<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201201-03"> <title>Chromium, V8: Multiple vulnerabilities</title> <synopsis>Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. </synopsis> <product type="ebuild">chromium v8</product> <announced>2012-01-08</announced> <revised count="1">2012-01-08</revised> <bug>394587</bug> <bug>397907</bug> <access>remote</access> <affected> <package name="www-client/chromium" auto="yes" arch="*"> <unaffected range="ge">16.0.912.75</unaffected> <vulnerable range="lt">16.0.912.75</vulnerable> </package> <package name="dev-lang/v8" auto="yes" arch="*"> <unaffected range="ge">3.6.6.11</unaffected> <vulnerable range="lt">3.6.6.11</vulnerable> </package> </affected> <background> <p>Chromium is an open source web browser project. V8 is Google's open source JavaScript engine. </p> </background> <description> <p>Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. </p> </description> <impact type="normal"> <p>A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. </p> <p>The attacker could also perform URL bar spoofing.</p> </impact> <workaround> <p>There is no known workaround at this time.</p> </workaround> <resolution> <p>All Chromium users should upgrade to the latest version:</p> <code> # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-16.0.912.75" </code> <p>All V8 users should upgrade to the latest version:</p> <code> # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.6.6.11" </code> </resolution> <references> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3903"> CVE-2011-3903 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3904"> CVE-2011-3904 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3906"> CVE-2011-3906 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3907"> CVE-2011-3907 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3908"> CVE-2011-3908 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3909"> CVE-2011-3909 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3910"> CVE-2011-3910 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3912"> CVE-2011-3912 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3913"> CVE-2011-3913 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3914"> CVE-2011-3914 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3917"> CVE-2011-3917 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921"> CVE-2011-3921 </uri> <uri link="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922"> CVE-2011-3922 </uri> <uri link="https://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"> Release Notes 16.0.912.63 </uri> <uri link="https://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html"> Release Notes 16.0.912.75 </uri> </references> <metadata timestamp="2011-12-13T18:43:14Z" tag="requester"> phajdan.jr </metadata> <metadata timestamp="2012-01-08T04:30:40Z" tag="submitter"> phajdan.jr </metadata> </glsa>