See the release notes at http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html Some details: [51602] High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar). [$1000] [55257] High Memory corruption with enormous text area. Credit to wushi of team509. [$1000] [58657] High Bad cast with the SVG use element. Credit to the kuzzcc. [$1000] [58731] High Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com). [$500] [58741] High Use-after-free in text control selections. Credit to “vkouchna”. [$1000] [Linux only] [59320] High Integer overflows in font handling. Credit to Aki Helin of OUSPG. [$1000] [60055] High Memory corruption in libvpx. Credit to Christoph Diehl. [$500] [60238] High Bad use of destroyed frame object. Credit to various developers, including “gundlach”. [$500] [60327] [60769] [61255] High Type confusions with event objects. Credit to “fam.lam” and Google Chrome Security Team (Inferno). [$1000] [60688] High Out-of-bounds array access in SVG handling. Credit to wushi of team509. You can read more about the severity ratings at http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines . I suggest to rate it B2 on the Gentoo scale. Arches, please test and stabilize =www-client/chromium-7.0.517.44
x86 stable
amd64 done
well also for me on amd64
GLSA 201012-01, thanks everyone.
CVE-2010-4205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4205): Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2010-4202 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4202): Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. CVE-2010-4201 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4201): Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections. CVE-2010-4199 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4199): Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.