Debian Package Tracker

general

source: chromium (main)
version: 76.0.3809.100-1
maintainer: Debian Chromium Team (DMD)
uploaders: Riku Voipio [DMD] – Michael Gilbert [DMD]
arch: all amd64 arm64 armhf i386
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-sec: 73.0.3683.75-1~deb9u1
stable: 73.0.3683.75-1
stable-sec: 76.0.3809.100-1~deb10u1
testing: 76.0.3809.100-1
unstable: 76.0.3809.100-1

versioned links

72.0.3626.122-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
73.0.3683.75-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
73.0.3683.75-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
76.0.3809.100-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
76.0.3809.100-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

chromium (37 bugs: 0, 12, 25, 0)
chromium-common
chromium-driver (1 bugs: 0, 1, 0, 0)
chromium-l10n
chromium-sandbox
chromium-shell

action needed

44 security issues in buster high

There are 44 open security issues in buster.

43 important issues:

CVE-2019-5874:
CVE-2019-13660:
CVE-2019-13661:
CVE-2019-13662:
CVE-2019-13663:
CVE-2019-13664:
CVE-2019-13665:
CVE-2019-13666:
CVE-2019-13667:
CVE-2019-13682:
CVE-2019-13683:
CVE-2019-13680:
CVE-2019-13681:
CVE-2019-13686:
CVE-2019-13687:
CVE-2019-13685:
CVE-2019-13688:
CVE-2019-13679:
CVE-2019-13678:
CVE-2019-13677:
CVE-2019-13676:
CVE-2019-13675:
CVE-2019-13674:
CVE-2019-13673:
CVE-2019-13671:
CVE-2019-13670:
CVE-2019-13691:
CVE-2019-13692:
CVE-2019-5880:
CVE-2019-5881:
CVE-2019-5871:
CVE-2019-5870:
CVE-2019-5873:
CVE-2019-5872:
CVE-2019-5875:
CVE-2019-5877:
CVE-2019-5876:
CVE-2019-5879:
CVE-2019-5878:
CVE-2019-5869:
CVE-2019-13668:
CVE-2019-13669:
CVE-2019-13659:

1 issue skipped by the security teams:

CVE-2018-20073: Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.

Please fix them.

Created: 2019-01-03 Last update: 2019-09-28 00:06

44 security issues in bullseye high

There are 44 open security issues in bullseye.

44 important issues:

CVE-2019-5874:
CVE-2019-13660:
CVE-2019-13661:
CVE-2019-13662:
CVE-2019-13663:
CVE-2019-13664:
CVE-2019-13665:
CVE-2019-13666:
CVE-2019-13667:
CVE-2019-13682:
CVE-2019-13683:
CVE-2019-13680:
CVE-2019-13681:
CVE-2019-13686:
CVE-2019-13687:
CVE-2019-13685:
CVE-2019-13688:
CVE-2019-13679:
CVE-2019-13678:
CVE-2019-13677:
CVE-2019-13676:
CVE-2019-13675:
CVE-2019-13674:
CVE-2019-13673:
CVE-2019-13671:
CVE-2019-13670:
CVE-2019-13691:
CVE-2019-13692:
CVE-2019-5880:
CVE-2019-5881:
CVE-2019-5871:
CVE-2019-5870:
CVE-2019-5873:
CVE-2019-5872:
CVE-2019-5875:
CVE-2019-5877:
CVE-2019-5876:
CVE-2019-5879:
CVE-2019-5878:
CVE-2019-5869:
CVE-2019-13668:
CVE-2019-13669:
CVE-2018-20073: Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.
CVE-2019-13659:

Please fix them.

Created: 2019-07-07 Last update: 2019-09-28 00:06

44 security issues in sid high

There are 44 open security issues in sid.

