| Summary: | <www-client/chromium-17.0.963.79: Errant plug-in load and GPU process memory corruption (CVE-2011-3047) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ago, chromium |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Mike Gilbert
2012-03-11 03:48:33 UTC
Please stabilize =www-client/chromium-17.0.963.79. x86 stable amd64 stable. Wonder if we can get emerge or genlop to output the number of digits of pi I could have calculated in the time spent building this over the last week... And this version doesn't load *any* plug-ins. I'm not sure that's an improvement. Sorry, ignore that. Apparently, chrome left itself loaded and that caused the disagreement. When I figured that out, and couldn't find where the windows were, I pkilled it (a few times) to force a proper reload. Thanks, everyone. Already on a GLSA draft. CVE-2011-3047 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3047): The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism. This issue was resolved and addressed in GLSA 201203-19 at http://security.gentoo.org/glsa/glsa-201203-19.xml by GLSA coordinator Tim Sammut (underling). |
