See the release notes at http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html Some details: [$500] [55114] High Bad cast with malformed SVG. Credit to wushi of team 509. [55119] Critical Buffer mismanagement in the SPDY protocol. Credit to Ron Ten-Hove of Google. [$1000] [55350] High Cross-origin property pollution. Credit to Stefano Di Paola of MindedSecurity. You can read more about the severity ratings at http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines . I suggest to rate it B2 on the Gentoo scale. Security, this bug sort of obsoletes bug #335750 (you now have 6 www-client/chromium bugs in the queue). Arches, please test and stabilize. I'm sorry for a very short period since the last stabilization, but I just follow the upstream releases. Fortunately, the number of changes is very small.
amd64 stable (a very small number of changes, and several hours of compiling, later...)
I tested it on x86, it looks good to go over here!
+1 x86
x86 stable, all arches done.
GLSA with bug 326717.
GLSA 201012-01, thanks everyone.
CVE-2010-3730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3730): Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue. CVE-2010-3729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3729): The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors. CVE-2010-1822 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1822): WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.