1547.65-0ubuntu2 Version table: *** 29.0.1547.65-0ubuntu2 0 500 http://mirrors.cat.pdx.edu/ubuntu/ saucy/universe amd64 Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/chromium-browser/+bug/1232575/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp