FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

chromium -- multiple vulnerabilities

Affected packages
chromium < 21.0.1180.60

Details

VuXML ID ce84e136-e2f6-11e1-a8ca-00262d5ed8ee
Discovery 2012-07-31
Entry 2012-08-10

Google Chrome Releases reports:

[Linux only] [125225] Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes).

[127522] Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security.

[127525] Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security.

[128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG.

[130251] [130592] [130611] [131068] [131237] [131252] [131621] [131690] [132860] Medium CVE-2012-2850: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[132585] [132694] [132861] High CVE-2012-2851: Integer overflows in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[134028] High CVE-2012-2852: Use-after-free with bad object linkage in PDF. Credit to Alexey Samsonov of Google.

[134101] Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock.

[134519] Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community.

[134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to Arthur Gerkis.

[136894] High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Juri Aedla.

[Linux only] [137541] Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team.

[137671] Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva.

References

CVE Name CVE-2012-2846
CVE Name CVE-2012-2847
CVE Name CVE-2012-2848
CVE Name CVE-2012-2849
CVE Name CVE-2012-2850
CVE Name CVE-2012-2851
CVE Name CVE-2012-2852
CVE Name CVE-2012-2853
CVE Name CVE-2012-2854
CVE Name CVE-2012-2855
CVE Name CVE-2012-2856
CVE Name CVE-2012-2857
CVE Name CVE-2012-2858
CVE Name CVE-2012-2859
CVE Name CVE-2012-2860
URL http://googlechromereleases.blogspot.com/search/label/Stable%20updates