This bug was fixed in the package chromium-browser - 10.0.648.127~r76697-0ubuntu0.10.04.1

---------------
chromium-browser (10.0.648.127~r76697-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream major release from the Stable Channel (LP: #731520)
    It includes:
    - New version of V8 - Crankshaft - which greatly improves javascript
      performance
    - New settings pages that open in a tab, rather than a dialog box
    - Improved security with malware reporting and disabling outdated plugins
      by default
    - Password sync as part of Chrome Sync now enabled by default
    - GPU Accelerated Video
    - Background WebApps
    - webNavigation extension API
    This release also fixes the following security issues:
    + Webkit bugs:
      - [42574] [42765] Low, Possible to navigate or close the top location in
        a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
      - [69628] High, Memory corruption with counter nodes. Credit to Martin
        Barbella.
      - [70027] High, Stale node in box layout. Credit to Martin Barbella.
      - [70336] Medium, Cross-origin error message leak with workers. Credit to
        Daniel Divricean.
      - [70442] High, Use after free with DOM URL handling. Credit to Sergey
        Glazunov.
      - [70779] Medium, Out of bounds read handling unicode ranges. Credit to
        miaubiz.
      - [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
        Silva.
      - [71763] High, Use-after-free in document script lifetime handling.
        Credit to miaubiz.
      - [72028] High, Stale pointer in table painting. Credit to Martin
        Barbella.
      - [73066] High, Crash with the DataView object. Credit to Sergey
        Glazunov.
      - [73134] High, Bad cast in text rendering. Credit to miaubiz.
      - [73196] High, Stale pointer in WebKit context code. Credit to Sergey
        Glazunov.
      - [73746] High, Stale pointer with SVG cursors. Credit to Sergey
        Glazunov.
      - [74030] High, DOM tree corruption with attribute handling. Credit to
        Sergey Glazunov.
    + Chromium bugs:
      - [49747] Low, Work around an X server bug and crash with long messages.
        Credit to Louis Lang.
      - [66962] Low, Possible browser crash with parallel print()s. Credit to
        Aki Helin of OUSPG.
      - [69187] Medium, Cross-origin error message leak. Credit to Daniel
        Divricean.
      - [70877] High, Same origin policy bypass in v8. Credit to Daniel
        Divricean.
    + v8:
      - [74662] High, Corruption via re-entrancy of RegExp code. Credit to
        Christian Holler.
      - [74675] High, Invalid memory access in v8. Credit to Christian Holler.
    + ffmpeg:
      - [71788] High, Out-of-bounds write in the OGG container. Credit to
        Google Chrome Security Team (SkyLined); plus subsequent independent
        discovery by David Weston of Microsoft and MSVR.
      - [73026] High, Use of corrupt out-of-bounds structure in video code.
        Credit to Tavis Ormandy of the Google Security Team.
    + libxslt:
      - [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
        Security Team (Chris Evans).
  Packaging changes:
  * Promote Uyghur to the list of supported translations
    - update debian/rules
    - update debian/control
  * Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
    on maverick and natty
    - update debian/rules
  * Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
    - update debian/rules
  * Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
    - update debian/control
  * Fix the Webkit version in about:version (the build system expects the svn
    or git directories to be available at build time)
    - add debian/patches/webkit_rev_parser.patch
    - update debian/patches/series
  * Bump build-depends on libvpx-dev to >= 0.9.5
    - update debian/control
 -- Fabien Tassin <email address hidden>   Tue, 08 Mar 2011 17:19:58 +0100