From secunia: https://secunia.com/advisories/47938/ Description Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system. 1) An unspecified error exists within clipboard monitoring after a paste event. 2) An unspecified error exists related to excessive database usage. 3) An unspecified error exists when aborting an IndexDB transaction. 4) An error exists when handling sandboxed origins inside extensions. 5) A use-after-free error exists in PDF garbage collection. 6) A type cast error exists when handling column spans. 7) An error within locale handling can be exploited to cause a buffer overflow. 8) An error within audio decoding can be exploited to cause an out-of-bounds read. 9) An unspecified error exists due to a race condition after a crash of a utility process. 10) An error within path clipping can be exploited to cause an out-of-bounds read. 11) An error within PDF fax image handling can be exploited to cause an out-of-bounds read. 12) An unspecified error when handling drag and drop may lead to URL bar confusion. 13) An unspecified error exists within a signature check. 14) A use-after-free error exists within stylesheet error handling. 15) An unspecified error exists when handling unusual certificates. 16) A use-after-free error exists within CSS handling. 17) A use-after-free error exists within SVG layout handling. 18) An error within libxslt can be exploited to cause an out-of-bounds read. 19) A use-after-free error exists when handling mousemove events. 20) An error within shader translator can be exploited to cause an out-of-bounds read. Solution Upgrade to version 17.0.963.46.
We will need to stabilize v8-3.7.* as a dependency. I assume ago will handle amd64. Please stabilize: =dev-lang/v8-3.7.12.20 =www-client/chromium-17.0.963.46-r1
amd64 / x86 stable
(In reply to comment #1) > We will need to stabilize v8-3.7.* as a dependency. > > I assume ago will handle amd64. I did it also for x86 because I use it since many days, @Pawel, please open and do glsa by yourself as usual ;)
(In reply to comment #3) > @Pawel, please open and do glsa by yourself as usual ;) GLSA draft ready for review.
This issue was resolved and addressed in GLSA 201202-01 at http://security.gentoo.org/glsa/glsa-201202-01.xml by GLSA coordinator Tim Sammut (underling).
CVE-2011-3972 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3972): The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3971): Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. CVE-2011-3970 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3970): libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3969): Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. CVE-2011-3968 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3968): Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. CVE-2011-3967 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3967): Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate. CVE-2011-3966 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3966): Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. CVE-2011-3965 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3965): Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2011-3964 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3964): Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors. CVE-2011-3963 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3963): Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3962 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3962): Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3961): Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process. CVE-2011-3960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3960): Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3959): Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-3958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3958): Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. CVE-2011-3957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3957): Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents. CVE-2011-3956 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3956): The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. CVE-2011-3955 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3955): Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction. CVE-2011-3954 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3954): Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. CVE-2011-3953 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3953): Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
