Ubuntu
chromium-browser package

Please update to 25.0.1364.160

Bug #1132568 reported by André Klitzing
268
This bug affects 3 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
High
Chad Miller
Lucid
Fix Released
High
Chad Miller
Oneiric
Fix Released
High
Chad Miller
Precise
Fix Released
High
Chad Miller
Quantal
Fix Released
High
Chad Miller
Raring
Fix Released
High
Chad Miller

Bug Description

Please update chromium-browser 25.0.1364.97 [1]. v25 fixes several new security issues.

[1]http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html

See original description
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Ubuntu has a delta which we must maintain for now, so we can't sync it. I updated the bug accordingly.

information type: Private Security → Public Security
summary: - Sync v25 and update security repository
+ Please update to 25.0.1364.97
description: updated
Changed in chromium-browser (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Oneiric):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Precise):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Quantal):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Raring):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Revision history for this message
ilf (ilf) wrote : Re: Please update to 25.0.1364.97

When will syncing be possible again?

Here are the CVE references:

CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
CVE-2013-0885: Too many API permissions granted to web store.
CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.

Revision history for this message
ilf (ilf) wrote : Re: Please update to 25.0.1364.152

And another release: http://googlechromereleases.blogspot.de/2013/03/stable-channel-update_4.html

The new CVEs:

    [$1000] [176882] High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva.
    [$1000] [176252] High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to “chromium.khalil”.
    [$2000] [172926] [172331] High CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG.
    [$1000] [168982] High CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG.
    [174895] High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla).
    [174150] Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community.
    [174059] Medium CVE-2013-0908: Incorrect handling of bindings for extension processes.
    [173906] Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov.
    [172573] Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans).
    [172264] High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla).

summary: - Please update to 25.0.1364.97
+ Please update to 25.0.1364.152
Revision history for this message
André Klitzing (misery) wrote :

Another update with a new security issue....
http://googlechromereleases.blogspot.de/2013/03/stable-channel-update_7.html ---> CVE-2013-0912

summary: - Please update to 25.0.1364.152
+ Please update to 25.0.1364.160
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Packages for Lucid - Quantal are in https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages

Changed in chromium-browser (Ubuntu Raring):
status: Triaged → Fix Released
Changed in chromium-browser (Ubuntu Lucid):
status: Triaged → Fix Committed
Changed in chromium-browser (Ubuntu Oneiric):
status: Triaged → Fix Committed
Changed in chromium-browser (Ubuntu Precise):
status: Triaged → Fix Committed
Changed in chromium-browser (Ubuntu Quantal):
status: Triaged → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Lucid - Quantal has been released: https://launchpad.net/ubuntu/+source/chromium-browser

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in chromium-browser (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in chromium-browser (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in chromium-browser (Ubuntu Quantal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.