Information on source package chromium

Available versions

ReleaseVersion
stretch (security)72.0.3626.122-1~deb9u1
buster72.0.3626.109-1
sid72.0.3626.122-1

Open issues

BugstretchbustersidDescription
CVE-2019-5803vulnerablevulnerablevulnerable
CVE-2019-5802vulnerablevulnerablevulnerable
CVE-2019-5801vulnerablevulnerablevulnerable
CVE-2019-5800vulnerablevulnerablevulnerable
CVE-2019-5799vulnerablevulnerablevulnerable
CVE-2019-5798vulnerablevulnerablevulnerable
CVE-2019-5797vulnerablevulnerablevulnerable
CVE-2019-5796vulnerablevulnerablevulnerable
CVE-2019-5795vulnerablevulnerablevulnerable
CVE-2019-5794vulnerablevulnerablevulnerable
CVE-2019-5793vulnerablevulnerablevulnerable
CVE-2019-5792vulnerablevulnerablevulnerable
CVE-2019-5791vulnerablevulnerablevulnerable
CVE-2019-5790vulnerablevulnerablevulnerable
CVE-2019-5789vulnerablevulnerablevulnerable
CVE-2019-5788vulnerablevulnerablevulnerable
CVE-2019-5787vulnerablevulnerablevulnerable
CVE-2019-5786fixedvulnerablefixed
CVE-2018-20073vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablechromium stores download meta data in extended attributes

Resolved issues

BugDescription
CVE-2019-5804
CVE-2019-5784
CVE-2019-5783Missing URI encoding of untrusted input in DevTools in Google Chrome ...
CVE-2019-5782Incorrect optimization assumptions in V8 in Google Chrome prior to ...
CVE-2019-5781Incorrect handling of a confusable character in Omnibox in Google ...
CVE-2019-5780Insufficient restrictions on what can be done with Apple Events in ...
CVE-2019-5779Insufficient policy validation in ServiceWorker in Google Chrome prior ...
CVE-2019-5778A missing case for handling special schemes in permission request ...
CVE-2019-5777Incorrect handling of a confusable character in Omnibox in Google ...
CVE-2019-5776Incorrect handling of a confusable character in Omnibox in Google ...
CVE-2019-5775Incorrect handling of a confusable character in Omnibox in Google ...
CVE-2019-5774Omission of the .desktop filetype from the Safe Browsing checklist in ...
CVE-2019-5773Insufficient origin validation in IndexedDB in Google Chrome prior to ...
CVE-2019-5772Sharing of objects over calls into JavaScript runtime in PDFium in ...
CVE-2019-5771An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior ...
CVE-2019-5770Insufficient input validation in WebGL in Google Chrome prior to ...
CVE-2019-5769Incorrect handling of invalid end character position when front ...
CVE-2019-5768DevTools API not correctly gating on extension capability in DevTools ...
CVE-2019-5767Insufficient protection of permission UI in WebAPKs in Google Chrome ...
CVE-2019-5766Incorrect handling of origin taint checking in Canvas in Google Chrome ...
CVE-2019-5765An exposed debugging endpoint in the browser in Google Chrome on ...
CVE-2019-5764Incorrect pointer management in WebRTC in Google Chrome prior to ...
CVE-2019-5763Failure to check error conditions in V8 in Google Chrome prior to ...
CVE-2019-5762Inappropriate memory management when caching in PDFium in Google ...
CVE-2019-5761Incorrect object lifecycle management in SwiftShader in Google Chrome ...
CVE-2019-5760Insufficient checks of pointer validity in WebRTC in Google Chrome ...
CVE-2019-5759Incorrect lifetime handling in HTML select elements in Google Chrome ...
CVE-2019-5758Incorrect object lifecycle management in Blink in Google Chrome prior ...
CVE-2019-5757An incorrect object type assumption in SVG in Google Chrome prior to ...
CVE-2019-5756Inappropriate memory management when caching in PDFium in Google ...
CVE-2019-5755Incorrect handling of negative zero in V8 in Google Chrome prior to ...
CVE-2019-5754Implementation error in QUIC Networking in Google Chrome prior to ...
CVE-2018-20346SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an ...
CVE-2018-20070Incorrect handling of confusable characters in URL Formatter in Google ...
CVE-2018-20069Failure to prevent navigation to top frame to data URLs in Navigation ...
CVE-2018-20068Incorrect handling of 304 status codes in Navigation in Google Chrome ...
CVE-2018-20067A renderer initiated back navigation was incorrectly allowed to cancel ...
CVE-2018-20066Incorrect object lifecycle in Extensions in Google Chrome prior to ...
CVE-2018-20065Handling of URI action in PDFium in Google Chrome prior to ...
CVE-2018-18359Incorrect handling of Reflect.construct in V8 in Google Chrome prior ...
CVE-2018-18358Lack of special casing of localhost in WPAD files in Google Chrome ...
CVE-2018-18357Incorrect handling of confusable characters in URL Formatter in Google ...
CVE-2018-18356An integer overflow in path handling lead to a use after free in Skia ...
CVE-2018-18355Incorrect handling of confusable characters in URL Formatter in Google ...
CVE-2018-18354Insufficient validate of external protocols in Shell Integration in ...
CVE-2018-18353Failure to dismiss http auth dialogs on navigation in Network ...
CVE-2018-18352Service works could inappropriately gain access to cross origin audio ...
CVE-2018-18351Lack of proper validation of ancestor frames site when sending lax ...
CVE-2018-18350Incorrect handling of CSP enforcement during navigations in Blink in ...
CVE-2018-18349Remote frame navigations was incorrectly permitted to local resources ...
CVE-2018-18348Incorrect handling of bidirectional domain names with RTL characters ...
CVE-2018-18347Incorrect handling of failed navigations with invalid URLs in ...
CVE-2018-18346Incorrect handling of alert box display in Blink in Google Chrome ...
CVE-2018-18345Incorrect handling of blob URLS in Site Isolation in Google Chrome ...
CVE-2018-18344Inappropriate allowance of the setDownloadBehavior devtools protocol ...
CVE-2018-18343Incorrect handing of paths leading to a use after free in Skia in ...
CVE-2018-18342Execution of user supplied Javascript during object deserialization ...
CVE-2018-18341An integer overflow leading to a heap buffer overflow in Blink in ...
CVE-2018-18340Incorrect object lifecycle in MediaRecorder in Google Chrome prior to ...
CVE-2018-18339Incorrect object lifecycle in WebAudio in Google Chrome prior to ...
CVE-2018-18338Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome ...
CVE-2018-18337Incorrect handling of stylesheets leading to a use after free in Blink ...
CVE-2018-18336Incorrect object lifecycle in PDFium in Google Chrome prior to ...
CVE-2018-18335Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 ...
CVE-2018-17481Incorrect object lifecycle handling in PDFium in Google Chrome prior ...
CVE-2018-17480Execution of user supplied Javascript during array deserialization ...

Security announcements

DSA / DLADescription
DSA-4404-1chromium - security update
DSA-4395-2chromium - regression update
DSA-4395-1chromium - security update

Search for package or bug name: Reporting problems