Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 348651 - <www-client/chromium-8.0.552.224: multiple vulnerabilities (CVE-2010-{4574,4575,4576,4578})
Summary: <www-client/chromium-8.0.552.224: multiple vulnerabilities (CVE-2010-{4574,45...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Keywords:
: 348279 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-12-13 20:57 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-09-11 00:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-12-13 20:57:56 UTC
See the release notes: http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html

Impact:

A remote attacker could entice a user to install a specially crafted extension
that would trigger an exploitable crash, leading to an execution of arbitrary
code, or Denial of Service.

A remote attacker could entice a user to visit a specially crafted web page
that would trigger one of the vulnerabilities, leading to an execution of
arbitrary code within the confines of the sandbox or a Denial of Service.

Arches, please stabilize =www-client/chromium-8.0.552.224 (sorry for two stabilizations in very short time).

I will bump chromium-bin soon (it doesn't need to be stabilized, all versions are ~arch).
Comment 1 Agostino Sarubbo gentoo-dev 2010-12-14 07:20:55 UTC
amd64 ok
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-12-14 08:15:32 UTC
*** Bug 348279 has been marked as a duplicate of this bug. ***
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2010-12-14 09:42:46 UTC
x86 stable
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-12-14 11:47:12 UTC
amd64 done. Thanks Agostino
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-12-14 14:51:58 UTC
chromium-bin is now ready. Security team, please proceed with the GLSA.

The target versions are:
=www-client/chromium-8.0.552.224
=www-client/chromium-bin-8.0.552.224
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2010-12-14 15:40:01 UTC
(In reply to comment #5)
> chromium-bin is now ready. Security team, please proceed with the GLSA.
> 

Thank you. GLSA with 325451 (and others).
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2010-12-18 00:07:06 UTC
GLSA 201012-01, thanks everyone.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:17:23 UTC
CVE-2010-4578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578):
  Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not
  properly perform cursor handling, which allows remote attackers to cause a
  denial of service or possibly have unspecified other impact via unknown
  vectors that lead to "stale pointers."

CVE-2010-4576 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4576):
  browser/worker_host/message_port_dispatcher.cc in Google Chrome before
  8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle
  certain postMessage calls, which allows remote attackers to cause a denial
  of service (NULL pointer dereference and application crash) via crafted
  JavaScript code that creates a web worker.

CVE-2010-4575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4575):
  The ThemeInstalledInfoBarDelegate::Observe function in
  browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome
  before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle
  incorrect tab interaction by an extension, which allows user-assisted remote
  attackers to cause a denial of service (application crash) via a crafted
  extension.

CVE-2010-4574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4574):
  The Pickle::Pickle function in base/pickle.cc in Google Chrome before
  8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does
  not properly perform pointer arithmetic, which allows remote attackers to
  bypass message deserialization validation, and cause a denial of service or
  possibly have unspecified other impact, via invalid pickle data.