Release notes: http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html
Please stabilize: =dev-lang/v8-3.9.24.21 =www-client/chromium-19.0.1084.46
x86 stable
New stabilization targets: =dev-lang/v8-3.9.24.21 =www-client/chromium-19.0.1084.46-r1
Adding amd64. Currently blocked by icu-49.
Since 19.0.1084.46-r1 is stable on x86, I'd say to move the target to r1 I will stabilize r1 for amd64 too
amd64 stable
Removed old and vulnerable version. Pawel, go ahead with the glsa.
(In reply to comment #7) > Pawel, go ahead with the glsa. GLSA draft is ready for review.
CVE-2011-3101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101): Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. CVE-2011-3100 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3100): Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3096 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3096): Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox. CVE-2011-3095 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3095): The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. CVE-2011-3094 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3094): Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3093 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3093): Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3092 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3092): The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors. CVE-2011-3091 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3091): Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-3090 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3090): Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes. CVE-2011-3089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3089): Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables. CVE-2011-3088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3088): Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3087): Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors. CVE-2011-3086 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3086): Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element. CVE-2011-3085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3085): The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values. CVE-2011-3084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3084): Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. CVE-2011-3083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3083): browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
This issue was resolved and addressed in GLSA 201205-03 at http://security.gentoo.org/glsa/glsa-201205-03.xml by GLSA coordinator Tim Sammut (underling).