Package chromium-kde: Information
Binary package: chromium-kde
Version: 57.0.2987.110-alt1
Architecture: i586
Build time: Mar 31, 2017, 03:19 PM in the task #181064
Source package: chromium
Category: Networking/WWW
Report package bugHome page: http://www.chromium.org
License: BSD-3-Clause and LGPL-2.1+
Summary: Update to chromium to use KDE's kwallet to store passwords
Description:
By using the update-alternatives the password store for Chromium is changed to utilize KDE's kwallet. Please be aware that by this change the old password are no longer accessible and are also not converted to kwallet.
Maintainer: Alexey Gladkov
Last changed
March 27, 2017 Alexey Gladkov 57.0.2987.110-alt1
- New version (57.0.2987.110). - Security fixes: - CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka - CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang - CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - Project Srishti - CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek - CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB - CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado - CVE-2017-5036: Use after free in PDFium. Credit to Anonymous - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) - CVE-2017-5039: Use after free in PDFium. Credit to jinmo123 - CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han - CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel - CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grodum - CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy - CVE-2017-5038: Use after free in GuestView. Credit to Anonymous - CVE-2017-5043: Use after free in GuestView. Credit to Anonymous - CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet's FortiGuard Labs - CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire) - CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa
Feb. 8, 2017 Alexey Gladkov 56.0.2924.87-alt1
- New version (56.0.2924.87). - Security fixes: - CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani - CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford - CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy (Tresorit) - CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah) - CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip - CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou - CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar - CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah) - CVE-2017-5017: Uninitialised memory access in webm video. Credit to Dan Berman - CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu - CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu - CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu - CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to evi1m0#ly.com - CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC) - CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta - CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing - CVE-2017-5027: Bypass of Content Security Policy in Blink.
Dec. 8, 2016 Alexey Gladkov 55.0.2883.75-alt1
- New version (55.0.2883.75). - Security fixes: - CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360 - CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl) - CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous - CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN - CVE-2016-5203: Use after free in PDFium. Credit to Anonymous - CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB - CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani - CVE-2016-5211: Use after free in PDFium. Credit to Anonymous - CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani - CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR - CVE-2016-5216: Use after free in PDFium. Credit to Anonymous - CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang - CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu (robwu.nl) - CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab) - CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl) - CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure - CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl) - CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent's Xuanwu Lab - CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Zoczek - CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee - CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk) - CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk) - CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives