Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 341797

Summary: <www-client/chromium-7.0.517.41 multiple vulnerabilities (CVE-2010-{4033,4034,4035,4036,4037,4038,4039,4040,4041,4042})
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-19 19:26:39 UTC 
See the release notes at http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html

Some details:

[48225] [51727] Medium Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno).
 [48857] High Crash with forms. Credit to the Chromium development community.
[50428] Critical Browser crash with form autofill. Credit to the Chromium development community.
[$500] [51680] High Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel.
 [53002] Low Pop-up block bypass. Credit to kuzzcc.
 [53985] Medium Crash on shutdown with Web Sockets. Credit to the Chromium development community.
[Linux only] [54132] Low Bad construction of PATH variable. Credit to Dan Rosenberg, Virtual Security Research.
[$500] [54500] High Possible memory corruption with animated GIF. Credit to Simon Schaak.
 [Linux only] [54794] High Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans).
 [56451] High Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team.

You can read more about the severity ratings at
http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines . I
suggest to rate it B2 on the Gentoo scale.

Arches, please test and stabilize. I've just committed to cvs a version with lower cups dependency. Please make sure you have a recent portage tree in case of cups-related problems.
Comment 1 Markos Chandras (RETIRED) gentoo-dev 2010-10-19 21:01:54 UTC 
the target is chromium-7.0.517.41-r1 ?
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-20 04:36:19 UTC 
(In reply to comment #1)
> the target is chromium-7.0.517.41-r1 ?

No, the target is chromium-7.0.517.41. Sorry for the confusion.
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2010-10-20 09:14:03 UTC 
amd64 done
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2010-10-20 10:31:34 UTC 
stable x86
Comment 5 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2010-11-16 15:25:25 UTC 
I'd imagine that this bug can be closed as it has both been marked stable and is not in tree anymore.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2010-12-18 00:06:55 UTC 
GLSA 201012-01, thanks everyone.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:03:26 UTC 
CVE-2010-4042 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042):
  Google Chrome before 7.0.517.41 does not properly handle element maps, which
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors related to "stale elements."

CVE-2010-4041 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4041):
  The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does
  not properly constrain worker processes, which might allow remote attackers
  to bypass intended access restrictions via unspecified vectors.

CVE-2010-4040 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4040):
  Google Chrome before 7.0.517.41 does not properly handle animated GIF
  images, which allows remote attackers to cause a denial of service (memory
  corruption) or possibly have unspecified other impact via a crafted image.

CVE-2010-4039 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4039):
  Google Chrome before 7.0.517.41 on Linux does not properly set the PATH
  environment variable, which has unspecified impact and attack vectors.

CVE-2010-4038 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4038):
  The Web Sockets implementation in Google Chrome before 7.0.517.41 does not
  properly handle a shutdown action, which allows remote attackers to cause a
  denial of service (application crash) via unspecified vectors.

CVE-2010-4037 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4037):
  Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote
  attackers to bypass the pop-up blocker via unknown vectors.

CVE-2010-4036 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4036):
  Google Chrome before 7.0.517.41 does not properly handle the unloading of a
  page, which allows remote attackers to spoof URLs via unspecified vectors.

CVE-2010-4035 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4035):
  Google Chrome before 7.0.517.41 does not properly perform autofill
  operations for forms, which allows remote attackers to cause a denial of
  service (application crash) or possibly have unspecified other impact via a
  crafted HTML document.

CVE-2010-4034 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4034):
  Google Chrome before 7.0.517.41 does not properly handle forms, which allows
  remote attackers to cause a denial of service (application crash) or
  possibly have unspecified other impact via a crafted HTML document.

CVE-2010-4033 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4033):
  Google Chrome before 7.0.517.41 does not properly implement the autofill and
  autocomplete functionality, which allows remote attackers to conduct
  "profile spamming" attacks via unspecified vectors.