chromium - Debian Package Tracker

general

source: chromium (main)
version: 90.0.4430.212-1
maintainer: Debian Chromium Team (DMD)
uploaders: Michael Gilbert [DMD] – Riku Voipio [DMD] – Michel Le Bihan [DMD]
arch: all amd64 arm64 armhf i386
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 73.0.3683.75-1~deb9u1
old-sec: 73.0.3683.75-1~deb9u1
stable: 87.0.4280.141-0.1~deb10u1
stable-sec: 90.0.4430.212-1~deb10u1
stable-p-u: 89.0.4389.114-1~deb10u1
testing: 90.0.4430.212-1
unstable: 90.0.4430.212-1

versioned links

72.0.3626.122-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
73.0.3683.75-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
87.0.4280.141-0.1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
89.0.4389.114-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
90.0.4430.212-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
90.0.4430.212-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

chromium (45 bugs: 0, 11, 34, 0)
chromium-common
chromium-driver
chromium-l10n
chromium-sandbox
chromium-shell (1 bugs: 0, 0, 1, 0)

action needed

A new upstream version is available: 91.0.4472.101 high

A new upstream version 91.0.4472.101 is available, you should consider packaging it.

Created: 2021-05-27 Last update: 2021-06-12 15:03

32 security issues in sid high

There are 32 open security issues in sid.

32 important issues:

CVE-2021-30521: Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30522: Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30523: Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
CVE-2021-30524: Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30525: Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30526: Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
CVE-2021-30527: Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30528: Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30529: Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30530: Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30531: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30532: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30533: Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2021-30535: Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30536: Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
CVE-2021-30537: Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.
CVE-2021-30538: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30539: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30540: Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2021-30542: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30543: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30544:
CVE-2021-30545:
CVE-2021-30546:
CVE-2021-30547:
CVE-2021-30548:
CVE-2021-30549:
CVE-2021-30550:
CVE-2021-30551:
CVE-2021-30552:
CVE-2021-30553:

Created: 2021-05-26 Last update: 2021-06-10 09:00

32 security issues in buster high

There are 32 open security issues in buster.

32 important issues:

CVE-2021-30521: Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30522: Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30523: Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
CVE-2021-30524: Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30525: Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30526: Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
CVE-2021-30527: Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30528: Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30529: Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30530: Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30531: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30532: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30533: Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2021-30535: Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30536: Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
CVE-2021-30537: Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.
CVE-2021-30538: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30539: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30540: Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2021-30542: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30543: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30544:
CVE-2021-30545:
CVE-2021-30546:
CVE-2021-30547:
CVE-2021-30548:
CVE-2021-30549:
CVE-2021-30550:
CVE-2021-30551:
CVE-2021-30552:
CVE-2021-30553:

Created: 2021-05-26 Last update: 2021-06-10 09:00

32 security issues in bullseye high

There are 32 open security issues in bullseye.

32 important issues:

CVE-2021-30521: Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30522: Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30523: Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
CVE-2021-30524: Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30525: Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30526: Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
CVE-2021-30527: Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30528: Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30529: Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30530: Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30531: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30532: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30533: Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2021-30535: Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30536: Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
CVE-2021-30537: Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.
CVE-2021-30538: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30539: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30540: Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2021-30542: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30543: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30544:
CVE-2021-30545:
CVE-2021-30546:
CVE-2021-30547:
CVE-2021-30548:
CVE-2021-30549:
CVE-2021-30550:
CVE-2021-30551:
CVE-2021-30552:
CVE-2021-30553:

Created: 2021-05-26 Last update: 2021-06-10 09:00

lintian reports 1161 errors and 22 warnings high

Lintian reports 1161 errors and 22 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-04-11 Last update: 2021-05-27 22:03

5 bugs tagged help in the BTS normal

The BTS contains 5 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2021-06-12 18:30

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-06-12 18:30

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

chromium: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2020-06-01 01:12

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2021-05-16 01:10

testing migrations

This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-05-21] chromium 90.0.4430.212-1 MIGRATED to testing (Debian testing watch)
[2021-05-18] Accepted chromium 90.0.4430.212-1~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-05-15] Accepted chromium 90.0.4430.212-1 (source) into unstable (Michael Gilbert)
[2021-05-04] Accepted chromium 90.0.4430.93-1~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-04-29] Accepted chromium 90.0.4430.93-1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-04-28] Accepted chromium 90.0.4430.85-1~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-04-22] Accepted chromium 90.0.4430.85-1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-04-20] Accepted chromium 90.0.4430.72-1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-04-13] Accepted chromium 89.0.4389.114-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-04-12] chromium 89.0.4389.114-1 MIGRATED to testing (Debian testing watch)
[2021-04-06] Accepted chromium 89.0.4389.114-1~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-04-04] Accepted chromium 89.0.4389.114-1 (source) into unstable (Michael Gilbert)
[2021-03-21] chromium 89.0.4389.90-1 MIGRATED to testing (Debian testing watch)
[2021-03-15] Accepted chromium 89.0.4389.90-1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-03-15] chromium 89.0.4389.82-1 MIGRATED to testing (Debian testing watch)
[2021-03-08] Accepted chromium 89.0.4389.82-1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-02-24] Accepted chromium 88.0.4324.182-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-02-24] Accepted chromium 88.0.4324.146-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-02-22] chromium 88.0.4324.182-1 MIGRATED to testing (Debian testing watch)
[2021-02-22] chromium 88.0.4324.182-1 MIGRATED to testing (Debian testing watch)
[2021-02-20] Accepted chromium 88.0.4324.182-1~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-02-18] Accepted chromium 88.0.4324.182-1 (source) into unstable (Michael Gilbert)
[2021-02-09] Accepted chromium 88.0.4324.150-1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-02-09] chromium 88.0.4324.146-1 MIGRATED to testing (Debian testing watch)
[2021-02-07] Accepted chromium 88.0.4324.146-1~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Michael Gilbert)
[2021-02-03] Accepted chromium 88.0.4324.146-1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-02-01] Accepted chromium 88.0.4324.96-2 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-01-27] Accepted chromium 88.0.4324.96-1 (source) into unstable (Michael Gilbert)
[2021-01-21] Accepted chromium 88.0.4324.96-0.1 (source) into unstable (Michel Le Bihan) (signed by: Mattia Rizzolo)
[2021-01-16] Accepted chromium 87.0.4280.141-0.1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Mattia Rizzolo)

bugs [bug history graph]

all: 50 55
RC: 0
I&N: 12 13
M&W: 38 42
F&P: 0
patch: 4
help: 5

links

homepage
lintian (1161, 22)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots