A new version of dev-lang/v8 was also released, but I'm not sure if it fixes any security problems.
New versions have been added to the tree: dev-lang/v8-3.5.10.23 www-client/chromium-15.0.874.120 www-client/google-chrome-15.0.874.120_p108895 google-chrome should NOT be stabilized.
Please stabilize: =dev-lang/v8-3.5.10.23 =www-client/chromium-15.0.874.120
As per agreement between amd64 and chromium, no needs amd64 here. (In reply to comment #2) > Please stabilize: > > =dev-lang/v8-3.5.10.23 > =www-client/chromium-15.0.874.120 both ok, you can mark stable.
amd64 done. Thanks again ago.
x86 stable, working on GLSA draft
CVE-2011-3898 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3898): Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet. CVE-2011-3897 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3897): Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing. CVE-2011-3896 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3896): Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping. CVE-2011-3895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895): Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. CVE-2011-3894 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3894): Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream. CVE-2011-3893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893): Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3892 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3892): Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
This issue was resolved and addressed in GLSA 201111-05 at http://security.gentoo.org/glsa/glsa-201111-05.xml by GLSA coordinator Tim Sammut (underling).
