Release notes: http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html Synopsis: Multiple vulnerabilities have been reported in Chromium, that may allow user-assisted execution of arbitrary code. Impact: A remote attacker could entice a user to visit a specially-crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code, or a Denial of Service. Arches, please stabilize =www-client/chromium-10.0.648.205
works here!
x86 stable
amd64 stable
Thanks, folks. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li).
CVE-2011-1302 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1302): Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors. CVE-2011-1301 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1301): Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.