[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2695-1] chromium-browser security update

On Sun, Jun 2, 2013 at 9:32 AM, Nick Boyce wrote:
> On Wednesday 29 May 2013 15:23:54 Michael Gilbert wrote:
>> or possibly have unspecified other impact via unknown vectors.
> I'm just wondering ... is that Google language for "or possibly allow remote
> code execution" ?
> The phrase occurs for many of the vulnerabilities listed in the advisory, and
> most browser release notices cure some bugs that may allow remote code
> execution ... but not one of the vulnerabilities listed in this one refers to
> rce.
> I'm wondering whether the phrasing of the descriptions of the CVEs listed in
> this advisory is Google's choice .....

That is the intentionally vague language of CVE (e.g.

The do that because there are an incredibly large number of issues per
year (getting close to 10,000/year now), and it is unfeasible to have
someone accurately study and write-up every one of them.

In terms of chromium, your best bet is simply to wait for the bugs to
become unembargoed (e.g.

Best wishes,

Reply to: