Release notes: http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html Synopsis: A vulnerability has been reported in Chromium, that may allow user-assisted execution of arbitrary code. Impact: A remote attacker could entice a user to visit a specially-crafted web page that would trigger the vulnerability, leading to execution of arbitrary code, or a Denial of Service.
Arches, please test and mark stable =www-client/chromium-10.0.648.133 I apologize for one stabilization very shortly after another. There might be even more security updates for the 10.x branch soon, the .133 one is surprisingly small.
amd64 ok
x86 stable. Frequent updates are not your fault, Paweł.
amd64 done. Thanks Agostino
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li).
CVE-2011-1290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1290): Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
