This bug was fixed in the package chromium-browser - 68.0.3440.75-0ubuntu1 --------------- chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium
* Upstream release: 68.0.3440.75 - CVE-2018-6153: Stack buffer overflow in Skia. - CVE-2018-6154: Heap buffer overflow in WebGL. - CVE-2018-6155: Use after free in WebRTC. - CVE-2018-6156: Heap buffer overflow in WebRTC. - CVE-2018-6157: Type confusion in WebRTC. - CVE-2018-6158: Use after free in Blink. - CVE-2018-6159: Same origin policy bypass in ServiceWorker. - CVE-2018-6160: URL spoof in Chrome on iOS. - CVE-2018-6161: Same origin policy bypass in WebAudio. - CVE-2018-6162: Heap buffer overflow in WebGL. - CVE-2018-6163: URL spoof in Omnibox. - CVE-2018-6164: Same origin policy bypass in ServiceWorker. - CVE-2018-6165: URL spoof in Omnibox. - CVE-2018-6166: URL spoof in Omnibox. - CVE-2018-6167: URL spoof in Omnibox. - CVE-2018-6168: CORS bypass in Blink. - CVE-2018-6169: Permissions bypass in extension installation. - CVE-2018-6170: Type confusion in PDFium. - CVE-2018-6171: Use after free in WebBluetooth. - CVE-2018-6172: URL spoof in Omnibox. - CVE-2018-6173: URL spoof in Omnibox. - CVE-2018-6174: Integer overflow in SwiftShader. - CVE-2018-6175: URL spoof in Omnibox. - CVE-2018-6176: Local user privilege escalation in Extensions. - CVE-2018-6177: Cross origin information leak in Blink. - CVE-2018-6178: UI spoof in Extensions. - CVE-2018-6179: Local file information leak in Extensions. - CVE-2018-6044: Request privilege escalation in Extensions. - CVE-2018-4117: Cross origin information leak in Blink. * debian/rules: - remove enable_webrtc build flag - make ninja less verbose to reduce build log size * debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3 (LP: #1772448) * debian/patches/add-missing-base-namespace.patch: added * debian/patches/chromium_useragent.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed * debian/patches/fix-extra-arflags.patch: updated * debian/patches/fix-ffmpeg-ia32-build.patch: updated * debian/patches/last-commit-position: refreshed * debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/touch-v35: refreshed * debian/known_gn_gen_args-*: remove enable_webrtc build flag -- Olivier Tilloy <olivier.til...@canonical.com> Wed, 25 Jul 2018 09:22:28 +0200 ** Changed in: chromium-browser (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-4117 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6044 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6153 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6154 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6155 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6156 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6157 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6158 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6159 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6160 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6161 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6162 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6163 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6164 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6165 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6166 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6167 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6168 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6169 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6170 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6171 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6172 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6173 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6174 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6175 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6176 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6177 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6178 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6179 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772448 Title: launcher script runs Python 2 despite checking for /usr/bin/python3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1772448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs