Bug 368655

Summary:	<www-client/chromium-12.0.433.38: Multiple Vulnerabilities (CVE-2011-{2169,2170,2171})
Product:	Gentoo Security	Reporter:	Benedikt Böhm (RETIRED) <hollow>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	chromium
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html
Whiteboard:
Package list:		Runtime testing required:	---

Description Benedikt Böhm (RETIRED) gentoo-dev

2011-05-25 06:31:50 UTC

- Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.

- Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors.

- Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.

Comment 1 Benedikt Böhm (RETIRED) gentoo-dev

2011-05-25 06:33:07 UTC

uhm .. just noticed this is about Chrome OS, not Chrome itself. Should be checked anyway.

Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-05-25 06:52:08 UTC

We don't ship any of that code in Gentoo. Thank you for checking though, and feel free to ask me if you have more questions.