Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 409251

Summary: <www-client/chromium-17.0.963.83: Multiple vulnerabilities (CVE-2011-{3050,3051,3052,3053,3054,3055,3056,3057})
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2012-03-22 01:55:40 UTC 
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2012-03-22 01:57:34 UTC 
Please mark stable.

=www-client/chromium-17.0.963.83
Comment 2 Richard Freeman gentoo-dev 2012-03-22 13:12:21 UTC 
amd64 stable
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-03-22 21:18:59 UTC 
CVE-2011-3057 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3057):
  Google V8, as used in Google Chrome before 17.0.963.83, allows remote
  attackers to cause a denial of service via vectors that trigger an invalid
  read operation.

CVE-2011-3056 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3056):
  Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same
  Origin Policy via vectors involving a "magic iframe."

CVE-2011-3055 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3055):
  The browser native UI in Google Chrome before 17.0.963.83 does not require
  user confirmation before an unpacked extension installation, which allows
  user-assisted remote attackers to have an unspecified impact via a crafted
  extension.

CVE-2011-3054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3054):
  The WebUI privilege implementation in Google Chrome before 17.0.963.83 does
  not properly perform isolation, which allows remote attackers to bypass
  intended access restrictions via unspecified vectors.

CVE-2011-3053 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3053):
  Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to block splitting.

CVE-2011-3052 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3052):
  The WebGL implementation in Google Chrome before 17.0.963.83 does not
  properly handle CANVAS elements, which allows remote attackers to cause a
  denial of service (memory corruption) or possibly have unspecified other
  impact via unknown vectors.

CVE-2011-3051 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3051):
  Use-after-free vulnerability in the Cascading Style Sheets (CSS)
  implementation in Google Chrome before 17.0.963.83 allows remote attackers
  to cause a denial of service or possibly have unspecified other impact via
  vectors related to the cross-fade function.

CVE-2011-3050 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3050):
  Use-after-free vulnerability in the Cascading Style Sheets (CSS)
  implementation in Google Chrome before 17.0.963.83 allows remote attackers
  to cause a denial of service or possibly have unspecified other impact via
  vectors related to the :first-letter pseudo-element.
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-23 15:47:50 UTC 
x86 stable, GLSA draft is ready
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-03-25 16:08:04 UTC 
This issue was resolved and addressed in
 GLSA 201203-19 at http://security.gentoo.org/glsa/glsa-201203-19.xml
by GLSA coordinator Tim Sammut (underling).