Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 351525

Summary: <www-client/chromium-8.0.552.237: multiple vulnerabilities (CVE-2011-{0470,0471,0473,0474,0477,0478,0479,0482,0483,0484,0485})
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-13 10:20:17 UTC 
Release notes: http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html

At this moment we have no CVE numbers for the vulnerabilities described here.

Synopsis:

Multiple vulnerabilities have been reported in Chromium, some of which may allow user-assisted execution of arbitrary code.

Impact:

A remote attacker could trick a user to perform a set of UI actions or install a malicious extension that trigger a possibly exploitable crash, leading to execution of arbitrary code or a Denial of Service.

It was also possible for an attacker to entice a user to visit a specially-crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code within the confines of the sandbox or a Denial of Service.

Arches, please test and stabilize www-client/chromium-8.0.552.237.

I will update chromium-bin soon, we're not going to stabilize it (fully ~arch).
Comment 1 Markos Chandras (RETIRED) gentoo-dev 2011-01-13 13:05:25 UTC 
amd64 done
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-14 07:58:10 UTC 
chromium-bin done
Comment 3 David Abbott (RETIRED) gentoo-dev 2011-01-15 02:43:46 UTC 
Tested on x86, all good here.
Comment 4 Markus Meier gentoo-dev 2011-01-15 17:10:51 UTC 
x86 stable, thanks David, all arches done
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-01-17 17:10:47 UTC 
Thanks folks, GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:01:31 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:31 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:19:23 UTC 
CVE-2011-0485 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0485):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly handle speech data, which allows remote attackers to execute
  arbitrary code via unspecified vectors that lead to a "stale pointer."

CVE-2011-0484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0484):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly perform DOM node removal, which allows remote attackers to cause a
  denial of service or possibly have unspecified other impact via unknown
  vectors that lead to a "stale rendering node."

CVE-2011-0483 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0483):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly perform a cast of an unspecified variable during handling of video,
  which allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors.

CVE-2011-0482 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly perform a cast of an unspecified variable during handling of
  anchors, which allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via a crafted HTML document.

CVE-2011-0479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0479):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly interact with extensions, which allows remote attackers to cause a
  denial of service via a crafted extension that triggers an uninitialized
  pointer.

CVE-2011-0478 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0478):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly handle SVG use elements, which allows remote attackers to cause a
  denial of service or possibly have unspecified other impact via unknown
  vectors that lead to a "stale pointer."

CVE-2011-0477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0477):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly handle a mismatch in video frame sizes, which allows remote
  attackers to cause a denial of service (incorrect memory access) or possibly
  have unspecified other impact via unknown vectors.

CVE-2011-0474 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0474):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly handle Cascading Style Sheets (CSS) token sequences in conjunction
  with cursors, which allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors that lead to a
  "stale pointer."

CVE-2011-0473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0473):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly handle Cascading Style Sheets (CSS) token sequences in conjunction
  with CANVAS elements, which allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via unknown vectors that
  lead to a "stale pointer."

CVE-2011-0471 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0471):
  The node-iteration implementation in Google Chrome before 8.0.552.237 and
  Chrome OS before 8.0.552.344 does not properly handle pointers, which allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via unknown vectors.

CVE-2011-0470 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0470):
  Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not
  properly handle extensions notification, which allows remote attackers to
  cause a denial of service (application crash) via unspecified vectors.