44 important issues:

CVE-2019-5874:
CVE-2019-13660:
CVE-2019-13661:
CVE-2019-13662:
CVE-2019-13663:
CVE-2019-13664:
CVE-2019-13665:
CVE-2019-13666:
CVE-2019-13667:
CVE-2019-13682:
CVE-2019-13683:
CVE-2019-13680:
CVE-2019-13681:
CVE-2019-13686:
CVE-2019-13687:
CVE-2019-13685:
CVE-2019-13688:
CVE-2019-13679:
CVE-2019-13678:
CVE-2019-13677:
CVE-2019-13676:
CVE-2019-13675:
CVE-2019-13674:
CVE-2019-13673:
CVE-2019-13671:
CVE-2019-13670:
CVE-2019-13691:
CVE-2019-13692:
CVE-2019-5880:
CVE-2019-5881:
CVE-2019-5871:
CVE-2019-5870:
CVE-2019-5873:
CVE-2019-5872:
CVE-2019-5875:
CVE-2019-5877:
CVE-2019-5876:
CVE-2019-5879:
CVE-2019-5878:
CVE-2019-5869:
CVE-2019-13668:
CVE-2019-13669:
CVE-2018-20073: Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.
CVE-2019-13659:

Please fix them.

Created: 2019-01-03 Last update: 2019-09-28 00:06

97 security issues in stretch high

There are 97 open security issues in stretch.

96 important issues:

CVE-2019-5874:
CVE-2019-13660:
CVE-2019-13661:
CVE-2019-13662:
CVE-2019-13663:
CVE-2019-13664:
CVE-2019-13665:
CVE-2019-13666:
CVE-2019-13667:
CVE-2019-13682:
CVE-2019-13683:
CVE-2019-13680:
CVE-2019-13681:
CVE-2019-13686:
CVE-2019-13687:
CVE-2019-13685:
CVE-2019-13688:
CVE-2019-13679:
CVE-2019-13678:
CVE-2019-13677:
CVE-2019-13676:
CVE-2019-13675:
CVE-2019-13674:
CVE-2019-13673:
CVE-2019-13671:
CVE-2019-13670:
CVE-2019-5819: Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
CVE-2019-5818: Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
CVE-2019-5856:
CVE-2019-5813: Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5811: Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-5810: Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-5814: Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13691:
CVE-2019-13692:
CVE-2019-5850:
CVE-2019-5880:
CVE-2019-5881:
CVE-2019-5833: Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
CVE-2019-5805: Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2019-5806: Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5807: Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5808: Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5809: Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
CVE-2019-5871:
CVE-2019-5870:
CVE-2019-5873:
CVE-2019-5872:
CVE-2019-5875:
CVE-2019-5815:
CVE-2019-5877:
CVE-2019-5876:
CVE-2019-5879:
CVE-2019-5878:
CVE-2019-5862:
CVE-2019-5860:
CVE-2019-5867:
CVE-2019-5864:
CVE-2019-5865:
CVE-2019-5861:
CVE-2019-5868:
CVE-2019-5869:
CVE-2019-5828: Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2019-5829: Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2019-13668:
CVE-2019-13669:
CVE-2019-5832: Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5825:
CVE-2019-5859:
CVE-2019-5858:
CVE-2019-5857:
CVE-2019-5822: Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-5855:
CVE-2019-5854:
CVE-2019-5853:
CVE-2019-5852:
CVE-2019-5851:
CVE-2019-5823: Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2019-5820: Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2019-5821: Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2019-5826:
CVE-2019-5831: Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5848:
CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5840: Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2019-5842:
CVE-2019-5847:
CVE-2019-5838: Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
CVE-2019-5824: Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5849:
CVE-2019-5835: Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2019-5837: Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5836: Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-13659:
CVE-2019-5830: Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5839: Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

1 issue skipped by the security teams:

CVE-2018-20073: Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.

Please fix them.

