Release notes: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html
At this moment we have no CVE numbers for the vulnerabilities described here.
Multiple vulnerabilities have been reported in Chromium, some of which may
allow user-assisted execution of arbitrary code.
A remote attacker could trick a user to perform a set of UI actions or install
a malicious extension that trigger a crash, leading to Denial of Service.
It was also possible for an attacker to entice a user to visit a
specially-crafted web page that would trigger one of the vulnerabilities,
leading to execution of arbitrary code, Denial of Service, and violation of same-origin policy.
Arches, please apply the following for =www-client/chromium-9.0.597.84:
KEYWORDS="amd64 ~arm x86"
You'll probably need to stabilize chromium-tools. Please use chromium-tools-0.1.6 then.
I will update chromium-bin soon, we're not going to stabilize it (fully ~arch).
also pulled in:
@chromium: we proceed right?
@python: you have problem to stabilize this package?
(In reply to comment #1)
> also pulled in:
Please use chromium-tools-0.1.6 as indicated in the initial report.
(In reply to comment #1)
> @python: you have problem to stabilize this package?
Please request stabilization in a separate bug.
I've bumped chromium-bin, now we only need to stabilize/keyword chromium.
ok also on my x86 hardened
stable x86/amd64, thanks Ago, with ok from hwoarang for amd64
05 Feb 2011; Markus Meier <email@example.com> chromium-9.0.597.84.ebuild:
add ~arm, bug #350648
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to
execute arbitrary code via vectors related to audio.
Unspecified vulnerability in Google Chrome before 9.0.597.84 allows
user-assisted remote attackers to cause a denial of service (application
crash) via vectors involving a "bad volume setting."
Google Chrome before 9.0.597.84 does not properly handle autofill profile
merging, which has unspecified impact and remote attack vectors.
Google Chrome before 9.0.597.84 does not properly handle a missing key in an
extension, which allows remote attackers to cause a denial of service
(application crash) via a crafted extension.
Google Chrome before 9.0.597.84 does not properly restrict drag and drop
operations, which might allow remote attackers to bypass the Same Origin
Policy via unspecified vectors.
Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to image loading.