Release notes: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html At this moment we have no CVE numbers for the vulnerabilities described here. Synopsis: Multiple vulnerabilities have been reported in Chromium, some of which may allow user-assisted execution of arbitrary code within the confines of the sandbox. Impact: A remote attacker could entice a user to visit a specially-crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code within confines of the sandbox, or a Denial of Service. I will update chromium-bin soon, we're not going to stabilize it (fully ~arch).
chromium-9.0.597.94 is in CVS now
(In reply to comment #1) > chromium-9.0.597.94 is in CVS now > Great, thank you. Arches, please test and mark stable: =www-client/chromium-9.0.597.94 Target keywords : "amd64 x86"
works for me on amd64
amd64 done. Thanks Agostino
x86 stable
Thanks, folks. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li).
CVE-2011-0985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0985): Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. CVE-2011-0984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0984): Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-0983 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0983): Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-0982 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0982): Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces. CVE-2011-0981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0981): Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."