Created: 2019-02-19 Last update: 2019-09-28 00:06

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-01-02 Last update: 2019-10-14 04:36

4 bugs tagged help in the BTS normal

The BTS contains 4 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2019-10-14 04:01

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-10-14 04:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-09-29 23:40

testing migrations

This package will soon be part of the auto-libevent transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-libjsoncpp transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-08-15] chromium 76.0.3809.100-1 MIGRATED to testing (Debian testing watch)
[2019-08-13] Accepted chromium 76.0.3809.100-1~deb10u1 (source) into stable->embargoed, stable (Michael Gilbert)
[2019-08-09] Accepted chromium 76.0.3809.100-1 (source) into unstable (Michael Gilbert)
[2019-08-09] chromium 76.0.3809.87-2 MIGRATED to testing (Debian testing watch)
[2019-08-03] Accepted chromium 76.0.3809.87-2 (source) into unstable (Michael Gilbert)
[2019-07-31] Accepted chromium 76.0.3809.87-1 (source) into unstable (Michael Gilbert)
[2019-07-30] chromium 76.0.3809.71-1 MIGRATED to testing (Debian testing watch)
[2019-07-25] Accepted chromium 76.0.3809.71-1 (source) into unstable (Michael Gilbert)
[2019-07-11] Accepted chromium 76.0.3809.62-1 (source) into unstable (Michael Gilbert)
[2019-06-14] Accepted chromium 75.0.3770.90-1 (source) into unstable (Michael Gilbert)
[2019-06-10] Accepted chromium 75.0.3770.80-1 (source) into unstable (Michael Gilbert)
[2019-06-09] Accepted chromium 75.0.3770.10-1 (source) into experimental (Michael Gilbert)
[2019-04-24] Accepted chromium 74.0.3729.108-1 (source) into unstable (Michael Gilbert)
[2019-04-01] chromium 73.0.3683.75-1 MIGRATED to testing (Debian testing watch)
[2019-03-31] Accepted chromium 73.0.3683.75-1~deb9u1 (source) into stable->embargoed, stable (Michael Gilbert)
[2019-03-19] Accepted chromium 73.0.3683.75-1 (source) into unstable (Michael Gilbert)
[2019-03-10] Accepted chromium 73.0.3683.56-2 (source) into experimental (Michael Gilbert)
[2019-03-10] Accepted chromium 72.0.3626.122-1~deb9u1 (source) into stable->embargoed, stable (Michael Gilbert)
[2019-03-08] Accepted chromium 72.0.3626.122-1 (source) into unstable (Michael Gilbert)
[2019-03-02] Accepted chromium 73.0.3683.56-1 (source) into experimental (Michael Gilbert)
[2019-03-02] Accepted chromium 72.0.3626.121-1 (source) into unstable (Michael Gilbert)
[2019-02-27] Accepted chromium 72.0.3626.96-1~deb9u2 (source) into stable->embargoed, stable (Michael Gilbert)
[2019-02-26] chromium 72.0.3626.109-1 MIGRATED to testing (Debian testing watch)
[2019-02-26] Accepted chromium 73.0.3683.39-1 (source) into experimental (Michael Gilbert)
[2019-02-19] Accepted chromium 72.0.3626.96-1~deb9u1 (source i386 all) into stable->embargoed, stable (Michael Gilbert)
[2019-02-16] Accepted chromium 72.0.3626.109-1 (source) into unstable (Michael Gilbert)
[2019-02-02] Accepted chromium 72.0.3626.81-1 (source) into unstable (Michael Gilbert)
[2019-01-17] chromium 72.0.3626.53-1 MIGRATED to testing (Debian testing watch)
[2019-01-17] chromium 72.0.3626.53-1 MIGRATED to testing (Debian testing watch)
[2019-01-12] Accepted chromium 72.0.3626.53-1 (source) into unstable (Michael Gilbert)

bugs [bug history graph]

all: 36 46
RC: 0
I&N: 5 13
M&W: 31 33
F&P: 0
patch: 3
help: 4

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots