FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

chromium -- multiple vulnerabilities

Affected packages
chromium < 17.0.963.83

Details

VuXML ID 330106da-7406-11e1-a1d7-00262d5ed8ee
Discovery 2012-03-21
Entry 2012-03-22

Google Chrome Releases reports:

[113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.

[116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.

[116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.

[116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.

[116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.

[117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.

[117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.

[117550] High CVE-2011-3056: Cross-origin violation with "magic iframe". Credit to Sergey Glazunov.

[117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

[108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach. Fixed in an earlier release.

References

CVE Name CVE-2011-3045
CVE Name CVE-2011-3049
CVE Name CVE-2011-3050
CVE Name CVE-2011-3051
CVE Name CVE-2011-3052
CVE Name CVE-2011-3053
CVE Name CVE-2011-3054
CVE Name CVE-2011-3055
CVE Name CVE-2011-3056
CVE Name CVE-2011-3057
URL http://googlechromereleases.blogspot.com/search/label/Stable%20updates