Package Release Info

chromium-106.0.5249.91-bp154.2.32.1

Update Info: openSUSE-2022-10138
Available in Package Hub : 15 SP4 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

chromedriver
chromium

Change Logs

Version: 106.0.5249.91-bp153.2.125.1
* Sat Oct 01 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.91 (boo#1203808):
  * CVE-2022-3370: Use after free in Custom Elements
  * CVE-2022-3373: Out of bounds write in V8
- includes changes from 106.0.5249.61:
  * CVE-2022-3304: Use after free in CSS
  * CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
  * CVE-2022-3305: Use after free in Survey
  * CVE-2022-3306: Use after free in Survey
  * CVE-2022-3307: Use after free in Media
  * CVE-2022-3308: Insufficient policy enforcement in Developer Tools
  * CVE-2022-3309: Use after free in Assistant
  * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
  * CVE-2022-3311: Use after free in Import
  * CVE-2022-3312: Insufficient validation of untrusted input in VPN
  * CVE-2022-3313: Incorrect security UI in Full Screen
  * CVE-2022-3314: Use after free in Logging
  * CVE-2022-3315: Type confusion in Blink
  * CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2022-3317: Insufficient validation of untrusted input in Intents
  * CVE-2022-3318: Use after free in ChromeOS Notifications
- drop patches:
  * chromium-104-tflite-system-zlib.patch
  * chromium-105-AdjustMaskLayerGeometry-ceilf.patch
  * chromium-105-Trap-raw_ptr.patch
  * chromium-105-browser_finder-include.patch
  * chromium-105-raw_ptr-noexcept.patch
- add patches
  * chromium-106-ffmpeg-duration.patch
  * chromium-106-AutofillPopupControllerImpl-namespace.patch
Version: 106.0.5249.119-bp153.2.128.1
* Wed Oct 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.119 (boo#1204223)
  * CVE-2022-3445: Use after free in Skia
  * CVE-2022-3446: Heap buffer overflow in WebSQL
  * CVE-2022-3447: Inappropriate implementation in Custom Tabs
  * CVE-2022-3448: Use after free in Permissions API
  * CVE-2022-3449: Use after free in Safe Browsing
  * CVE-2022-3450: Use after free in Peer Connection
* Thu Oct 06 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.103:
  * fix possible cache manager deadlock
  * Fix right-click menu appearing unexpectedly affecting screen
    readers
Version: 105.0.5195.127-bp153.2.122.1
* Wed Sep 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 105.0.5195.127 (boo#1203419):
  * CVE-2022-3195: Out of bounds write in Storage
  * CVE-2022-3196: Use after free in PDF
  * CVE-2022-3197: Use after free in PDF
  * CVE-2022-3198: Use after free in PDF
  * CVE-2022-3199: Use after free in Frames
  * CVE-2022-3200: Heap buffer overflow in Internals
  * CVE-2022-3201: Insufficient validation of untrusted input in DevTools
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 105.0.5195.102-bp153.2.119.1
* Thu Sep 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 105.0.5195.102 (boo#1203102):
  * CVE-2022-3075: Insufficient data validation in Mojo
- Chromium 105.0.5195.52 (boo#1202964):
  * CVE-2022-3038: Use after free in Network Service
  * CVE-2022-3039: Use after free in WebSQL
  * CVE-2022-3040: Use after free in Layout
  * CVE-2022-3041: Use after free in WebSQL
  * CVE-2022-3042: Use after free in PhoneHub
  * CVE-2022-3043: Heap buffer overflow in Screen Capture
  * CVE-2022-3044: Inappropriate implementation in Site Isolation
  * CVE-2022-3045: Insufficient validation of untrusted input in V8
  * CVE-2022-3046: Use after free in Browser Tag
  * CVE-2022-3071: Use after free in Tab Strip
  * CVE-2022-3047: Insufficient policy enforcement in Extensions API
  * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
  * CVE-2022-3049: Use after free in SplitScreen
  * CVE-2022-3050: Heap buffer overflow in WebUI
  * CVE-2022-3051: Heap buffer overflow in Exosphere
  * CVE-2022-3052: Heap buffer overflow in Window Manager
  * CVE-2022-3053: Inappropriate implementation in Pointer Lock
  * CVE-2022-3054: Insufficient policy enforcement in DevTools
  * CVE-2022-3055: Use after free in Passwords
  * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
  * CVE-2022-3057: Inappropriate implementation in iframe Sandbox
  * CVE-2022-3058: Use after free in Sign-In Flow
- Added patches:
  * chromium-105-AdjustMaskLayerGeometry-ceilf.patch
  * chromium-105-Bitmap-include.patch
  * chromium-105-browser_finder-include.patch
  * chromium-105-raw_ptr-noexcept.patch
  * chromium-105-Trap-raw_ptr.patch
  * chromium-105-wayland-1.20.patch
  * chromium-105-compiler.patch
- Removed patches:
  * chromium-104-compiler.patch
  * chromium-104-ContentRendererClient-type.patch
  * chromium-78-protobuf-RepeatedPtrField-export.patch
* Thu Sep 01 2022 Paolo Stivanin <info@paolostivanin.com>
- Update chromium-symbolic.svg: this fixes bsc#1202403.
* Mon Aug 22 2022 Andreas Schwab <schwab@suse.de>
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
Version: 104.0.5112.79-bp153.2.113.1
* Tue Aug 09 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 104.0.5112.79 (boo#1202075)
  * CVE-2022-2603: Use after free in Omnibox
  * CVE-2022-2604: Use after free in Safe Browsing
  * CVE-2022-2605: Out of bounds read in Dawn
  * CVE-2022-2606: Use after free in Managed devices API
  * CVE-2022-2607: Use after free in Tab Strip
  * CVE-2022-2608: Use after free in Overview Mode
  * CVE-2022-2609: Use after free in Nearby Share
  * CVE-2022-2610: Insufficient policy enforcement in Background Fetch
  * CVE-2022-2611: Inappropriate implementation in Fullscreen API
  * CVE-2022-2612: Side-channel information leakage in Keyboard input
  * CVE-2022-2613: Use after free in Input
  * CVE-2022-2614: Use after free in Sign-In Flow
  * CVE-2022-2615: Insufficient policy enforcement in Cookies
  * CVE-2022-2616: Inappropriate implementation in Extensions API
  * CVE-2022-2617: Use after free in Extensions API
  * CVE-2022-2618: Insufficient validation of untrusted input in Internals
  * CVE-2022-2619: Insufficient validation of untrusted input in Settings
  * CVE-2022-2620: Use after free in WebUI
  * CVE-2022-2621: Use after free in Extensions
  * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2022-2623: Use after free in Offline
  * CVE-2022-2624: Heap buffer overflow in PDF
- Added patches:
  * chromium-104-compiler.patch
  * chromium-104-ContentRendererClient-type.patch
  * chromium-104-tflite-system-zlib.patch
- Removed patches:
  * chromium-103-SubstringSetMatcher-packed.patch
  * chromium-103-FrameLoadRequest-type.patch
  * chromium-103-compiler.patch
- Use FFmpeg 5.1 on TW
* Sat Jul 23 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch back to Clang so that we can use BTI on aarch64
  * Gold is too old - doesn't understand BTI
  * LD crashes on aarch64
- Re-enable LTO
- Prepare move to FFmpeg 5 for new channel layout
  (requires 5.1+)
Version: 104.0.5112.101-bp153.2.116.1
* Thu Aug 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 104.0.5112.101 (boo#1202509):
  * CVE-2022-2852: Use after free in FedCM
  * CVE-2022-2854: Use after free in SwiftShader
  * CVE-2022-2855: Use after free in ANGLE
  * CVE-2022-2857: Use after free in Blink
  * CVE-2022-2858: Use after free in Sign-In Flow
  * CVE-2022-2853: Heap buffer overflow in Downloads
  * CVE-2022-2856: Insufficient validation of untrusted input in Intents
  * CVE-2022-2859: Use after free in Chrome OS Shell
  * CVE-2022-2860: Insufficient policy enforcement in Cookies
  * CVE-2022-2861: Inappropriate implementation in Extensions API
* Tue Aug 16 2022 Callum Farmer <gmbr3@opensuse.org>
- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)
Version: 103.0.5060.53-bp153.2.104.1
* Sat Jun 25 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 103.0.5060.53 (boo#1200783)
  * CVE-2022-2156: Use after free in Base
  * CVE-2022-2157: Use after free in Interest groups
  * CVE-2022-2158: Type Confusion in V8
  * CVE-2022-2160: Insufficient policy enforcement in DevTools
  * CVE-2022-2161: Use after free in WebApp Provider
  * CVE-2022-2162: Insufficient policy enforcement in File System API
  * CVE-2022-2163: Use after free in Cast UI and Toolbar
  * CVE-2022-2164: Inappropriate implementation in Extensions API
  * CVE-2022-2165: Insufficient data validation in URL formatting
- Added patches:
  * chromium-103-FrameLoadRequest-type.patch
  * chromium-103-SubstringSetMatcher-packed.patch
  * chromium-103-VirtualCursor-std-layout.patch
  * chromium-103-compiler.patch
- Removed patches:
  * chromium-102-compiler.patch
  * chromium-91-sql-standard-layout-type.patch
  * chromium-101-libxml-unbundle.patch
  * chromium-102-fenced_frame_utils-include.patch
  * chromium-102-swiftshader-template-instantiation.patch
  * chromium-102-symbolize-include.patch
  * chromium-97-arm-tflite-cast.patch
  * chromium-97-ScrollView-reference.patch
Version: 103.0.5060.134-bp153.2.110.1
* Wed Jul 20 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.134 (boo#1201679):
  * CVE-2022-2477 : Use after free in Guest View
  * CVE-2022-2478 : Use after free in PDF
  * CVE-2022-2479 : Insufficient validation of untrusted input in File
  * CVE-2022-2480 : Use after free in Service Worker API
  * CVE-2022-2481: Use after free in Views
  * CVE-2022-2163: Use after free in Cast UI and Toolbar
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 103.0.5060.114-bp153.2.107.1
* Sat Jul 09 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.114 (boo#1201216)
  * CVE-2022-2294: Heap buffer overflow in WebRTC
  * CVE-2022-2295: Type Confusion in V8
  * CVE-2022-2296: Use after free in Chrome OS Shell
* Thu Jul 07 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.66
  * no upstream release notes
Version: 102.0.5005.61-bp154.2.5.3
* Wed Jun 01 2022 Callum Farmer <gmbr3@opensuse.org>
- Disable ARM control flow integrity, it causes build issues
  at the moment
- Try a different SVG (black logo on GNOME)
- Removed patches:
  * chromium-third_party-symbolize-missing-include.patch
  (replaced by chromium-102-symbolize-include.patch)
* Fri May 27 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 102.0.5001.61 (boo#1199893)
  * CVE-2022-1853: Use after free in Indexed DB
  * CVE-2022-1854: Use after free in ANGLE
  * CVE-2022-1855: Use after free in Messaging
  * CVE-2022-1856: Use after free in User Education
  * CVE-2022-1857: Insufficient policy enforcement in File System API
  * CVE-2022-1858: Out of bounds read in DevTools
  * CVE-2022-1859: Use after free in Performance Manager
  * CVE-2022-1860: Use after free in UI Foundations
  * CVE-2022-1861: Use after free in Sharing
  * CVE-2022-1862: Inappropriate implementation in Extensions
  * CVE-2022-1863: Use after free in Tab Groups
  * CVE-2022-1864: Use after free in WebApp Installs
  * CVE-2022-1865: Use after free in Bookmarks
  * CVE-2022-1866: Use after free in Tablet Mode
  * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
  * CVE-2022-1868: Inappropriate implementation in Extensions API
  * CVE-2022-1869: Type Confusion in V8
  * CVE-2022-1870: Use after free in App Service
  * CVE-2022-1871: Insufficient policy enforcement in File System API
  * CVE-2022-1872: Insufficient policy enforcement in Extensions API
  * CVE-2022-1873: Insufficient policy enforcement in COOP
  * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
  * CVE-2022-1875: Inappropriate implementation in PDF
  * CVE-2022-1876: Heap buffer overflow in DevTools
- Added patches:
  * chromium-102-compiler.patch
  * chromium-102-fenced_frame_utils-include.patch
  * chromium-102-regex_pattern-array.patch
  * chromium-102-swiftshader-template-instantiation.patch
  * chromium-102-symbolize-include.patch
  * ffmpeg-new-channel-layout.patch
- Removed patches:
  * chromium-100-compiler.patch
  * chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
  * chromium-95-quiche-include.patch
  * chromium-fix-swiftshader-template.patch
  * chromium-missing-include-tuple.patch
  * chromium-webrtc-stats-missing-vector.patch
  * chromium-101-segmentation_platform-type.patch
Version: 102.0.5005.115-bp153.2.101.1
* Fri Jun 10 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 102.0.5005.115 (boo#1200423)
  * CVE-2022-2007: Use after free in WebGPU
  * CVE-2022-2008: Out of bounds memory access in WebGL
  * CVE-2022-2010: Out of bounds read in compositing
  * CVE-2022-2011: Use after free in ANGLE
* Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch to GTK4 on TW and Leap 15.4+ (boo#1200139)
Version: 101.0.4951.67-bp153.2.94.1
* Sun May 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.67
  * fixes for other platforms
* Thu Dec 30 2021 Callum Farmer <gmbr3@opensuse.org>
- Revert wayland fixes because it doesn't handle GPU correctly
  (boo#1194182)
Version: 101.0.4951.64-bp153.2.91.1
* Wed May 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.64 (boo#1199409)
  * CVE-2022-1633: Use after free in Sharesheet
  * CVE-2022-1634: Use after free in Browser UI
  * CVE-2022-1635: Use after free in Permission Prompts
  * CVE-2022-1636: Use after free in Performance APIs
  * CVE-2022-1637: Inappropriate implementation in Web Contents
  * CVE-2022-1638: Heap buffer overflow in V8 Internationalization
  * CVE-2022-1639: Use after free in ANGLE
  * CVE-2022-1640: Use after free in Sharing
  * CVE-2022-1641: Use after free in Web UI Diagnostics
Version: 101.0.4951.54-bp153.2.88.1
* Wed May 04 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 101.0.4951.54 (boo#1199118)
- Chromium 101.0.4951.41 (boo#1198917)
  * CVE-2022-1477: Use after free in Vulkan
  * CVE-2022-1478: Use after free in SwiftShader
  * CVE-2022-1479: Use after free in ANGLE
  * CVE-2022-1480: Use after free in Device API
  * CVE-2022-1481: Use after free in Sharing
  * CVE-2022-1482: Inappropriate implementation in WebGL
  * CVE-2022-1483: Heap buffer overflow in WebGPU
  * CVE-2022-1484: Heap buffer overflow in Web UI Settings
  * CVE-2022-1485: Use after free in File System API
  * CVE-2022-1486: Type Confusion in V8
  * CVE-2022-1487: Use after free in Ozone
  * CVE-2022-1488: Inappropriate implementation in Extensions API
  * CVE-2022-1489: Out of bounds memory access in UI Shelf
  * CVE-2022-1490: Use after free in Browser Switcher
  * CVE-2022-1491: Use after free in Bookmarks
  * CVE-2022-1492: Insufficient data validation in Blink Editing
  * CVE-2022-1493: Use after free in Dev Tools
  * CVE-2022-1494: Insufficient data validation in Trusted Types
  * CVE-2022-1495: Incorrect security UI in Downloads
  * CVE-2022-1496: Use after free in File Manager
