Chromium: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201012-01 / chromium
||December 17, 2010
||December 17, 2010: 01
All supported architectures
#325451, #326717, #330003, #333559, #335750, #338204, #341797, #344201, #347625, #348651
Multiple vulnerabilities have been reported in Chromium, some of which may
allow user-assisted execution of arbitrary code.
Chromium is an open-source web browser project.
Multiple vulnerabilities were found in Chromium. For further
information please consult the release notes referenced below.
A remote attacker could trick a user to perform a set of UI actions
that trigger a possibly exploitable crash, leading to execution of
arbitrary code or a Denial of Service.
It was also possible for an attacker to entice a user to visit a
specially-crafted web page that would trigger one of the
vulnerabilities, leading to execution of arbitrary code within the
confines of the sandbox, successful Cross-Site Scripting attacks,
violation of the same-origin policy, successful website spoofing
attacks, information leak, or a Denial of Service. An attacker could
also trick a user to perform a set of UI actions that might result in a
successful website spoofing attack.
Multiple bugs in the sandbox could result in a sandbox escape.
Multiple UI bugs could lead to information leak and successful website
There is no known workaround at this time.
All Chromium users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-8.0.552.224"