See the release notes at http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html Some details: [48225] [51727] Medium Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno). [48857] High Crash with forms. Credit to the Chromium development community. [50428] Critical Browser crash with form autofill. Credit to the Chromium development community. [$500] [51680] High Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel. [53002] Low Pop-up block bypass. Credit to kuzzcc. [53985] Medium Crash on shutdown with Web Sockets. Credit to the Chromium development community. [Linux only] [54132] Low Bad construction of PATH variable. Credit to Dan Rosenberg, Virtual Security Research. [$500] [54500] High Possible memory corruption with animated GIF. Credit to Simon Schaak. [Linux only] [54794] High Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans). [56451] High Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team. You can read more about the severity ratings at http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines . I suggest to rate it B2 on the Gentoo scale. Arches, please test and stabilize. I've just committed to cvs a version with lower cups dependency. Please make sure you have a recent portage tree in case of cups-related problems.
the target is chromium-7.0.517.41-r1 ?
(In reply to comment #1) > the target is chromium-7.0.517.41-r1 ? No, the target is chromium-7.0.517.41. Sorry for the confusion.
amd64 done
stable x86
I'd imagine that this bug can be closed as it has both been marked stable and is not in tree anymore.
GLSA 201012-01, thanks everyone.
CVE-2010-4042 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042): Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements." CVE-2010-4041 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4041): The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. CVE-2010-4040 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4040): Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. CVE-2010-4039 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4039): Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors. CVE-2010-4038 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4038): The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2010-4037 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4037): Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors. CVE-2010-4036 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4036): Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. CVE-2010-4035 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4035): Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. CVE-2010-4034 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4034): Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. CVE-2010-4033 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4033): Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
