Please update to 27.0.1453.110
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned | ||
Quantal |
Fix Released
|
High
|
Unassigned | ||
Raring |
Fix Released
|
High
|
Unassigned | ||
Saucy |
Fix Released
|
High
|
Unassigned |
Bug Description
And again a new stable release with lots of security fixes: http://
Here are the CVEs:
CVE-2013-2837: Use-after-free in SVG.
CVE-2013-2838: Out-of-bounds read in v8.
CVE-2013-2839: Bad cast in clipboard handling.
CVE-2013-2840: Use-after-free in media loader.
CVE-2013-2841: Use-after-free in Pepper resource handling.
CVE-2013-2842: Use-after-free in widget handling.
CVE-2013-2843: Use-after-free in speech handling.
CVE-2013-2844: Use-after-free in style resolution.
CVE-2013-2845: Memory safety issues in Web Audio.
CVE-2013-2846: Use-after-free in media loader.
CVE-2013-2847: Use-after-free race condition with workers.
CVE-2013-2848: Possible data extraction with XSS Auditor.
CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
Please update and keep current. Thanks.
information type: | Private Security → Public Security |
Changed in chromium-browser (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → High |
Changed in chromium-browser (Ubuntu Raring): | |
status: | New → Fix Released |
Changed in chromium-browser (Ubuntu Quantal): | |
status: | New → Fix Released |
Changed in chromium-browser (Ubuntu Raring): | |
importance: | Undecided → High |
Changed in chromium-browser (Ubuntu Quantal): | |
importance: | Undecided → High |
Changed in chromium-browser (Ubuntu Precise): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in chromium-browser (Ubuntu Saucy): | |
status: | Triaged → Fix Released |
Crikey!
I'm using a dev ppa and am only on Version 27.0.1453.6 Ubuntu
Regards,
Phill.
On 22 May 2013 21:20, ilf <email address hidden> wrote:
> *** This bug is a security vulnerability *** googlechromerel eases.blogspot. de/2013/ 05/stable- channel- www.cve. mitre.org/ cgi- cgi?name= 2013-2837 www.cve. mitre.org/ cgi- cgi?name= 2013-2838 www.cve. mitre.org/ cgi- cgi?name= 2013-2839 www.cve. mitre.org/ cgi- cgi?name= 2013-2840 www.cve. mitre.org/ cgi- cgi?name= 2013-2841 www.cve. mitre.org/ cgi- cgi?name= 2013-2842 www.cve. mitre.org/ cgi- cgi?name= 2013-2843 www.cve. mitre.org/ cgi- cgi?name= 2013-2844 www.cve. mitre.org/ cgi- cgi?name= 2013-2847 www.cve. mitre.org/ cgi- cgi?name= 2013-2848 www.cve. mitre.org/ cgi- cgi?name= 2013-2845 www.cve. mitre.org/ cgi- cgi?name= 2013-2846 www.cve. mitre.org/ cgi- cgi?name= 2013-2849 /bugs.launchpad .net/bugs/ 1183086 googlechromerel eases.blogspot. de/2013/ 05/stable- channel-
>
> Public security bug reported:
>
> And again a new stable release with lots of security fixes:
> http://
> release.html
>
> Here are the CVEs:
>
> CVE-2013-2837: Use-after-free in SVG.
> CVE-2013-2838: Out-of-bounds read in v8.
> CVE-2013-2839: Bad cast in clipboard handling.
> CVE-2013-2840: Use-after-free in media loader.
> CVE-2013-2841: Use-after-free in Pepper resource handling.
> CVE-2013-2842: Use-after-free in widget handling.
> CVE-2013-2843: Use-after-free in speech handling.
> CVE-2013-2844: Use-after-free in style resolution.
> CVE-2013-2845: Memory safety issues in Web Audio.
> CVE-2013-2846: Use-after-free in media loader.
> CVE-2013-2847: Use-after-free race condition with workers.
> CVE-2013-2848: Possible data extraction with XSS Auditor.
> CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
>
> Please update and keep current. Thanks.
>
> ** Affects: chromium-browser (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Information type changed from Private Security to Public Security
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> ** CVE added: http://
> bin/cvename.
>
> --
> You received this bug notification because you are a member of Lubuntu
> Packages Team, which is subscribed to chromium-browser in Ubuntu.
> https:/
>
> Title:
> Please update to 27.0.1453.93
>
> Status in “chromium-browser” package in Ubuntu:
> New
>
> Bug description:
> And again a new stable release with lots of security fixes:
> http://
> release.html
>
> Here are the CVEs:
>
> CVE-2013-2837: Use-after-free in SVG.
> CVE-2013-2838: Out-of-bounds read in v8.
> CVE-2013-2839: Bad cast in clipboard handling.
> CVE-2013-2840: Use-after-free in media loader.
> CVE-2013-2841: Use-after-free in Pepper resource handling.
> CVE-2013-2842: Use-after-free in widget handling.
> CVE-2013-2843: Use-after-free in speech handling....