Comment 1 for bug 1183086

Crikey!

I'm using a dev ppa and am only on Version 27.0.1453.6 Ubuntu

Regards,

Phill.

On 22 May 2013 21:20, ilf <email address hidden> wrote:

> *** This bug is a security vulnerability ***
>
> Public security bug reported:
>
> And again a new stable release with lots of security fixes:
> http://googlechromereleases.blogspot.de/2013/05/stable-channel-
> release.html
>
> Here are the CVEs:
>
> CVE-2013-2837: Use-after-free in SVG.
> CVE-2013-2838: Out-of-bounds read in v8.
> CVE-2013-2839: Bad cast in clipboard handling.
> CVE-2013-2840: Use-after-free in media loader.
> CVE-2013-2841: Use-after-free in Pepper resource handling.
> CVE-2013-2842: Use-after-free in widget handling.
> CVE-2013-2843: Use-after-free in speech handling.
> CVE-2013-2844: Use-after-free in style resolution.
> CVE-2013-2845: Memory safety issues in Web Audio.
> CVE-2013-2846: Use-after-free in media loader.
> CVE-2013-2847: Use-after-free race condition with workers.
> CVE-2013-2848: Possible data extraction with XSS Auditor.
> CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
>
> Please update and keep current. Thanks.
>
> ** Affects: chromium-browser (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Information type changed from Private Security to Public Security
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2837
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2838
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2839
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2840
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2841
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2842
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2843
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2844
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2847
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2848
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2845
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2846
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2013-2849
>
> --
> You received this bug notification because you are a member of Lubuntu
> Packages Team, which is subscribed to chromium-browser in Ubuntu.
> https://bugs.launchpad.net/bugs/1183086
>
> Title:
> Please update to 27.0.1453.93
>
> Status in “chromium-browser” package in Ubuntu:
> New
>
> Bug description:
> And again a new stable release with lots of security fixes:
> http://googlechromereleases.blogspot.de/2013/05/stable-channel-
> release.html
>
> Here are the CVEs:
>
> CVE-2013-2837: Use-after-free in SVG.
> CVE-2013-2838: Out-of-bounds read in v8.
> CVE-2013-2839: Bad cast in clipboard handling.
> CVE-2013-2840: Use-after-free in media loader.
> CVE-2013-2841: Use-after-free in Pepper resource handling.
> CVE-2013-2842: Use-after-free in widget handling.
> CVE-2013-2843: Use-after-free in speech handling.
> CVE-2013-2844: Use-after-free in style resolution.
> CVE-2013-2845: Memory safety issues in Web Audio.
> CVE-2013-2846: Use-after-free in media loader.
> CVE-2013-2847: Use-after-free race condition with workers.
> CVE-2013-2848: Possible data extraction with XSS Auditor.
> CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
>
> Please update and keep current. Thanks.
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1183086/+subscriptions
>

--
https://wiki.ubuntu.com/phillw