  * CVE-2022-1497: Inappropriate implementation in Input
  * CVE-2022-1498: Inappropriate implementation in HTML Parser
  * CVE-2022-1499: Inappropriate implementation in WebAuthentication
  * CVE-2022-1500: Insufficient data validation in Dev Tools
  * CVE-2022-1501: Inappropriate implementation in iframe
- Added patches:
  * chromium-101-libxml-unbundle.patch
  * chromium-101-segmentation_platform-type.patch
- Removed patches:
  * chromium-100-SCTHashdanceMetadata-move.patch
  * chromium-100-GLImplementationParts-constexpr.patch
  * chromium-100-macro-typo.patch
* Thu Apr 21 2022 Callum Farmer <gmbr3@opensuse.org>
- Fixes for go 1.18
Version: 100.0.4896.88-bp153.2.82.1
* Tue Apr 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.88 (boo#1198361)
  * CVE-2022-1305: Use after free in storage
  * CVE-2022-1306: Inappropriate implementation in compositing
  * CVE-2022-1307: Inappropriate implementation in full screen
  * CVE-2022-1308: Use after free in BFCache
  * CVE-2022-1309: Insufficient policy enforcement in developer tools
  * CVE-2022-1310: Use after free in regular expressions
  * CVE-2022-1311: Use after free in Chrome OS shell
  * CVE-2022-1312: Use after free in storage
  * CVE-2022-1313: Use after free in tab groups
  * CVE-2022-1314: Type Confusion in V8
  * Various fixes from internal audits, fuzzing and other initiatives
* Sun Apr 10 2022 Callum Farmer <gmbr3@opensuse.org>
- Patches for GCC 12:
  * chromium-fix-swiftshader-template.patch
  * chromium-missing-include-tuple.patch
  * chromium-webrtc-stats-missing-vector.patch
* Tue Apr 05 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.75:
  * CVE-2022-1232: Type Confusion in V8 (boo#1198053)
* Wed Mar 30 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 100.0.4896.60 (boo#1197680)
  * CVE-2022-1125: Use after free in Portals
  * CVE-2022-1127: Use after free in QR Code Generator
  * CVE-2022-1128: Inappropriate implementation in Web Share API
  * CVE-2022-1129: Inappropriate implementation in Full Screen Mode
  * CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
  * CVE-2022-1131: Use after free in Cast UI
  * CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
  * CVE-2022-1133: Use after free in WebRTC
  * CVE-2022-1134: Type Confusion in V8
  * CVE-2022-1135: Use after free in Shopping Cart
  * CVE-2022-1136: Use after free in Tab Strip
  * CVE-2022-1137: Inappropriate implementation in Extensions
  * CVE-2022-1138: Inappropriate implementation in Web Cursor
  * CVE-2022-1139: Inappropriate implementation in Background Fetch API
  * CVE-2022-1141: Use after free in File Manager
  * CVE-2022-1142: Heap buffer overflow in WebUI
  * CVE-2022-1143: Heap buffer overflow in WebUI
  * CVE-2022-1144: Use after free in WebUI
  * CVE-2022-1145: Use after free in Extensions
  * CVE-2022-1146: Inappropriate implementation in Resource Timing
- Added patches:
  * chromium-100-compiler.patch
  * chromium-100-GLImplementationParts-constexpr.patch
  * chromium-100-InMilliseconds-constexpr.patch
  * chromium-100-SCTHashdanceMetadata-move.patch
  * chromium-100-macro-typo.patch
- Removed patches:
  * chromium-98-compiler.patch
  * chromium-86-nearby-explicit.patch
  * chromium-glibc-2.34.patch
  * chromium-v8-missing-utility-include.patch
  * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* Tue Mar 29 2022 Andreas Schwab <schwab@suse.de>
- Update disk constraints
Version: 100.0.4896.127-bp153.2.85.1
* Fri Apr 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.127 (boo#1198509)
  * CVE-2022-1364: Type Confusion in V8
  * Various fixes from internal audits, fuzzing and other initiatives