[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[TAF] wml://security/2011/dsa-2166.wml



<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>

<p>Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:</p>

<ul>

<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0777";>CVE-2011-0777</a>

  <p>Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors related to image loading</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0778";>CVE-2011-0778</a>

  <p>Google Chrome before 9.0.597.84 does not properly restrict drag and drop
  operations, which might allow remote attackers to bypass the Same Origin
  Policy via unspecified vectors</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0783";>CVE-2011-0783</a>

  <p>Unspecified vulnerability in Google Chrome before 9.0.597.84 allows
  user-assisted remote attackers to cause a denial of service
  (application crash) via vectors involving a "bad volume setting."</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0983";>CVE-2011-0983</a>

  <p>Google Chrome before 9.0.597.94 does not properly handle anonymous blocks,
  which allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to a "stale pointer."</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0981";>CVE-2011-0981</a>

  <p>Google Chrome before 9.0.597.94 does not properly perform event handling for
  animations, which allows remote attackers to cause a denial of service or 
  possibly have unspecified other impact via unknown vectors that lead to a
  "stale pointer."</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0984";>CVE-2011-0984</a>

  <p>Google Chrome before 9.0.597.94 does not properly handle plug-ins, which
  allows remote attackers to cause a denial of service (out-of-bounds read)
  via unspecified vectors</p></li>


<li><a href="http://security-tracker.debian.org/tracker/CVE-2011-0985";>CVE-2011-0985</a>

  <p>Google Chrome before 9.0.597.94 does not properly perform process termination
  upon memory exhaustion, which has unspecified impact and remote attack vectors.</p></li>

</ul>

<p>For the stable distribution (squeeze), these problems have been fixed
in version 6.0.472.63~r59945-5+squeeze2</p>

<p>For the testing distribution (wheezy), these problems will be fixed soon.</p>

<p>For the unstable distribution (sid), these problems have been fixed
in version 9.0.597.98~r74359-1</p>

<p>We recommend that you upgrade your chromium-browser packages.</p>

</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2166.data"
# $Id: dsa-2166.wml,v 1.1 2011-02-18 20:16:26 spaillard Exp $


Reply to: